Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack this analysis: Random popups


  • This topic is locked This topic is locked
11 replies to this topic

#1 ICBM

ICBM

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 06 December 2008 - 08:47 PM

Hi,
Recently, we have noticed that one of our computers have been exhibiting behavior of adware infestation. We use firefox, but we would frequently get internet explorer pop ups.

This is the hijack this logfile, if any one can give us pointers on how to fix this problem it would be great.


THanks :D


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:35:32 PM, on 12/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\XFyPDkts.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-18\..\Run: [Cognac] C:\WINDOWS\TEMP\22.tmp.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Cognac] C:\WINDOWS\TEMP\22.tmp.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O4 - S-1-5-18 Startup: HotSync Manager.lnk = D:\Palm\HOTSYNC.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: HotSync Manager.lnk = D:\Palm\HOTSYNC.EXE (User 'Default user')
O4 - Startup: HotSync Manager.lnk = D:\Palm\HOTSYNC.EXE
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 6474 bytes

BC AdBot (Login to Remove)

 


#2 The Gorilla

The Gorilla

  • Members
  • 766 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Part of a breeding programme in a conservation zoo
  • Local time:04:27 PM

Posted 07 December 2008 - 02:51 PM

Hi ICBM , Welcome to Bleeping Computer Forums!

I am The Gorilla, and will be helping you with this log

It may assist you to save this page as a favourite for easy recall in the future.

Can I draw your attention to the following:
I will be handling your log and helping you, please do not make any system changes yet.
The process is not instant. Please continue to review my answers until I tell you that your computer is clean. Be patience, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself.
These fixes are specific to your problem and should only be used for this issue on this machine.
If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
Please reply to this thread. Do not start a new topic.
Please give me some time to look over your log and I will get back to you as soon as possible. There may be a short delay in replying to you as all my posts to your need to be checked over by a HJT Expert.



Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself.

#3 The Gorilla

The Gorilla

  • Members
  • 766 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Part of a breeding programme in a conservation zoo
  • Local time:04:27 PM

Posted 07 December 2008 - 03:43 PM

Hi :thumbsup:

Once again welcome to Bleeping Computer :)

It may assist you to either copy this post to notepad and or print it out for reference. Please complete each step in the sequence shown, if at any stage you are unsure please ask.

Right, let's get started.

Step#1
It is not recommended that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add or remove in the control panel and remove either Symantec or Yahoo!\Antivirus.

They are both good programs.... so the decision is yours.( but one of them has to go)


Step#2
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Step#3
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Finally,well for this post, please post back the following;
  • Which Anti Viral product you uninstalled
  • The two logs that random/randomprogramme produced
  • The Kaspersky log
:)

#4 ICBM

ICBM
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 08 December 2008 - 01:27 AM

Thanks for such a quick response, your help is very much appreciated.


I followed your instructions and uninstalled Symantec Norton Antivirus.

Afterwards, I ran the scans as you have said

Here are the scan logs:

Random Scan:

INFO.txt




info.txt logfile of random's system information tool 1.04 2008-12-07 14:38:30

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
ACDSee 32-->C:\PROGRA~1\ACDSee32\UNWISE.EXE C:\PROGRA~1\ACDSee32\INSTALL.LOG
Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Panorama Maker 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x9
ArcSoft PhotoImpression 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}\Setup.exe" -l0x9
AT&T Yahoo! Applications-->C:\PROGRA~1\Yahoo!\Common\uninstall.exe
AxCrypt (Remove Only)-->"C:\Program Files\Axon Data\AxCrypt\AxCryptU.exe"
Blender (remove only)-->"C:\Program Files\Blender Foundation\Blender\uninstall.exe"
Cheat Engine 5.3-->"C:\Program Files\Cheat Engine\unins000.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Documents To Go-->MsiExec.exe /X{4E7E8E6A-15F1-4E26-9352-26AD235131E9}
Eclipse-->MsiExec.exe /I{6273EC85-A3C4-4E66-8ABB-A9A0E30CFD1A}
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
GTK+ Runtime 2.12.1 rev a (remove only)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe
Gus Verdun's RX-Plugin-->C:\Program Files\Gus Verdun\uninstallrxplugin.exe
HashCalc 2.02-->"C:\Program Files\HashCalc\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Information Center-->"C:\Program Files\Video Add-on\icun.exe"
ĶųŅ×µēŹÓ(ĶųŅ×TV)°²×°°ü 1.0.8.0-->C:\Program Files\Netease\neteasetv\uninst.exe
iTunes-->MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java DB 10.2.2.0-->MsiExec.exe /X{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ SE Development Kit 6 Update 2-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160020}
Launchy 2.0-->"C:\Program Files\Launchy\unins000.exe"
Lexmark Skin: Helix-->C:\PROGRA~1\LEXMAR~2\Skin1\UNWISE.EXE C:\PROGRA~1\LEXMAR~2\Skin1\INSTALL.LOG
Lexmark X74-X75-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBBUN5C.EXE -dLexmark X74-X75
LivePix 2.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\LivePix 2.0\Uninst.isu"
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
MGI PhotoSuite 8.1 (Remove Only)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MGI\PhotoSuite 8.1\Uninst.isu"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nikon Message Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x9 UNINSTALL
NJStar Chinese Word Processor-->"C:\Program Files\NJStar Chinese WP\Remove.exe" /U:"C:\Program Files\NJStar Chinese WP\Remove.log"
NJStar Communicator-->C:\Program Files\NJStar Communicator\uninst.exe
NTI CD-Maker 2000 Plus-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NewTech Infosystems\NTI CD-Maker 2000 Plus\Uninst.isu"
Pack Vista Inspirat 2 1.0-->C:\WINDOWS\BricoPacks\Vista Inspirat 2\Remove.exe
Palm Desktop-->MsiExec.exe /X{99529516-4696-483A-A235-5D340A2B35EF}
PDF Split & Merge 1.02-->"C:\Program Files\PDF Split & Merge\unins000.exe"
PictureProject In Touch Downloader 1.0-->C:\Program Files\PictureProject In Touch Downloader\uninst.exe
PictureProject-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x9 UNINSTALL
Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe
Pocket RAR documentation-->C:\Program Files\PocketRAR\uninstall.exe
PrimoPDF-->"C:\WINDOWS\PrimoPDF4\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstallPrimoPDF4.xml"
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Revo Uninstaller 1.75-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Roguescanfix 1.5-->"C:\Program Files\Roguescanfix\unins000.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SiS 900 PCI Fast Ethernet Adapter Driver-->C:\Progra~1\SiSLan\Uninst.exe
SiS VGA Utilities-->Rundll32 SiSInst.dll,Uninstall VGA,R
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TextPad 5-->MsiExec.exe /X{B6EC7388-E277-4A5B-8C8F-71067A41BA64}
TurboTax Home & Business 2007-->C:\Program Files\TurboTax\Home & Business 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Home & Business 2007\Uninstall.log" -NoGui
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6f-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Warkeys 1.7.0.0b-->C:\Program Files\Warkeys\uninst.exe
Windows Internet Explorer 8 Beta 2-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WordWeb-->C:\Program Files\WordWeb\uninst.exe

======Environment variables======

"CLASSPATH"=.;C:\Documents and Settings\Jason\Desktop\quiz.jar.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Java\jdk1.6.0_02\bin;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem";C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0801
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------






LOG.txt



Logfile of random's system information tool 1.04 (written by random/random)
Run by Jerry at 2008-12-07 14:38:05
Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (34%) free of 39 GB
Total RAM: 1007 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:38:19 PM, on 12/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\XFyPDkts.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jerry.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [isDeleteMe] "C:\WINDOWS\system32\cmd.exe" /c "C:\DOCUME~1\JERRY~2.JV-\LOCALS~1\Temp\isDel.bat"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-18\..\Run: [Cognac] C:\WINDOWS\TEMP\22.tmp.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Cognac] C:\WINDOWS\TEMP\22.tmp.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O4 - S-1-5-18 Startup: HotSync Manager.lnk = D:\Palm\HOTSYNC.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: HotSync Manager.lnk = D:\Palm\HOTSYNC.EXE (User 'Default user')
O4 - Startup: HotSync Manager.lnk = D:\Palm\HOTSYNC.EXE
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

--
End of file - 5460 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-09-16 69632]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-04-28 185896]
"YOP"=C:\PROGRA~1\Yahoo!\YOP\yop.exe [2007-10-26 509224]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-01-31 385024]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe []
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []
"Lexmark X74-X75"=C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe [2002-06-24 57344]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]
"CAVRID"=C:\Program Files\Yahoo!\Antivirus\CAVRID.exe []
"CaAvTray"=C:\Program Files\Yahoo!\Antivirus\CAVTray.exe []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"isDeleteMe"=C:\WINDOWS\system32\cmd.exe [2008-04-13 389120]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020 []
"Aim6"= []

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
Dataviz Messenger.lnk - C:\WINDOWS\DvzCommon\DvzMsgr.exe
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe

C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Start Menu\Programs\Startup
HotSync Manager.lnk - D:\Palm\HOTSYNC.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\Eclipse\eclipse.exe"="C:\Program Files\Eclipse\eclipse.exe:*:Enabled:eclipse"
"C:\Program Files\Pidgin\pidgin.exe"="C:\Program Files\Pidgin\pidgin.exe:*:Enabled:Pidgin"
"C:\Program Files\Microsoft Games\Halo Trial\halo.exe"="C:\Program Files\Microsoft Games\Halo Trial\halo.exe:*:Enabled:Halo"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Warcraft III\Frozen Throne.exe"="C:\Program Files\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne"
"C:\ijji\ENGLISH\Gunz\Gunz.exe"="C:\ijji\ENGLISH\Gunz\Gunz.exe:*:Disabled:Gunz"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"E:\Tax07\TurboTax Home & Business 2007\32bit\ttax.exe"="E:\Tax07\TurboTax Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"E:\Tax07\TurboTax Home & Business 2007\32bit\updatemgr.exe"="E:\Tax07\TurboTax Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Netease\neteasetv\MediaCenter.exe"="C:\Program Files\Netease\neteasetv\MediaCenter.exe:*:Enabled:MediaCenter"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2008-12-07 14:38:05 ----D---- C:\rsit
2008-12-07 14:20:49 ----D---- C:\Program Files\VS Revo Group
2008-12-07 14:19:21 ----D---- C:\Program Files\Common Files\Download Manager
2008-12-07 09:35:04 ----A---- C:\WINDOWS\difxapi.dll
2008-12-07 09:35:03 ----A---- C:\WINDOWS\InstFunc.exe
2008-12-07 09:35:03 ----A---- C:\WINDOWS\InstFunc.dll
2008-12-07 09:15:29 ----HDC---- C:\WINDOWS\ie8
2008-12-06 17:35:18 ----D---- C:\Program Files\Trend Micro
2008-11-16 08:23:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-16 08:22:51 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-16 08:22:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-11-15 14:56:51 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-11-15 14:55:42 ----D---- C:\WINDOWS\Prefetch
2008-11-15 08:35:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-15 08:35:01 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-15 08:34:41 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-15 08:34:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-15 08:33:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-15 08:33:32 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-15 08:33:11 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-15 08:32:43 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-11-15 08:32:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-15 08:32:03 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-15 08:31:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-15 08:31:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-15 08:31:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-15 08:30:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-11-15 08:30:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-15 08:29:54 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-15 08:29:34 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-15 08:29:08 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-11-15 08:28:47 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-15 08:28:27 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-15 08:19:56 ----D---- C:\WINDOWS\system32\scripting
2008-11-15 08:19:52 ----D---- C:\WINDOWS\l2schemas
2008-11-15 08:19:50 ----D---- C:\WINDOWS\system32\en
2008-11-15 08:19:49 ----D---- C:\WINDOWS\system32\bits
2008-11-11 23:25:47 ----A---- C:\WINDOWS\system32\MRT.INI
2008-11-11 23:22:56 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2008-11-11 23:22:33 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$

======List of files/folders modified in the last 1 months======

2008-12-07 14:32:54 ----D---- C:\WINDOWS
2008-12-07 14:32:54 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-07 14:31:53 ----RD---- C:\Program Files
2008-12-07 14:31:51 ----SHD---- C:\Config.Msi
2008-12-07 14:31:49 ----SHD---- C:\WINDOWS\Installer
2008-12-07 14:31:01 ----D---- C:\WINDOWS\system32\drivers
2008-12-07 14:31:01 ----D---- C:\WINDOWS\system32
2008-12-07 14:30:54 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
2008-12-07 14:30:41 ----D---- C:\Program Files\Common Files
2008-12-07 14:24:20 ----SD---- C:\WINDOWS\Tasks
2008-12-07 14:22:37 ----D---- C:\WINDOWS\TEMP
2008-12-07 14:19:41 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-07 12:10:03 ----D---- C:\Program Files\Mozilla Firefox
2008-12-07 12:04:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-07 09:36:34 ----HD---- C:\WINDOWS\inf
2008-12-07 09:36:34 ----D---- C:\Program Files\Internet Explorer
2008-12-07 09:36:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-07 09:36:33 ----D---- C:\WINDOWS\Help
2008-12-07 09:36:32 ----D---- C:\Program Files\Microsoft Silverlight
2008-12-07 09:34:54 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-07 09:16:10 ----D---- C:\WINDOWS\WBEM
2008-12-07 09:16:10 ----D---- C:\WINDOWS\system32\en-US
2008-12-07 09:16:02 ----D---- C:\WINDOWS\Media
2008-12-07 08:48:56 ----A---- C:\WINDOWS\SYSTEM.INI
2008-12-07 08:35:55 ----RSD---- C:\WINDOWS\Fonts
2008-12-06 22:45:07 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-05 20:22:36 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-05 20:10:15 ----ASH---- C:\boot.ini
2008-12-05 20:10:15 ----A---- C:\WINDOWS\win.ini
2008-12-05 20:10:13 ----D---- C:\WINDOWS\pss
2008-11-30 21:39:59 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-25 00:24:36 ----D---- C:\Program Files\Warcraft III
2008-11-23 10:09:51 ----D---- C:\Program Files\DivX
2008-11-16 08:23:18 ----A---- C:\WINDOWS\imsins.BAK
2008-11-16 07:59:09 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-15 14:57:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-15 14:54:46 ----A---- C:\WINDOWS\setuplog.txt
2008-11-15 14:53:36 ----D---- C:\WINDOWS\system32\Setup
2008-11-15 14:53:36 ----D---- C:\WINDOWS\AppPatch
2008-11-15 14:53:35 ----D---- C:\WINDOWS\system32\wbem
2008-11-15 08:34:01 ----D---- C:\WINDOWS\security
2008-11-15 08:28:49 ----D---- C:\Program Files\Messenger
2008-11-15 08:21:31 ----D---- C:\WINDOWS\WinSxS
2008-11-15 08:21:16 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-15 08:20:47 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-15 08:20:46 ----D---- C:\WINDOWS\network diagnostic
2008-11-15 08:20:46 ----D---- C:\WINDOWS\ime
2008-11-15 08:20:00 ----D---- C:\WINDOWS\system32\usmt
2008-11-15 08:19:49 ----D---- C:\WINDOWS\peernet
2008-11-15 08:19:48 ----D---- C:\Program Files\Movie Maker
2008-11-15 08:05:16 ----D---- C:\WINDOWS\system32\Restore
2008-11-15 08:05:15 ----D---- C:\WINDOWS\system32\npp
2008-11-15 08:05:10 ----D---- C:\WINDOWS\msagent
2008-11-15 08:05:05 ----D---- C:\WINDOWS\srchasst
2008-11-15 08:04:57 ----D---- C:\Program Files\NetMeeting
2008-11-15 08:04:51 ----D---- C:\WINDOWS\system32\Com
2008-11-15 08:04:45 ----D---- C:\Program Files\Windows Media Player
2008-11-15 08:04:43 ----D---- C:\Program Files\Windows NT
2008-11-15 08:04:43 ----D---- C:\Program Files\Outlook Express
2008-11-15 08:04:33 ----D---- C:\Program Files\Common Files\System
2008-11-15 08:03:40 ----D---- C:\WINDOWS\system32\oobe
2008-11-15 08:03:37 ----D---- C:\WINDOWS\system
2008-11-15 07:56:38 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-15 07:47:50 ----D---- C:\WINDOWS\EHome

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2008-09-22 19072]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-09-21 2278784]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2008-09-22 323584]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2002-07-10 32256]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R4 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS []
S3 catchme;catchme; \??\C:\DOCUME~1\Jason\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\System32\DRIVERS\hamachi.sys [2007-07-22 26056]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-05-09 41888]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2003-10-14 16509]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-05-09 14112]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-05-09 1276832]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2002-06-24 303104]
R2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2007-10-29 587096]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-11-27 72704]
S3 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
S4 YPCService;YPCService; C:\WINDOWS\system32\YPCSER~1.EXE [2003-05-19 86016]

-----------------EOF-----------------






Kaspersky Scanner






Sunday, December 7, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, December 07, 2008 21:23:18
Records in database: 1442867
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
Scan statistics
Files scanned 114985
Threat name 8
Infected objects 17
Suspicious objects 0
Duration of the scan 05:33:08

File name Threat name Threats count
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2E760288.tmp Infected: Virus.Win32.Parite.a 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\36076E41.tmp Infected: Virus.Win32.Parite.a 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\360B183E.tmp Infected: Virus.Win32.Parite.a 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\360E423A.tmp Infected: Virus.Win32.Parite.a 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\36116C36.tmp Infected: Virus.Win32.Parite.a 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\36141633.sys Infected: Trojan-Downloader.Win32.Small.czl 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\36141633.tmp Infected: Virus.Win32.Parite.a 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\39800A70.DLL Infected: Trojan-GameThief.Win32.OnLineGames.qh 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3A063E87.tmp Infected: Virus.Win32.Parite.a 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3A2911B5.dll Infected: Trojan-GameThief.Win32.Nilage.afk 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3A575D83.DAT Infected: Trojan-Spy.Win32.Delf.pg 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3A575D83.SYS Infected: Trojan-Spy.Win32.Delf.pg 1
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\743E6088.tmp Infected: Virus.Win32.Parite.a 1
C:\Program Files\Warkeys\WarKeys.exe Infected: Trojan-Spy.Win32.Agent.byk 1
C:\WINDOWS\system32\XFyPDkts.exe Infected: Trojan-Downloader.Win32.Agent.akuq 1
C:\WINDOWS\TEMP\22.tmp Infected: Trojan.Win32.Pakes.lso 1
C:\WINDOWS\TEMP\22.tmp.exe Infected: Trojan.Win32.Pakes.lso 1
The selected area was scanned.



Thanks

#5 The Gorilla

The Gorilla

  • Members
  • 766 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Part of a breeding programme in a conservation zoo
  • Local time:04:27 PM

Posted 08 December 2008 - 04:10 PM

Hi :thumbsup:

Thank you for posting the requested logs and informing me which anti viral product you removed. You will see from the Kaspersky log that a few files are showing as infected, don't worry about them for the moment as the majority of them were caught and dealt with via Symantec.

Step#1
in the last post I had you uninstall one of your anti viral products, you removed Symantec. It appears that the current installed one is not protecting you properly there fore I suggest you install one of the following free versions;
AVG 8 Free
AntiVira Free
Avast free


Step#2
Despite removing Symantec products there are a number of left overs remaining.

Please follow the instructions for Symantec removal here

Step#3
Your log(s) are showing that you are/have used so called peer-to-peer or file-sharing programmes (in your case Limewire & uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

Step#4
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Step#5
Please download OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Processes
   explorer.exe
   
   :files
   C:\WINDOWS\system32\XFyPDkts.exe
   C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine
   
   :commands
   [EmptyTemp]
   [start explorer]
   [Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

IF YOU MACHINE DOES NOT AUTOMATICALLY REBOOT, PLEASE DO SO

Step#6
Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\Program Files\Video Add-on\icun.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal

Step#7
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, please post the contents of the resultant log.txt
Step#8
Did you install the following programme?;

Cheat Engine 5.3

Research has led me to a number of crack and warz sites in relation to this file.


Finally,well for this post, please post back the following;
  • If you used the Symantec removal tool - I will clear out any remains later
  • If you are a user of p2p - there are some remains in your logs and I will remove them next round.
  • The log produced by Malwarebytes
  • The log Produced by OTMoveIt3
  • Result from either Jotti or Virustotal
  • A new rsit log
  • How your computer is running
:)

#6 ICBM

ICBM
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 09 December 2008 - 02:36 AM

One note: Jotti did not complete, because we could not find the
C:\Program Files\Video Add-on\icun.exe file.

We did not have a Video Add-on folder in our Program Files folder.



So far, our computer seems to be doing a lot better. No more popups are appearing for now. Hopefully the change is permanent.

Starting up is still slow, but I am not sure if this is due to malware.

Thanks for you help

Here are the logs of the scans we ran:
Logs:




Malwarebytes' Anti-Malware 1.31
Database version: 1476
Windows 5.1.2600 Service Pack 3

12/8/2008 10:58:10 PM
mbam-log-2008-12-08 (22-58-10).txt

Scan type: Quick Scan
Objects scanned: 82880
Time elapsed: 55 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{efaf6ea3-615d-4f83-8748-2f7a576fcea6} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{23b760d6-c98b-450b-9b32-26c7775cdf83} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{efaf6ea3-615d-4f83-8748-2f7a576fcea6} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Online Add-on (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\XFyPDkts.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\ijjistarter2FxB.exe (Trojan.Agent) -> Quarantined and deleted successfully.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

========== PROCESSES ==========
Process explorer.exe killed successfully.
Unable to kill process: :files
Unable to kill process: C:\WINDOWS\system32\XFyPDkts.exe
Unable to kill process: C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine
Unable to kill process: :commands
Unable to kill process: [EmptyTemp]
Unable to kill process: [start explorer]
Unable to kill process: [Reboot]

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12082008_230132
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Logfile of random's system information tool 1.04 (written by random/random)
Run by Jerry at 2008-12-08 23:25:45
Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (34%) free of 39 GB
Total RAM: 1007 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:04 PM, on 12/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jerry.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-18\..\Run: [Cognac] C:\WINDOWS\TEMP\22.tmp.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Cognac] C:\WINDOWS\TEMP\22.tmp.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O4 - S-1-5-18 Startup: HotSync Manager.lnk = D:\Palm\HOTSYNC.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: HotSync Manager.lnk = D:\Palm\HOTSYNC.EXE (User 'Default user')
O4 - Startup: HotSync Manager.lnk = D:\Palm\HOTSYNC.EXE
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 5704 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-08 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-08 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-08 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-09-16 69632]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-04-28 185896]
"YOP"=C:\PROGRA~1\Yahoo!\YOP\yop.exe [2007-10-26 509224]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-01-31 385024]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe []
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []
"Lexmark X74-X75"=C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe [2002-06-24 57344]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]
"CAVRID"=C:\Program Files\Yahoo!\Antivirus\CAVRID.exe []
"CaAvTray"=C:\Program Files\Yahoo!\Antivirus\CAVTray.exe []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-08 1261336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020 []
"Aim6"= []

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
Dataviz Messenger.lnk - C:\WINDOWS\DvzCommon\DvzMsgr.exe
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe

C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Start Menu\Programs\Startup
HotSync Manager.lnk - D:\Palm\HOTSYNC.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\Eclipse\eclipse.exe"="C:\Program Files\Eclipse\eclipse.exe:*:Enabled:eclipse"
"C:\Program Files\Pidgin\pidgin.exe"="C:\Program Files\Pidgin\pidgin.exe:*:Enabled:Pidgin"
"C:\Program Files\Microsoft Games\Halo Trial\halo.exe"="C:\Program Files\Microsoft Games\Halo Trial\halo.exe:*:Enabled:Halo"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Warcraft III\Frozen Throne.exe"="C:\Program Files\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne"
"C:\ijji\ENGLISH\Gunz\Gunz.exe"="C:\ijji\ENGLISH\Gunz\Gunz.exe:*:Disabled:Gunz"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"E:\Tax07\TurboTax Home & Business 2007\32bit\ttax.exe"="E:\Tax07\TurboTax Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"E:\Tax07\TurboTax Home & Business 2007\32bit\updatemgr.exe"="E:\Tax07\TurboTax Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Netease\neteasetv\MediaCenter.exe"="C:\Program Files\Netease\neteasetv\MediaCenter.exe:*:Enabled:MediaCenter"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2008-12-08 21:42:45 ----HD---- C:\$AVG8.VAULT$
2008-12-08 21:36:39 ----D---- C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Application Data\Malwarebytes
2008-12-08 21:36:32 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-12-08 21:36:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-08 21:26:47 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-08 21:26:41 ----D---- C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Application Data\AVGTOOLBAR
2008-12-08 21:26:30 ----D---- C:\Program Files\AVG
2008-12-08 21:26:30 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-12-08 21:23:55 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\NortonInstaller
2008-12-07 14:38:05 ----D---- C:\rsit
2008-12-07 14:20:49 ----D---- C:\Program Files\VS Revo Group
2008-12-07 14:19:21 ----D---- C:\Program Files\Common Files\Download Manager
2008-12-07 09:35:04 ----A---- C:\WINDOWS\difxapi.dll
2008-12-07 09:35:03 ----A---- C:\WINDOWS\InstFunc.exe
2008-12-07 09:35:03 ----A---- C:\WINDOWS\InstFunc.dll
2008-12-07 09:15:29 ----HDC---- C:\WINDOWS\ie8
2008-12-06 17:35:18 ----D---- C:\Program Files\Trend Micro
2008-11-16 08:23:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-16 08:22:51 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-16 08:22:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-11-15 14:56:51 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-11-15 14:55:42 ----D---- C:\WINDOWS\Prefetch
2008-11-15 08:35:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-15 08:35:01 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-15 08:34:41 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-15 08:34:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-15 08:33:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-15 08:33:32 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-15 08:33:11 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-15 08:32:43 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-11-15 08:32:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-15 08:32:03 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-15 08:31:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-15 08:31:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-15 08:31:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-15 08:30:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-11-15 08:30:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-15 08:29:54 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-15 08:29:34 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-15 08:29:08 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-11-15 08:28:47 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-15 08:28:27 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-15 08:19:56 ----D---- C:\WINDOWS\system32\scripting
2008-11-15 08:19:52 ----D---- C:\WINDOWS\l2schemas
2008-11-15 08:19:50 ----D---- C:\WINDOWS\system32\en
2008-11-15 08:19:49 ----D---- C:\WINDOWS\system32\bits
2008-11-11 23:25:47 ----A---- C:\WINDOWS\system32\MRT.INI
2008-11-11 23:22:56 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2008-11-11 23:22:33 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$

======List of files/folders modified in the last 1 months======

2008-12-08 23:26:04 ----D---- C:\WINDOWS\TEMP
2008-12-08 23:12:35 ----D---- C:\Program Files\Mozilla Firefox
2008-12-08 23:08:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-08 21:46:39 ----D---- C:\WINDOWS\system32
2008-12-08 21:36:35 ----D---- C:\WINDOWS\system32\drivers
2008-12-08 21:36:31 ----RD---- C:\Program Files
2008-12-08 21:26:23 ----SHD---- C:\WINDOWS\Installer
2008-12-08 21:26:23 ----SHD---- C:\Config.Msi
2008-12-08 21:26:23 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-08 21:25:16 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-08 21:11:31 ----SD---- C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Application Data\Microsoft
2008-12-08 21:11:30 ----D---- C:\WINDOWS
2008-12-07 22:32:27 ----HD---- C:\WINDOWS\inf
2008-12-07 22:32:25 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-07 14:30:41 ----D---- C:\Program Files\Common Files
2008-12-07 14:24:20 ----SD---- C:\WINDOWS\Tasks
2008-12-07 14:19:41 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-07 09:36:34 ----D---- C:\Program Files\Internet Explorer
2008-12-07 09:36:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-07 09:36:33 ----D---- C:\WINDOWS\Help
2008-12-07 09:36:32 ----D---- C:\Program Files\Microsoft Silverlight
2008-12-07 09:34:54 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-07 09:16:10 ----D---- C:\WINDOWS\WBEM
2008-12-07 09:16:10 ----D---- C:\WINDOWS\system32\en-US
2008-12-07 09:16:02 ----D---- C:\WINDOWS\Media
2008-12-07 08:48:56 ----A---- C:\WINDOWS\SYSTEM.INI
2008-12-07 08:35:55 ----RSD---- C:\WINDOWS\Fonts
2008-12-06 22:45:07 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-05 20:22:36 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-05 20:10:15 ----ASH---- C:\boot.ini
2008-12-05 20:10:15 ----A---- C:\WINDOWS\win.ini
2008-12-05 20:10:13 ----D---- C:\WINDOWS\pss
2008-11-25 00:24:36 ----D---- C:\Program Files\Warcraft III
2008-11-23 10:09:51 ----D---- C:\Program Files\DivX
2008-11-16 08:23:18 ----A---- C:\WINDOWS\imsins.BAK
2008-11-16 07:59:09 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-15 14:57:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-15 14:54:46 ----A---- C:\WINDOWS\setuplog.txt
2008-11-15 14:53:36 ----D---- C:\WINDOWS\system32\Setup
2008-11-15 14:53:36 ----D---- C:\WINDOWS\AppPatch
2008-11-15 14:53:35 ----D---- C:\WINDOWS\system32\wbem
2008-11-15 08:34:01 ----D---- C:\WINDOWS\security
2008-11-15 08:28:49 ----D---- C:\Program Files\Messenger
2008-11-15 08:21:31 ----D---- C:\WINDOWS\WinSxS
2008-11-15 08:21:16 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-15 08:20:47 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-15 08:20:46 ----D---- C:\WINDOWS\network diagnostic
2008-11-15 08:20:46 ----D---- C:\WINDOWS\ime
2008-11-15 08:20:00 ----D---- C:\WINDOWS\system32\usmt
2008-11-15 08:19:49 ----D---- C:\WINDOWS\peernet
2008-11-15 08:19:48 ----D---- C:\Program Files\Movie Maker
2008-11-15 08:05:16 ----D---- C:\WINDOWS\system32\Restore
2008-11-15 08:05:15 ----D---- C:\WINDOWS\system32\npp
2008-11-15 08:05:10 ----D---- C:\WINDOWS\msagent
2008-11-15 08:05:05 ----D---- C:\WINDOWS\srchasst
2008-11-15 08:04:57 ----D---- C:\Program Files\NetMeeting
2008-11-15 08:04:51 ----D---- C:\WINDOWS\system32\Com
2008-11-15 08:04:45 ----D---- C:\Program Files\Windows Media Player
2008-11-15 08:04:43 ----D---- C:\Program Files\Windows NT
2008-11-15 08:04:43 ----D---- C:\Program Files\Outlook Express
2008-11-15 08:04:33 ----D---- C:\Program Files\Common Files\System
2008-11-15 08:03:40 ----D---- C:\WINDOWS\system32\oobe
2008-11-15 08:03:37 ----D---- C:\WINDOWS\system
2008-11-15 07:56:38 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-15 07:47:50 ----D---- C:\WINDOWS\EHome

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-08 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-08 26824]
R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2008-09-22 19072]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-12-08 76040]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-09-21 2278784]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2008-09-22 323584]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2002-07-10 32256]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 catchme;catchme; \??\C:\DOCUME~1\Jason\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\System32\DRIVERS\hamachi.sys [2007-07-22 26056]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-05-09 41888]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2003-10-14 16509]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-05-09 14112]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-05-09 1276832]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-08 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-08 231704]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2002-06-24 303104]
S3 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2007-10-29 587096]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-11-27 72704]
S3 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 YPCService;YPCService; C:\WINDOWS\system32\YPCSER~1.EXE [2003-05-19 86016]

-----------------EOF-----------------

#7 The Gorilla

The Gorilla

  • Members
  • 766 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Part of a breeding programme in a conservation zoo
  • Local time:04:27 PM

Posted 09 December 2008 - 01:50 PM

Hi:)

Well part of that last fix worked well and we are making progress. I am glad to here that your machine is a little more stable;

As before, please follow these steps in the order they are given. It may assist to either print this post out or save it to Notepad for reference.

Step#1
The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Go HERE and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
For detailed instruction on how to back-up registry via ERUNT, please visit HERE


Step#2
Using OTMoveIt3;
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Processes
 explorer.exe
 
 :files
 C:\Program Files\Video Add-on\icun.exe
 C:\WINDOWS\tasks\At1.job
 C:\WINDOWS\tasks\At10.job
 C:\WINDOWS\tasks\At11.job
 C:\WINDOWS\tasks\At12.job
 C:\WINDOWS\tasks\At13.job
 C:\WINDOWS\tasks\At14.job
 C:\WINDOWS\tasks\At15.job
 C:\WINDOWS\tasks\At16.job
 C:\WINDOWS\tasks\At17.job
 C:\WINDOWS\tasks\At18.job
 C:\WINDOWS\tasks\At19.job
 C:\WINDOWS\tasks\At2.job
 C:\WINDOWS\tasks\At20.job
 C:\WINDOWS\tasks\At21.job
 C:\WINDOWS\tasks\At22.job
 C:\WINDOWS\tasks\At23.job
 C:\WINDOWS\tasks\At24.job
 C:\WINDOWS\tasks\At3.job
 C:\WINDOWS\tasks\At4.job
 C:\WINDOWS\tasks\At5.job
 C:\WINDOWS\tasks\At6.job
 C:\WINDOWS\tasks\At7.job
 C:\WINDOWS\tasks\At8.job
 C:\WINDOWS\tasks\At9.job
 C:\Documents and Settings\All Users.WINDOWS\Application Data\NortonInstaller
 C:\Program Files\Common Files\Symantec Shared
 
 :reg
 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
 "C:\Program Files\uTorrent\uTorrent.exe"=-
 "C:\Program Files\LimeWire\LimeWire.exe"=-
 
 :commands
 [EmptyTemp]
 [start explorer]
 [Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

IMPORTANT< IF YOU MACHINE DOES NOT REBOOT PLEASE DO SO BEFORE PROCEEDING


Step#3
*****Optional Fixes****
The following step will reduce the number of Start up programmes. This will not stop the programmes from working but from starting at boot up. You can always re enable these start up items by entering the options section of the relevant programmes.

You can bypass this step if you want to.

Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:


O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe (User 'Default user')
O4 - S-1-5-18 Startup: HotSync Manager.lnk = D:\Palm\HOTSYNC.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: HotSync Manager.lnk = D:\Palm\HOTSYNC.EXE (User 'Default user')
O4 - Startup: HotSync Manager.lnk = D:\Palm\HOTSYNC.EXE
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe



Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis and reboot your machine.


Step#4
Please go to Eset Onlinescan (NOD32)
(You need to use InternetExplorer or enable IEView in Firefox)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
    The Onlinescan will now start and scan your pc (please let it run to completion)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
    The Scan results will now open in Notepad
  • Click into the text area, right-click and chose "select all"
  • Right-click again and chose "copy"
  • Close Notepad
Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

Include this log in your reply by right-clicking and "paste" in the text area of the reply post you just created.


Step#5
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE)6 Update 11...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-Language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe
  • Follow the on screen instructions to install the latest Java version.

Step#6
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, please post the resultant log.txt

Finally,for this post, please provide the following;
  • The OTMoveIt3 log
  • If you undertook the optional fixes
  • The Eset log
  • If you updated Java
  • A fresh rsit log
:thumbsup:

#8 ICBM

ICBM
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 13 December 2008 - 12:11 AM

I understood the instructions for reducing the number of start up programs, and I also used msconfig to clear out a few other extraneous startups. I also updated the java runtime environment for this computer, and it should now be running on the latest jre.

Here are the logs, once again thanks for helping :D



OTMoveIt3 log


========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\Program Files\Video Add-on\icun.exe not found.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\NortonInstaller\Settings moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\NortonInstaller\Logs\12-8-2008-21h23m55s moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\NortonInstaller\Logs moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\NortonInstaller moved successfully.
C:\Program Files\Common Files\Symantec Shared\CCPD-LC moved successfully.
C:\Program Files\Common Files\Symantec Shared moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\uTorrent\uTorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\LimeWire\LimeWire.exe deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\JERRY~2.JV-\LOCALS~1\Temp\etilqs_7uboozIWlOxDBSz1eNa5 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Local Settings\Application Data\Mozilla\Firefox\Profiles\cr3u3vbf.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Local Settings\Application Data\Mozilla\Firefox\Profiles\cr3u3vbf.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Local Settings\Application Data\Mozilla\Firefox\Profiles\cr3u3vbf.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Local Settings\Application Data\Mozilla\Firefox\Profiles\cr3u3vbf.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Local Settings\Application Data\Mozilla\Firefox\Profiles\cr3u3vbf.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Local Settings\Application Data\Mozilla\Firefox\Profiles\cr3u3vbf.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12092008_220815

Files moved on Reboot...
File C:\DOCUME~1\JERRY~2.JV-\LOCALS~1\Temp\etilqs_7uboozIWlOxDBSz1eNa5 not found!
C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Local Settings\Application Data\Mozilla\Firefox\Profiles\cr3u3vbf.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Local Settings\Application Data\Mozilla\Firefox\Profiles\cr3u3vbf.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Local Settings\Application Data\Mozilla\Firefox\Profiles\cr3u3vbf.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Local Settings\Application Data\Mozilla\Firefox\Profiles\cr3u3vbf.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Local Settings\Application Data\Mozilla\Firefox\Profiles\cr3u3vbf.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Local Settings\Application Data\Mozilla\Firefox\Profiles\cr3u3vbf.default\XUL.mfl moved successfully.









ESET Log

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\Program Files\Video Add-on\icun.exe not found.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\NortonInstaller\Settings moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\NortonInstaller\Logs\12-8-2008-21h23m55s moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\NortonInstaller\Logs moved successfully.
C:\Documents and Settings\All Users.WINDOWS\Application Data\NortonInstaller moved successfully.
C:\Program Files\Common Files\Symantec Shared\CCPD-LC moved successfully.
C:\Program Files\Common Files\Symantec Shared moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\uTorrent\uTorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\LimeWire\LimeWire.exe deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\JERRY~2.JV-\LOCALS~1\Temp\etilqs_7uboozIWlOxDBSz1eNa5 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Local Settings\Application Data\Mozilla\Firefox\Profiles\cr3u3vbf.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Local Settings\Application Data\Mozilla\Firefox\Profiles\cr3u3vbf.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Local Settings\Application Data\Mozilla\Firefox\Profiles\cr3u3vbf.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Local Settings\Application Data\Mozilla\Firefox\Profiles\cr3u3vbf.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Local Settings\Application Data\Mozilla\Firefox\Profiles\cr3u3vbf.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Local Settings\Application Data\Mozilla\Firefox\Profiles\cr3u3vbf.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12092008_220815

Files moved on Reboot...
File C:\DOCUME~1\JERRY~2.JV-\LOCALS~1\Temp\etilqs_7uboozIWlOxDBSz1eNa5 not found!
C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Local Settings\Application Data\Mozilla\Firefox\Profiles\cr3u3vbf.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Local Settings\Application Data\Mozilla\Firefox\Profiles\cr3u3vbf.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Local Settings\Application Data\Mozilla\Firefox\Profiles\cr3u3vbf.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Local Settings\Application Data\Mozilla\Firefox\Profiles\cr3u3vbf.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Local Settings\Application Data\Mozilla\Firefox\Profiles\cr3u3vbf.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Local Settings\Application Data\Mozilla\Firefox\Profiles\cr3u3vbf.default\XUL.mfl moved successfully.












Fresh RSIT log

Logfile of random's system information tool 1.04 (written by random/random)
Run by Jerry at 2008-12-12 21:04:48
Microsoft Windows XP Professional Service Pack 3
System drive C: has 14 GB (36%) free of 39 GB
Total RAM: 1007 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:05:05 PM, on 12/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jerry.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Cognac] C:\WINDOWS\TEMP\22.tmp.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Cognac] C:\WINDOWS\TEMP\22.tmp.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 4760 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-08 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-08 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-08 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-08 1261336]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 169984]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-10 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X74-X75]
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe [2002-06-24 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-04-28 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
C:\PROGRA~1\Yahoo!\YOP\yop.exe [2007-10-26 509224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Dataviz Messenger.lnk]
C:\WINDOWS\DVZCOM~1\DvzMsgr.exe [2003-07-01 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Launchy.lnk]
C:\PROGRA~1\Launchy\Launchy.exe [2007-12-18 274432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jerry.JV-YGF9H2DG396G^Start Menu^Programs^Startup^HotSync Manager.lnk]
D:\Palm\HOTSYNC.EXE [2003-10-14 299008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\Eclipse\eclipse.exe"="C:\Program Files\Eclipse\eclipse.exe:*:Enabled:eclipse"
"C:\Program Files\Pidgin\pidgin.exe"="C:\Program Files\Pidgin\pidgin.exe:*:Enabled:Pidgin"
"C:\Program Files\Microsoft Games\Halo Trial\halo.exe"="C:\Program Files\Microsoft Games\Halo Trial\halo.exe:*:Enabled:Halo"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Warcraft III\Frozen Throne.exe"="C:\Program Files\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne"
"C:\ijji\ENGLISH\Gunz\Gunz.exe"="C:\ijji\ENGLISH\Gunz\Gunz.exe:*:Disabled:Gunz"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"E:\Tax07\TurboTax Home & Business 2007\32bit\ttax.exe"="E:\Tax07\TurboTax Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"E:\Tax07\TurboTax Home & Business 2007\32bit\updatemgr.exe"="E:\Tax07\TurboTax Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Netease\neteasetv\MediaCenter.exe"="C:\Program Files\Netease\neteasetv\MediaCenter.exe:*:Enabled:MediaCenter"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2008-12-12 20:52:21 ----D---- C:\WINDOWS\LastGood
2008-12-10 07:31:10 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-10 07:31:10 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-10 07:31:10 ----A---- C:\WINDOWS\system32\java.exe
2008-12-10 07:31:10 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-09 22:24:39 ----D---- C:\Program Files\EsetOnlineScanner
2008-12-09 22:05:32 ----D---- C:\Program Files\ERUNT
2008-12-08 21:42:45 ----HD---- C:\$AVG8.VAULT$
2008-12-08 21:36:39 ----D---- C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Application Data\Malwarebytes
2008-12-08 21:36:32 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-12-08 21:36:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-08 21:26:47 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-08 21:26:41 ----D---- C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Application Data\AVGTOOLBAR
2008-12-08 21:26:30 ----D---- C:\Program Files\AVG
2008-12-08 21:26:30 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-12-07 14:38:05 ----D---- C:\rsit
2008-12-07 14:20:49 ----D---- C:\Program Files\VS Revo Group
2008-12-07 14:19:21 ----D---- C:\Program Files\Common Files\Download Manager
2008-12-07 09:35:04 ----A---- C:\WINDOWS\difxapi.dll
2008-12-07 09:35:03 ----A---- C:\WINDOWS\InstFunc.exe
2008-12-07 09:35:03 ----A---- C:\WINDOWS\InstFunc.dll
2008-12-07 09:15:29 ----HDC---- C:\WINDOWS\ie8
2008-12-06 17:35:18 ----D---- C:\Program Files\Trend Micro
2008-11-16 08:23:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-16 08:22:51 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-16 08:22:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-11-15 14:56:51 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-11-15 14:55:42 ----D---- C:\WINDOWS\Prefetch
2008-11-15 08:35:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-15 08:35:01 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-15 08:34:41 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-15 08:34:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-15 08:33:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-15 08:33:32 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-15 08:33:11 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-15 08:32:43 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-11-15 08:32:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-15 08:32:03 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-15 08:31:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-15 08:31:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-15 08:31:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-15 08:30:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-11-15 08:30:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-15 08:29:54 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-15 08:29:34 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-15 08:29:08 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-11-15 08:28:47 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-15 08:28:27 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-15 08:19:56 ----D---- C:\WINDOWS\system32\scripting
2008-11-15 08:19:52 ----D---- C:\WINDOWS\l2schemas
2008-11-15 08:19:50 ----D---- C:\WINDOWS\system32\en
2008-11-15 08:19:49 ----D---- C:\WINDOWS\system32\bits

======List of files/folders modified in the last 1 months======

2008-12-12 21:05:05 ----D---- C:\WINDOWS\TEMP
2008-12-12 21:02:06 ----D---- C:\Program Files\Mozilla Firefox
2008-12-12 21:01:56 ----ASH---- C:\boot.ini
2008-12-12 21:01:56 ----A---- C:\WINDOWS\win.ini
2008-12-12 21:01:56 ----A---- C:\WINDOWS\SYSTEM.INI
2008-12-12 20:52:48 ----HD---- C:\WINDOWS\inf
2008-12-12 20:52:41 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-12 20:52:41 ----D---- C:\WINDOWS
2008-12-12 20:52:20 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-10 07:43:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-10 07:41:33 ----SHD---- C:\Config.Msi
2008-12-10 07:41:33 ----D---- C:\Program Files\Java
2008-12-10 07:41:05 ----SHD---- C:\WINDOWS\Installer
2008-12-10 07:39:52 ----D---- C:\WINDOWS\system32
2008-12-09 23:55:50 ----D---- C:\Program Files\Warkeys
2008-12-09 22:27:44 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-09 22:24:39 ----RD---- C:\Program Files
2008-12-09 22:18:39 ----D---- C:\WINDOWS\pss
2008-12-09 22:08:20 ----D---- C:\Program Files\Common Files
2008-12-09 22:08:16 ----SD---- C:\WINDOWS\Tasks
2008-12-09 22:06:11 ----D---- C:\WINDOWS\erdnt
2008-12-08 21:36:35 ----D---- C:\WINDOWS\system32\drivers
2008-12-08 21:26:23 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-08 21:11:31 ----SD---- C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Application Data\Microsoft
2008-12-07 22:32:25 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-07 09:36:34 ----D---- C:\Program Files\Internet Explorer
2008-12-07 09:36:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-07 09:36:33 ----D---- C:\WINDOWS\Help
2008-12-07 09:36:32 ----D---- C:\Program Files\Microsoft Silverlight
2008-12-07 09:34:54 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-07 09:16:10 ----D---- C:\WINDOWS\WBEM
2008-12-07 09:16:10 ----D---- C:\WINDOWS\system32\en-US
2008-12-07 09:16:02 ----D---- C:\WINDOWS\Media
2008-12-07 08:35:55 ----RSD---- C:\WINDOWS\Fonts
2008-12-06 22:45:07 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-05 20:22:36 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-25 00:24:36 ----D---- C:\Program Files\Warcraft III
2008-11-23 10:09:51 ----D---- C:\Program Files\DivX
2008-11-16 08:23:18 ----A---- C:\WINDOWS\imsins.BAK
2008-11-15 14:57:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-15 14:54:46 ----A---- C:\WINDOWS\setuplog.txt
2008-11-15 14:53:36 ----D---- C:\WINDOWS\system32\Setup
2008-11-15 14:53:36 ----D---- C:\WINDOWS\AppPatch
2008-11-15 14:53:35 ----D---- C:\WINDOWS\system32\wbem
2008-11-15 08:34:01 ----D---- C:\WINDOWS\security
2008-11-15 08:28:49 ----D---- C:\Program Files\Messenger
2008-11-15 08:21:31 ----D---- C:\WINDOWS\WinSxS
2008-11-15 08:21:16 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-15 08:20:47 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-15 08:20:46 ----D---- C:\WINDOWS\network diagnostic
2008-11-15 08:20:46 ----D---- C:\WINDOWS\ime
2008-11-15 08:20:00 ----D---- C:\WINDOWS\system32\usmt
2008-11-15 08:19:49 ----D---- C:\WINDOWS\peernet
2008-11-15 08:19:48 ----D---- C:\Program Files\Movie Maker
2008-11-15 08:05:16 ----D---- C:\WINDOWS\system32\Restore
2008-11-15 08:05:15 ----D---- C:\WINDOWS\system32\npp
2008-11-15 08:05:10 ----D---- C:\WINDOWS\msagent
2008-11-15 08:05:05 ----D---- C:\WINDOWS\srchasst
2008-11-15 08:04:57 ----D---- C:\Program Files\NetMeeting
2008-11-15 08:04:51 ----D---- C:\WINDOWS\system32\Com
2008-11-15 08:04:45 ----D---- C:\Program Files\Windows Media Player
2008-11-15 08:04:43 ----D---- C:\Program Files\Windows NT
2008-11-15 08:04:43 ----D---- C:\Program Files\Outlook Express
2008-11-15 08:04:33 ----D---- C:\Program Files\Common Files\System
2008-11-15 08:03:40 ----D---- C:\WINDOWS\system32\oobe
2008-11-15 08:03:37 ----D---- C:\WINDOWS\system
2008-11-15 07:56:38 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-15 07:47:50 ----D---- C:\WINDOWS\EHome

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-08 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-08 26824]
R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2008-09-22 19072]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-12-08 76040]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-09-21 2278784]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2008-09-22 323584]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2002-07-10 32256]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 catchme;catchme; \??\C:\DOCUME~1\Jason\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\System32\DRIVERS\hamachi.sys [2007-07-22 26056]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-05-09 41888]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2003-10-14 16509]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-05-09 14112]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-05-09 1276832]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-08 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-08 231704]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-10 152984]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2002-06-24 303104]
S3 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2007-10-29 587096]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-11-27 72704]
S3 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 YPCService;YPCService; C:\WINDOWS\system32\YPCSER~1.EXE [2003-05-19 86016]

-----------------EOF-----------------

#9 The Gorilla

The Gorilla

  • Members
  • 766 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Part of a breeding programme in a conservation zoo
  • Local time:04:27 PM

Posted 13 December 2008 - 06:25 AM

Hi :thumbsup:

Well you have done a good job so far with clearing out some of the malware your system was infected with, just a couple of stubborn files left. We will deal with them this time around.

As always please follow the steps in the order they are given.

Unfortunately in your previous post you copied the OTMoveIT log across twice and did not post the Eset log - do not worry about that now.

Step#1
Please download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Step#2
I see you already have MalwareBytes installed on your computer, this is good.
  • Make sure you are connected to the Internet.
  • Launch Malwarebytes' Anti-Malware
  • Then click Update Tab followed by Check for Updates
  • On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


Step#3
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, please post the resultant log.txt

Finally, well for this post, please back the following;
  • Malwarebytes log
  • rsit log
  • How your system is running.
:)

#10 ICBM

ICBM
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 19 December 2008 - 12:09 AM

Sorry that I took so long to respond, I have been a little busy lately.

These are the logs from the operations that you suggested I do. Please take a look.


Thanks for your help. This machine appears to be running decently fast now. No more popups have appeared since the beginning of the treatment, and nothing unusual has transpired... at least for now.

:]


Malwarebytes' Anti-Malware 1.31
Database version: 1500
Windows 5.1.2600 Service Pack 3

12/14/2008 4:58:54 PM
mbam-log-2008-12-14 (16-58-54).txt

Scan type: Quick Scan
Objects scanned: 71831
Time elapsed: 32 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{efaf6ea3-615d-4f83-8748-2f7a576fcea6} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{23b760d6-c98b-450b-9b32-26c7775cdf83} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{efaf6ea3-615d-4f83-8748-2f7a576fcea6} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Online Add-on (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)







Logfile of random's system information tool 1.04 (written by random/random)
Run by Jerry at 2008-12-14 17:00:43
Microsoft Windows XP Professional Service Pack 3
System drive C: has 15 GB (37%) free of 39 GB
Total RAM: 1007 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:01:01 PM, on 12/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jerry.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Cognac] C:\WINDOWS\TEMP\22.tmp.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Cognac] C:\WINDOWS\TEMP\22.tmp.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 5011 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-08 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-08 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-12-08 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-08 1261336]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 169984]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-10 136600]
"Lexmark X74-X75"=C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe [2002-06-24 57344]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-04-28 185896]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X74-X75]
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe [2002-06-24 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-04-28 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
C:\PROGRA~1\Yahoo!\YOP\yop.exe [2007-10-26 509224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Dataviz Messenger.lnk]
C:\WINDOWS\DVZCOM~1\DvzMsgr.exe [2003-07-01 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Launchy.lnk]
C:\PROGRA~1\Launchy\Launchy.exe [2007-12-18 274432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jerry.JV-YGF9H2DG396G^Start Menu^Programs^Startup^HotSync Manager.lnk]
D:\Palm\HOTSYNC.EXE [2003-10-14 299008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\Eclipse\eclipse.exe"="C:\Program Files\Eclipse\eclipse.exe:*:Enabled:eclipse"
"C:\Program Files\Pidgin\pidgin.exe"="C:\Program Files\Pidgin\pidgin.exe:*:Enabled:Pidgin"
"C:\Program Files\Microsoft Games\Halo Trial\halo.exe"="C:\Program Files\Microsoft Games\Halo Trial\halo.exe:*:Enabled:Halo"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Warcraft III\Frozen Throne.exe"="C:\Program Files\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne"
"C:\ijji\ENGLISH\Gunz\Gunz.exe"="C:\ijji\ENGLISH\Gunz\Gunz.exe:*:Disabled:Gunz"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"E:\Tax07\TurboTax Home & Business 2007\32bit\ttax.exe"="E:\Tax07\TurboTax Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"E:\Tax07\TurboTax Home & Business 2007\32bit\updatemgr.exe"="E:\Tax07\TurboTax Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Netease\neteasetv\MediaCenter.exe"="C:\Program Files\Netease\neteasetv\MediaCenter.exe:*:Enabled:MediaCenter"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2008-12-12 22:51:39 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 22:48:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 22:48:42 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 22:48:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-10 07:31:10 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-10 07:31:10 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-10 07:31:10 ----A---- C:\WINDOWS\system32\java.exe
2008-12-10 07:31:10 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-09 22:24:39 ----D---- C:\Program Files\EsetOnlineScanner
2008-12-09 22:05:32 ----D---- C:\Program Files\ERUNT
2008-12-08 21:42:45 ----HD---- C:\$AVG8.VAULT$
2008-12-08 21:36:39 ----D---- C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Application Data\Malwarebytes
2008-12-08 21:36:32 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-12-08 21:36:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-08 21:26:47 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-08 21:26:41 ----D---- C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Application Data\AVGTOOLBAR
2008-12-08 21:26:30 ----D---- C:\Program Files\AVG
2008-12-08 21:26:30 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-12-07 14:38:05 ----D---- C:\rsit
2008-12-07 14:20:49 ----D---- C:\Program Files\VS Revo Group
2008-12-07 14:19:21 ----D---- C:\Program Files\Common Files\Download Manager
2008-12-07 09:35:04 ----A---- C:\WINDOWS\difxapi.dll
2008-12-07 09:35:03 ----A---- C:\WINDOWS\InstFunc.exe
2008-12-07 09:35:03 ----A---- C:\WINDOWS\InstFunc.dll
2008-12-07 09:15:29 ----HDC---- C:\WINDOWS\ie8
2008-12-06 17:35:18 ----D---- C:\Program Files\Trend Micro
2008-11-16 08:23:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-16 08:22:51 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-16 08:22:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-11-15 14:56:51 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-11-15 14:55:42 ----D---- C:\WINDOWS\Prefetch
2008-11-15 08:35:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-15 08:35:01 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-15 08:34:41 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-15 08:34:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-15 08:33:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-15 08:33:32 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-15 08:33:11 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-15 08:32:43 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-11-15 08:32:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-15 08:32:03 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-15 08:31:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-15 08:31:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-15 08:31:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-15 08:30:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-11-15 08:30:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-15 08:29:54 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-15 08:29:34 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-15 08:29:08 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-11-15 08:28:47 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-15 08:28:27 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-15 08:19:56 ----D---- C:\WINDOWS\system32\scripting
2008-11-15 08:19:52 ----D---- C:\WINDOWS\l2schemas
2008-11-15 08:19:50 ----D---- C:\WINDOWS\system32\en
2008-11-15 08:19:49 ----D---- C:\WINDOWS\system32\bits

======List of files/folders modified in the last 1 months======

2008-12-14 17:01:00 ----D---- C:\WINDOWS\TEMP
2008-12-14 15:34:07 ----D---- C:\Program Files\Mozilla Firefox
2008-12-14 10:38:26 ----ASH---- C:\boot.ini
2008-12-14 10:38:25 ----A---- C:\WINDOWS\win.ini
2008-12-14 10:38:25 ----A---- C:\WINDOWS\SYSTEM.INI
2008-12-13 13:49:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-13 12:55:09 ----A---- C:\WINDOWS\LEXSTAT.INI
2008-12-13 12:52:21 ----HD---- C:\WINDOWS\inf
2008-12-13 12:52:12 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-13 12:52:03 ----D---- C:\WINDOWS
2008-12-13 12:50:42 ----D---- C:\WINDOWS\system32
2008-12-12 22:48:51 ----A---- C:\WINDOWS\imsins.BAK
2008-12-12 22:48:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-12 22:48:41 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-10 07:41:33 ----SHD---- C:\Config.Msi
2008-12-10 07:41:33 ----D---- C:\Program Files\Java
2008-12-10 07:41:05 ----SHD---- C:\WINDOWS\Installer
2008-12-09 23:55:50 ----D---- C:\Program Files\Warkeys
2008-12-09 22:27:44 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-09 22:24:39 ----RD---- C:\Program Files
2008-12-09 22:18:39 ----D---- C:\WINDOWS\pss
2008-12-09 22:08:20 ----D---- C:\Program Files\Common Files
2008-12-09 22:08:16 ----SD---- C:\WINDOWS\Tasks
2008-12-09 22:06:11 ----D---- C:\WINDOWS\erdnt
2008-12-09 15:24:38 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-08 21:36:35 ----D---- C:\WINDOWS\system32\drivers
2008-12-08 21:26:23 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-08 21:11:31 ----SD---- C:\Documents and Settings\Jerry.JV-YGF9H2DG396G\Application Data\Microsoft
2008-12-07 22:32:25 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-07 09:36:34 ----D---- C:\Program Files\Internet Explorer
2008-12-07 09:36:33 ----D---- C:\WINDOWS\Help
2008-12-07 09:36:32 ----D---- C:\Program Files\Microsoft Silverlight
2008-12-07 09:34:54 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-07 09:16:10 ----D---- C:\WINDOWS\WBEM
2008-12-07 09:16:10 ----D---- C:\WINDOWS\system32\en-US
2008-12-07 09:16:02 ----D---- C:\WINDOWS\Media
2008-12-07 08:35:55 ----RSD---- C:\WINDOWS\Fonts
2008-12-06 22:45:07 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-05 20:22:36 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-25 00:24:36 ----D---- C:\Program Files\Warcraft III
2008-11-23 10:09:51 ----D---- C:\Program Files\DivX
2008-11-15 14:57:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-15 14:54:46 ----A---- C:\WINDOWS\setuplog.txt
2008-11-15 14:53:36 ----D---- C:\WINDOWS\system32\Setup
2008-11-15 14:53:36 ----D---- C:\WINDOWS\AppPatch
2008-11-15 14:53:35 ----D---- C:\WINDOWS\system32\wbem
2008-11-15 08:34:01 ----D---- C:\WINDOWS\security
2008-11-15 08:28:49 ----D---- C:\Program Files\Messenger
2008-11-15 08:21:31 ----D---- C:\WINDOWS\WinSxS
2008-11-15 08:21:16 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-15 08:20:47 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-15 08:20:46 ----D---- C:\WINDOWS\network diagnostic
2008-11-15 08:20:46 ----D---- C:\WINDOWS\ime
2008-11-15 08:20:00 ----D---- C:\WINDOWS\system32\usmt
2008-11-15 08:19:49 ----D---- C:\WINDOWS\peernet
2008-11-15 08:19:48 ----D---- C:\Program Files\Movie Maker
2008-11-15 08:05:16 ----D---- C:\WINDOWS\system32\Restore
2008-11-15 08:05:15 ----D---- C:\WINDOWS\system32\npp
2008-11-15 08:05:10 ----D---- C:\WINDOWS\msagent
2008-11-15 08:05:05 ----D---- C:\WINDOWS\srchasst
2008-11-15 08:04:57 ----D---- C:\Program Files\NetMeeting
2008-11-15 08:04:51 ----D---- C:\WINDOWS\system32\Com
2008-11-15 08:04:45 ----D---- C:\Program Files\Windows Media Player
2008-11-15 08:04:43 ----D---- C:\Program Files\Windows NT
2008-11-15 08:04:43 ----D---- C:\Program Files\Outlook Express
2008-11-15 08:04:33 ----D---- C:\Program Files\Common Files\System
2008-11-15 08:03:40 ----D---- C:\WINDOWS\system32\oobe
2008-11-15 08:03:37 ----D---- C:\WINDOWS\system
2008-11-15 07:56:38 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-15 07:47:50 ----D---- C:\WINDOWS\EHome

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-08 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-08 26824]
R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2008-09-22 19072]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-12-08 76040]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-09-21 2278784]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-05-09 41888]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2008-09-22 323584]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2002-07-10 32256]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 catchme;catchme; \??\C:\DOCUME~1\Jason\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\System32\DRIVERS\hamachi.sys [2007-07-22 26056]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2003-10-14 16509]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-05-09 14112]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-05-09 1276832]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-08 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-08 231704]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-10 152984]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2002-06-24 303104]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
S3 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2007-10-29 587096]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-11-27 72704]
S3 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 YPCService;YPCService; C:\WINDOWS\system32\YPCSER~1.EXE [2003-05-19 86016]

-----------------EOF-----------------

#11 The Gorilla

The Gorilla

  • Members
  • 766 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Part of a breeding programme in a conservation zoo
  • Local time:04:27 PM

Posted 19 December 2008 - 12:36 PM

Hi :thumbsup:

That's good news about your computer running problem free, we just have a few loose ends to tidy away.

Step#1
Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:


O4 - HKUS\S-1-5-18\..\Run: [Cognac] C:\WINDOWS\TEMP\22.tmp.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Cognac] C:\WINDOWS\TEMP\22.tmp.exe (User 'Default user')



Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.


Step#2
Using OTMoveIt3;
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Processes
 explorer.exe
 
 :files
 C:\WINDOWS\TEMP\22.tmp.exe
 
 :commands
 [start explorer]
 [Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

IMPORTANT< IF YOU MACHINE DOES NOT REBOOT PLEASE DO SO BEFORE PROCEEDING


Step#3
Please go to Eset Onlinescan (NOD32)
(You need to use InternetExplorer or enable IEView in Firefox)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
    The Onlinescan will now start and scan your pc (please let it run to completion)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
    The Scan results will now open in Notepad
  • Click into the text area, right-click and chose "select all"
  • Right-click again and chose "copy"
  • Close Notepad
Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

Include this log in your reply by right-clicking and "paste" in the text area of the reply post you just created.



Step#4
I see that you are currently running Adaware 2007. This programme has now been updated and version 2008 has been released.

If you wish to continue using this programme then I reccommend that you uninstall your version and replace it with the newer version.

Direct link to Adaware 2008


Step#5
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, please post the contents of log.txt

Finally, well for this post;
  • Please post back the OTMoveIt log
  • Eset Online Log
  • new rsit
  • how things are running
:)

#12 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:27 PM

Posted 30 December 2008 - 03:36 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users