Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware Guard 2008


  • This topic is locked This topic is locked
4 replies to this topic

#1 agentjayd007

agentjayd007

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 10 December 2008 - 04:52 AM

Just to let you know, I have already tried the steps given on this site to get rid of this malware, and it worked. Then almost instantly after the Malwarebytes program did its work, the Spyware Guard 2008 icon came back onto my desktop and popped up on my screen. I have ran Malwarebytes 3 times and have restarted when it asked, I have ran Spybot, and many other programs with no success.

info.txt logfile of random's system information tool 1.04 2008-12-10 03:47:51

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->D:\DivX\ConverterUninstall.exe /CONVERTER
-->MsiExec /X{AC54E544-3E42-443C-A91D-A00A6974C592}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93B80FB1-7A23-11D3-B250-00105A1F4184}\setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uninstall.exe"
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Ad-Aware SE Personal-->D:\Adaware\AD-AWA~1\UNWISE.EXE D:\Adaware\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{47813E93-F2A0-484A-838E-47EC1B28D190}
Advertisement Service-->C:\WINDOWS\system32\prunnet.exe Uninstall
Agere Systems AC'97 Modem-->agrsmdel
AIM 6-->C:\Program Files\AIM6\uninst.exe
AOL Instant Messenger-->C:\Program Files\AIM95\uninstll.exe -LOG= C:\Program Files\AIM95\install.log -OEM=
AOL Toolbar 2.0-->"C:\Program Files\AOL\AOL Toolbar 2.0\uninstall.exe"
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft Panorama Maker 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D45E8C45-B601-4A80-AFD8-E16338744DE1}\Setup.exe" -l0x9
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Catalyst Registration-->MsiExec.exe /X{72736F5F-520D-472A-88CC-7B02872FD34E}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Atlantica Online-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1247B383-B82E-4CEB-8B0A-651A30428B53}\setup.exe" -l0x9
Auto Gordian Knot 2.40-->C:\Program Files\AutoGK\uninst.exe
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Batman Begins Screen Saver-->C:\WINDOWS\Batman Begins.scr /u
BitLord 1.1-->C:\Program Files\BitLord\uninst.exe
BitTorrent 4.2.2-->"C:\Program Files\BitTorrent\uninstall.exe"
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Catalyst Control Center - Branding-->MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CleanUp!-->D:\Clean Up\uninstall.exe
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Creative Audio Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove
Creative Driver-->C:\WINDOWS\system32\ctdrvins /s /u /g
dBpowerAMP Mp4 Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Mp4 Codec.dat
dBpowerAMP Music Converter-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
Digital Media Converter 2.57-->"C:\Program Files\Deskshare\Digital Media Converter\unins000.exe"
DivX Codec-->D:\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->D:\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->D:\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->D:\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->D:\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Driver Updater Pro-->"C:\Documents and Settings\All Users\Application Data\{C2278D61-978F-4EB3-A8F3-E90811A93014}\DriverUpdaterPro.exe" REMOVE=TRUE MODIFY=FALSE
Driver Updater Pro-->C:\Documents and Settings\All Users\Application Data\{C2278D61-978F-4EB3-A8F3-E90811A93014}\DriverUpdaterPro.exe
EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
EverQuest: SOV-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD494BAD-BA13-11D4-8737-00A0CC58DEE4}\setup.exe"
EverQuest-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E4C862F8-FDF0-11D4-8737-00A0CC58DEE4}\setup.exe"
Firefox Windows Media Player XPI-->C:\PROGRA~1\RadioXpi\UNWISE.EXE C:\PROGRA~1\RadioXpi\INSTALL.LOG
Free Games Offer, Desktop Shortcut-->MsiExec.exe /X{31DABA20-10A1-4746-9D9F-57955B8DFF66}
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Half-Life 2: Episode One-->"D:\Games that are awesome ubah\Orange Box\steam.exe" steam://uninstall/380
Half-Life 2: Episode Two-->"D:\Games that are awesome ubah\Orange Box\steam.exe" steam://uninstall/420
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Customer Participation Program 7.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart and Deskjet 7.0 Software-->C:\Program Files\HP\Digital Imaging\{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}\setup\hpzscr01.exe -datfile hphscr12.dat -showdisconnect -forcereboot
HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
iMeshBar-->rundll32 C:\PROGRA~1\iMeshBar\bar\1.bin\iMeshBar.dll,O
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
iPod for Windows User Guide-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B9987754-9A14-4B61-ABB3-73A79503238D} /l1033
iPod System Software Updater 2.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B02B8E30-EB28-49B0-A60F-696268BAE033} /l1033
IrfanView (remove only)-->D:\iv_uninstall.exe
iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Jetcast 1.1.1-->C:\Program Files\Jetcast\uninst.exe
Kane & Lynch 1.0-->C:\Program Files\Kane & Lynch\uninst.exe
LimeWire 4.16.6-->"D:\LimeWire\uninstall.exe"
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
LQfix 2.1-->"C:\WINDOWS\LQfix\unins000.exe"
LX Systems Download Manager-->C:\WINDOWS\System32\lxuninstall.bat
Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Magelo Sync (uninstall only)-->"C:\Program Files\Magelo\Magelo Sync\UnInstall.exe"
Magic Workstation 0.94f-->"D:\Magic Workstation\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Memory Stick Formatter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\setup.exe" -l0x9 /UNINSTALL
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works 2003 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe E:\
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MobMap 1.40-->"D:\Games that are awesome ubah\World of Warcraft\Interface\AddOns\MobMapUpdater\unins000.exe"
MoodLogic-->C:\WINDOWS\ml-uninstall-v10.exe
MouseMaestro Input Device Driver V2.4.1-145AA MUL-->C:\WINDOWS\system32\MmRemove.exe
MOV to AVI MPEG WMV Converter 1.9.2-->"C:\Program Files\MOV to AVI MPEG WMV Converter\unins000.exe"
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MultiRes (remove only)-->C:\Program Files\MultiRes\uninstal.exe
Music Visualizer Library 1.4.00-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}\setup.exe" -l0x9
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
Netscape Browser (remove only)-->"C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
Nikon Message Center-->MsiExec.exe /X{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}
Nikon Transfer-->MsiExec.exe /X{E9757890-7EC5-46C8-99AB-B00F07B6525C}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nTune-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
NVIDIA PhysX v8.10.13-->MsiExec.exe /X{AC54E544-3E42-443C-A91D-A00A6974C592}
OLYMPUS Master 2-->MsiExec.exe /X{F0FC1E09-AF67-47BC-9E61-90ECFEB4CE82}
OpenMG Secure Module 3.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3AD83857-257F-4DCB-8451-55012C9E0F55}\setup.exe" -l0x9 UNINSTALL
Portal-->"D:\Games that are awesome ubah\Orange Box\steam.exe" steam://uninstall/400
Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
Proper Anatomy 3.1.1-->D:\Games that are awesome ubah\World of Warcraft\World of Warcraft\Data\Uninstal.exe
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RAIN_1024 Screen Saver-->C:\WINDOWS\system32\RAIN_1024.scr /u
RAIN_1280 Screen Saver-->C:\WINDOWS\system32\RAIN_1280.scr /u
RAIN_800 Screen Saver-->C:\WINDOWS\system32\RAIN_800.scr /u
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe" -l0x9 -removeonly
REALTEK Gigabit and Fast Ethernet NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x9 REMOVE
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RelevantKnowledge-->C:\windows\rlvknlg.exe -bootremove -uninst:RelevantKnowledge
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
RivaTuner v2.11-->"C:\Program Files\RivaTuner v2.11\uninstall.exe"
River Past Video Cleaner-->C:\WINDOWS\Video Cleaner Uninstaller.exe
Screenblast Sound Forge 1.1-->MsiExec.exe /I{5DF4AA9A-4F53-499C-977B-6CD216B574A5}
Secure Delivery-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\kdx\kdx.inf,DefaultUninstall,5
Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SonicStage MP3 Add-on program-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DA7ECDA9-C6DD-4E4A-8EB8-9899E08C6740}\Setup.exe" -l0x9
Sony Certificate PCH-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
Sony Video Shared Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6990A2BF-D1D2-11D3-81BC-00609789C908}\setup.exe"
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Guard 2008-->C:\Program Files\Spyware Guard 2008\uninstall.exe
SpywareBlaster 4.0-->"D:\Spyware Blaster\SpywareBlaster\unins000.exe"
Startnow Navigation Helper (v1.0.1.1)-->MsiExec.exe /X{EDE0985B-D652-4573-A89E-803CB2597247}
Station LaunchPad-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7447B32-518C-442F-A8E4-DCF12D8A6D75}\Setup.exe" -l0x9
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2-->D:\Teamspeak2_RC2\unins000.exe
The Matrix Revolutions 3D Screen Saver v3.2-->"C:\Program Files\UselessCreations\Matrix3D\uninst.exe"
TorrentMan Toolbar-->C:\PROGRA~1\TORREN~1\UNWISE.EXE C:\PROGRA~1\TORREN~1\INSTALL.LOG
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
URGE-->MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
VAIO BrightColor Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D1D6640-CD43-4AD9-A52F-E48265DB28E0}\setup.exe" -l0x9
VAIO Help and Support-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}
VAIO Media 2.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EB317D8-8945-4FD6-B37F-DF470317C6AB}\setup.exe" -l0x9 UNINSTALL
VAIO Media Redistribution 2.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7128C69B-8F7E-4336-8698-3FD3CDD955EC}\setup.exe" -l0x9 UNINSTALL
VAIO Registration-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{315BA29D-2644-4760-B5FD-5AC04A52B8C5}
VAIO Support-->"c:\program files\support.com\client\bin\tgfix.exe" /rm /nq
VAIO Survey Standalone-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}
VAIO System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD7D5804-C157-48A6-AEE0-4A40A4B5C054}\setup.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Ventrilo Server-->MsiExec.exe /I{1D46A3A0-B37D-423A-91C2-101A49E2FF80}
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Viewpoint Toolbar (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarInstaller.exe /u /k
VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPcap 3.0-->"C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log"
WinRAR archiver-->D:\Winrar\uninstall.exe
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
World of Warcraft Desktop-->C:\PROGRA~1\Stardock\OBJECT~1\THEMEM~1\thememgr.exe /uninstallwise
World of Warcraft FREE Trial-->MsiExec.exe /X{02EBDBB9-4600-41D3-B566-40CB861511D2}
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
XviD MPEG4 Video Codec (remove only)-->"C:\WINDOWS\system32\xvid-uninstall.exe"
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: AVG Anti-Virus Free

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"VERSION"=3.0.2.97
"SESSIONID"=1097213296206wuws05-l1e1be92:ff984681ad:-6197
"COLLECTIONID"=COL8143
"ITEMID"=dj-22741-6
"UPDATEDIR"=C:\DOCUME~1\Jason\LOCALS~1\Temp\radF1232.tmp
"TOOLPATH"=/C:\Program%20Files\Hewlett-Packard\HP%20Software%20Update\install.htm
"HMSERVER"=https://h30083.www3.hp.com/wuss/servlet/WUSSServlet
"SWUTVER"=1.0.18.30716
"OSVER"=winXPH
"LANG"=1033
"TIMEOUT"=0
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------


Logfile of random's system information tool 1.04 (written by random/random)
Run by Jason at 2008-12-10 03:47:30
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 2 GB (15%) free of 14 GB
Total RAM: 3327 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:47:49 AM, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\Explorer.EXE
D:\Games that are awesome ubah\Mabinogi\npkcmsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
D:\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\winscenter.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Games that are awesome ubah\Atlantica\AtlanticaRun.exe
C:\Program Files\Spyware Guard 2008\spywareguard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Netscape downloads\RSIT.exe
C:\Program Files\trend micro\Jason.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {3255322B-ABCC-B053-90DC-F48AAAA1FFC3} - (no file)
R3 - URLSearchHook: (no name) - {A1C0A011-6DA6-203B-F7D8-611333DF6996} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.gamefaqs.com/"); (C:\Documents and Settings\JASON\Application Data\Mozilla\Profiles\default\bwktux4g.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\JASON\Application Data\Mozilla\Profiles\default\bwktux4g.slt\prefs.js)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4B4FBE25-6F18-498A-840D-2E386BA28FF4} - C:\WINDOWS\system32\yayaYoNf.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {BBC6AA66-15A3-4EA0-AF37-B2595D65269F} - C:\WINDOWS\system32\geBqQJDW.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CtxfiReg] CTXFIREG.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32 /S CTASIO.DLL
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.11\RivaTuner.exe" /S
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2008\spywareguard.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Startup: Nikon Monitor.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Word\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Word\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Broken Internet access because of LSP provider '25,5x4' missing
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: wbsys.dll,C:\WINDOWS\system32\zugeyale.dll,mrcecy.dll,avgrsstx.dll
O20 - Winlogon Notify: xxyyxyXq - xxyyxyXq.dll (file missing)
O21 - SSODL: ieModule - {EB0B5C25-6C8F-4483-A14E-7C28EE8DB815} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
O21 - SSODL: InternetConnection - {9A651D96-2AD7-4A76-A63D-8A78F3E17815} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\wwhmebqwpq.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - D:\Games that are awesome ubah\Mabinogi\npkcmsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12808 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-05-15 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-09 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B4FBE25-6F18-498A-840D-2E386BA28FF4}]
C:\WINDOWS\system32\yayaYoNf.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBC6AA66-15A3-4EA0-AF37-B2595D65269F}]
C:\WINDOWS\system32\geBqQJDW.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-05-15 817936]
{7c5c0f58-e061-457d-9033-77307f5ed00c}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"=C:\WINDOWS\system32\ezSP_Px.exe [2002-08-20 40960]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-08-15 180269]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696]
"iTunesHelper"=D:\iTunes\iTunesHelper.exe [2008-03-30 267048]
"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2003-07-02 28672]
"CtxfiReg"=C:\WINDOWS\system32\CTXFIREG.EXE [2006-08-11 42496]
"AsioReg"=REGSVR32 /S CTASIO.DLL []
"CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2006-08-11 18944]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-11-12 13672448]
"nwiz"=nwiz.exe /install []
"RivaTunerStartupDaemon"=C:\Program Files\RivaTuner v2.11\RivaTuner.exe [2008-09-16 2715648]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]
"ATICustomerCare"=C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [2007-10-04 307200]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-11-12 86016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-11-07 17421824]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-09 1261336]
"spywareguard"=C:\Program Files\Spyware Guard 2008\spywareguard.exe [2008-12-10 788992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Aim6"= []
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
"NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-09-04 81920]
"DriverUpdaterPro"=C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe [2008-11-03 2539008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\09080C0E0F0A09]
D3D2D6D8D9D4.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2322852]
C:\PROGRA~1\2322852\2322852.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
C:\WINDOWS\AGRSMMSG.exe [2003-05-23 88363]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM95\aim.exe [2005-06-02 67160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2008-03-25 50528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe runtime -Delay []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtcMouseMaestro]
C:\Program Files\MMaestro\KMaestro.exe [2005-11-09 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bvj]
C:\Program Files\Common Files\S?mantec\javaw.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMMan]
C:\Program Files\CMMan\CMMan.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
C:\WINDOWS\system32\CTHELPER.EXE [2003-07-02 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
C:\WINDOWS\system32\CTXFIHLP.EXE [2006-08-11 18944]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CU1]
C:\Program Files\Common Files\VCClient\VCClient.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CU2]
C:\Program Files\Common Files\VCClient\VCMain.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
C:\WINDOWS\system32\ezSP_Px.exe [2002-08-20 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FCHelp]
C:\Program Files\FCHelp\FCHelp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
D:\Microsoft Beta Spyware thingy\gcasServ.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe [2003-04-07 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe [2003-04-07 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iinl]
C:\DOCUME~1\Jason\MYDOCU~1\WNSXS~1\userinit.exe -vt tzt []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
D:\iTunes\iTunesHelper.exe [2008-03-30 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2008-11-12 13672448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2008-11-12 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe -NoStart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSS]
C:\windows\rlvknlg.exe -boot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snss Launcher]
C:\Program Files\snss\snss.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
D:\Games that are awesome ubah\Orange Box\Steam.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sws.exe]
c:\program files\GlobalDialer\domer00075\gd-dial.exe -remove []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TizzleTalk]
D:\TizzleTalk\TizzleTalk.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-08-15 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe [2003-04-19 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe [2007-01-04 112336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherDPA]
C:\Program Files\Zango\bin\10.3.36.0\Weather.exe -auto []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoOE]
C:\Program Files\Zango\bin\10.3.36.0\OEAddOn.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoSA]
C:\Program Files\Zango\bin\10.3.36.0\ZangoSA.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZTgServerSwitch]
c:\program files\support.com\client\bin\tgcmd.exe [2003-06-23 1409024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{63-3C-C0-07-ZN}]
C:\windows\system32\rkdsregp.exe CORN001 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
D:\Word\Office10\OSA.EXE -b -l []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jason^Start Menu^Programs^Startup^Z_Start.lnk]
C:\WINDOWS\system32\dwdsregt.exe CORN001 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVGEMS"=2
"Avg7UpdSvc"=2
"Avg7Alrt"=2

C:\Documents and Settings\Jason\Start Menu\Programs\Startup
Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wbsys.dll,C:\WINDOWS\system32\zugeyale.dll,mrcecy.dll,avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-10-28 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr]
avldr.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
C:\Program Files\Stardock\Object Desktop\ThemeManager\fastload.dll [2001-12-20 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyyxyXq]
xxyyxyXq.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
ieModule - {EB0B5C25-6C8F-4483-A14E-7C28EE8DB815} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll [2008-12-08 3312128]
InternetConnection - {9A651D96-2AD7-4A76-A63D-8A78F3E17815} - C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\wwhmebqwpq.dll [2008-12-08 926720]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\geBqQJDW
"notification packages"=scecli
C:\WINDOWS\system32\zugeyale.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\support.com\client\bin\tgcmd.exe"="C:\Program Files\support.com\client\bin\tgcmd.exe:*:Enabled:tgcmd Module"
"D:\Games that are awesome ubah\Star Wars Battlefront\GameData\Battlefront.exe"="D:\Games that are awesome ubah\Star Wars Battlefront\GameData\Battlefront.exe:*:Enabled:Battlefront"
"C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe"="C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\RSNet\RSEDNClient.exe"="C:\Program Files\RSNet\RSEDNClient.exe:*:Enabled:RSEDNClient"
"C:\Program Files\Call of Duty Game of the Year Edition\CoDMP.exe"="C:\Program Files\Call of Duty Game of the Year Edition\CoDMP.exe:*:Enabled:CoDMP"
"C:\Program Files\AIM95\aim.exe"="C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Real\RealOne Player\realplay.exe"="C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealOne Player"
"D:\Games that are awesome ubah\Gunbound\GunBound\GunBound.gme"="D:\Games that are awesome ubah\Gunbound\GunBound\GunBound.gme:*:Enabled:GunBound"
"C:\Program Files\Kazaa\kazaa.exe"="C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa"
"D:\Games that are awesome ubah\World of Warcraft\World of Warcraft\WoW-1.1.1-patch-enUS-Downloader.exe"="D:\Games that are awesome ubah\World of Warcraft\World of Warcraft\WoW-1.1.1-patch-enUS-Downloader.exe:*:Enabled:Blizzard Downloader"
"D:\Games that are awesome ubah\Warcraft III\Warcraft III\Warcraft III.exe"="D:\Games that are awesome ubah\Warcraft III\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\LimeWire\LimeWire 4.2.6\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire 4.2.6\LimeWire.exe:*:Enabled:LimeWire"
"D:\Games that are awesome ubah\World of Warcraft\World of Warcraft\WoW-1.2.1-patch-enUS-Downloader.exe"="D:\Games that are awesome ubah\World of Warcraft\World of Warcraft\WoW-1.2.1-patch-enUS-Downloader.exe:*:Enabled:Blizzard Downloader"
"D:\Games that are awesome ubah\Medal of honor\mohpa.exe"="D:\Games that are awesome ubah\Medal of honor\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault™"
"D:\Kazaa\kazaa.exe"="D:\Kazaa\kazaa.exe:*:Enabled:Kazaa"
"C:\Program Files\Sony\Station\LaunchPad\_aunchPad.exe"="C:\Program Files\Sony\Station\LaunchPad\_aunchPad.exe:*:Enabled:_aunchPad"
"D:\Games that are awesome ubah\The Matrix Online\launcher.exe"="D:\Games that are awesome ubah\The Matrix Online\launcher.exe:*:Enabled:The Matrix Online"
"C:\Program Files\BitTorrent\btdownloadgui.exe"="C:\Program Files\BitTorrent\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"D:\Games that are awesome ubah\Battlefront\GameData\Battlefront.exe"="D:\Games that are awesome ubah\Battlefront\GameData\Battlefront.exe:*:Enabled:Battlefront"
"C:\Documents and Settings\Jason\My Documents\LimeWire\LimeWire.exe"="C:\Documents and Settings\Jason\My Documents\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"D:\Games that are awesome ubah\CoD\CoDMP.exe"="D:\Games that are awesome ubah\CoD\CoDMP.exe:*:Enabled:CoDMP"
"D:\Games that are awesome ubah\BF2\BF2.exe"="D:\Games that are awesome ubah\BF2\BF2.exe:*:Enabled:Battlefield 2"
"D:\Games that are awesome ubah\Gunz\gunzlauncher.exe"="D:\Games that are awesome ubah\Gunz\gunzlauncher.exe:*:Enabled:NewApp MFC ?? ????"
"D:\Games that are awesome ubah\Gunz\Gunz.exe"="D:\Games that are awesome ubah\Gunz\Gunz.exe:*:Enabled:Gunz"
"D:\LimeWire\LimeWire.exe"="D:\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"D:\StubInstaller.exe"="D:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"D:\Personal Firewall 4\kpf4gui.exe"="D:\Personal Firewall 4\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI"
"D:\Program Files\iMesh\iMesh5\iMesh.exe"="D:\Program Files\iMesh\iMesh5\iMesh.exe:*:Enabled:iMesh 5"
"C:\WINDOWS\system32"="C:\WINDOWS\system32:*:Enabled:lockx"
"D:\Ipoop\iTunes.exe"="D:\Ipoop\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\Jason\Local Settings\Temp\~os121.tmp\ossproxy.exe"="C:\Documents and Settings\Jason\Local Settings\Temp\~os121.tmp\ossproxy.exe:*:Enabled:ossproxy.exe"
"D:\Valve\Steam\SteamApps\everlore2222\counter-strike\hl.exe"="D:\Valve\Steam\SteamApps\everlore2222\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"D:\Valve\Steam\SteamApps\everlore2222\condition zero\hl.exe"="D:\Valve\Steam\SteamApps\everlore2222\condition zero\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Valve\Steam\SteamApps\everlore2222\day of defeat\hl.exe"="D:\Valve\Steam\SteamApps\everlore2222\day of defeat\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Skype\Phone\Skype.exe"="D:\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"D:\Heh\iMesh6.exe"="D:\Heh\iMesh6.exe:*:Enabled:iMesh 6"
"D:\Netscape\netscape.exe"="D:\Netscape\netscape.exe:*:Enabled:Netscape"
"D:\Bitlord\BitLord.exe"="D:\Bitlord\BitLord.exe:*:Enabled:BitLord"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"D:\Games that are awesome ubah\Battle for Middle-Earth\game.dat"="D:\Games that are awesome ubah\Battle for Middle-Earth\game.dat:*:Enabled:The Battle for Middle-earth™ II"
"D:\Teamspeak2_RC2\server_windows.exe"="D:\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server"
"D:\Valve\Steam\SteamApps\everlore2222\counter-strike source\hl2.exe"="D:\Valve\Steam\SteamApps\everlore2222\counter-strike source\hl2.exe:*:Enabled:hl2"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"D:\Star Wars Empire At War\GameData\fpupdate.exe"="D:\Star Wars Empire At War\GameData\fpupdate.exe:*:Enabled:fpupdate"
"D:\Games that are awesome ubah\Blizzard\Warcraft III\Warcraft III.exe"="D:\Games that are awesome ubah\Blizzard\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"D:\Games that are awesome ubah\Lord of the rings online\The Lord of the Rings Online\lotroclient.exe"="D:\Games that are awesome ubah\Lord of the rings online\The Lord of the Rings Online\lotroclient.exe:*:Enabled:lotroclient"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"D:\Games that are awesome ubah\Lord of The Rings\The Lord of the Rings Online\lotroclient.exe"="D:\Games that are awesome ubah\Lord of The Rings\The Lord of the Rings Online\lotroclient.exe:*:Enabled:lotroclient.exe"
"D:\Games that are awesome ubah\Orange Box\steam.exe"="D:\Games that are awesome ubah\Orange Box\steam.exe:*:Enabled:Steam"
"D:\Games that are awesome ubah\Orange Box\SteamApps\agentjayd007\team fortress 2\hl2.exe"="D:\Games that are awesome ubah\Orange Box\SteamApps\agentjayd007\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"D:\Warcraft III\Warcraft III.exe"="D:\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\iTunes\iTunes.exe"="D:\iTunes\iTunes.exe:*:Enabled:iTunes"
"D:\Games that are awesome ubah\UT3\Binaries\UT3.exe"="D:\Games that are awesome ubah\UT3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3"
"D:\AIM95\aim.exe"="D:\AIM95\aim.exe:*:Enabled:AOL Instant Messenger"
"D:\Games that are awesome ubah\Station\LaunchPad\LaunchPad.exe"="D:\Games that are awesome ubah\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"D:\Games that are awesome ubah\CA\Combat Arms\CombatArms.exe"="D:\Games that are awesome ubah\CA\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"D:\Games that are awesome ubah\CA\Combat Arms\Engine.exe"="D:\Games that are awesome ubah\CA\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"D:\Games that are awesome ubah\CA\Combat Arms\NMService.exe"="D:\Games that are awesome ubah\CA\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\Games that are awesome ubah\World of Warcraft\BackgroundDownloader.exe"="D:\Games that are awesome ubah\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"D:\Games that are awesome ubah\Warhammer\Electronic Arts\Warhammer Online - Age of Reckoning\warpatch.exe"="D:\Games that are awesome ubah\Warhammer\Electronic Arts\Warhammer Online - Age of Reckoning\warpatch.exe:*:Enabled:Warhammer Online - Age of Reckoning"
"C:\Program Files\internet explorer\iexplore.exe"="C:\Program Files\internet explorer\iexplore.exe:*:Enabled:IEXPLORE"
"C:\Documents and Settings\Jason\Local Settings\Temp\xomeanrcws.tmp"="C:\Documents and Settings\Jason\Local Settings\Temp\xomeanrcws.tmp:*:Enabled:xomeanrcws"
"C:\WINDOWS\system32\cmd.exe"="C:\WINDOWS\system32\cmd.exe:*:Enabled:cmd"
"C:\WINDOWS\RTHDCPL.EXE"="C:\WINDOWS\RTHDCPL.EXE:*:Enabled:RTHDCPL"
"C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe"="C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe:*:Enabled:NkMonitor"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Games that are awesome ubah\CA\Combat Arms\CombatArms.exe"="D:\Games that are awesome ubah\CA\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"D:\Games that are awesome ubah\CA\Combat Arms\Engine.exe"="D:\Games that are awesome ubah\CA\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======List of files/folders created in the last 1 months======

2008-12-10 03:47:31 ----D---- C:\Program Files\trend micro
2008-12-10 03:47:30 ----D---- C:\rsit
2008-12-10 03:40:32 ----D---- C:\Program Files\Spyware Guard 2008
2008-12-10 03:40:32 ----A---- C:\WINDOWS\vmreg.dll
2008-12-10 03:40:32 ----A---- C:\WINDOWS\sysexplorer.exe
2008-12-10 03:40:32 ----A---- C:\WINDOWS\syscert.exe
2008-12-10 03:40:32 ----A---- C:\WINDOWS\sys.com
2008-12-10 03:40:32 ----A---- C:\WINDOWS\spoolsystem.exe
2008-12-10 03:40:32 ----A---- C:\WINDOWS\reged.exe
2008-12-10 00:52:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-10 00:52:52 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-10 00:45:28 ----D---- C:\Documents and Settings\Jason\Application Data\Malwarebytes
2008-12-09 03:25:52 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-08 23:21:29 ----A---- C:\WINDOWS\system32\ubdrhikv.dll
2008-12-08 05:50:45 ----A---- C:\WINDOWS\system32\winscenter.exe
2008-12-07 23:24:29 ----A---- C:\WINDOWS\system32\fexmodqc.dll
2008-12-07 23:21:28 ----A---- C:\WINDOWS\system32\xwrdimgx.dll
2008-12-06 23:24:26 ----A---- C:\WINDOWS\system32\wjkfnpdw.dll
2008-12-06 23:21:29 ----A---- C:\WINDOWS\system32\skjcanan.dll
2008-12-06 05:08:46 ----D---- C:\Documents and Settings\All Users\Application Data\Backup
2008-12-06 05:08:17 ----A---- C:\WINDOWS\system32\HHActiveX.dll
2008-12-06 05:07:52 ----D---- C:\Documents and Settings\Jason\Application Data\Panda Security
2008-12-06 05:07:52 ----D---- C:\Documents and Settings\All Users\Application Data\Panda Security
2008-12-06 05:05:04 ----D---- C:\Program Files\Common Files\Panda Security
2008-12-06 04:55:57 ----A---- C:\WINDOWS\AvDetected.ini
2008-12-05 18:35:40 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2008-12-05 18:35:40 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2008-12-05 18:35:39 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2008-12-05 18:35:37 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2008-12-05 18:35:37 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2008-12-05 18:35:37 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2008-12-05 18:35:36 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2008-12-05 18:35:35 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2008-12-05 18:35:35 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2008-12-05 18:35:35 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2008-12-05 18:35:34 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2008-12-05 18:35:34 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2008-12-05 18:35:34 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2008-12-03 01:03:17 ----A---- C:\WINDOWS\system32\0b65f8d6-.txt
2008-12-03 01:03:01 ----ASH---- C:\WINDOWS\system32\fNoYayay.ini
2008-11-29 05:27:28 ----A---- C:\WINDOWS\system32\RtkCoInstXP.dll
2008-11-29 05:22:13 ----D---- C:\WINDOWS\NV40683500.TMP
2008-11-17 00:46:56 ----D---- C:\Documents and Settings\Jason\Application Data\skypePM
2008-11-13 03:10:23 ----D---- C:\Documents and Settings\Jason\Application Data\MobMapUpdater
2008-11-13 03:04:37 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-13 03:03:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-13 03:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 1 months======

2008-12-10 03:47:49 ----D---- C:\WINDOWS\Temp
2008-12-10 03:47:36 ----D---- C:\WINDOWS\Prefetch
2008-12-10 03:47:31 ----AD---- C:\Program Files
2008-12-10 03:40:46 ----D---- C:\Program Files\Mozilla Firefox
2008-12-10 03:40:32 ----D---- C:\WINDOWS
2008-12-10 03:14:13 ----D---- C:\WINDOWS\system32\drivers
2008-12-10 03:12:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-10 01:43:44 ----HD---- C:\$AVG8.VAULT$
2008-12-10 01:05:03 ----AD---- C:\WINDOWS\system32
2008-12-09 15:39:55 ----AC---- C:\WINDOWS\Wininit.ini
2008-12-09 03:41:20 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-09 03:25:34 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-09 03:25:27 ----SHD---- C:\WINDOWS\Installer
2008-12-09 03:25:01 ----D---- C:\Config.Msi
2008-12-09 03:16:47 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-09 03:13:14 ----HD---- C:\WINDOWS\inf
2008-12-06 07:02:21 ----DC---- C:\WINDOWS\system32\dllcache
2008-12-06 06:54:59 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-06 05:09:48 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-06 05:05:04 ----D---- C:\Program Files\Common Files
2008-12-05 18:35:41 ----D---- C:\WINDOWS\system32\DirectX
2008-12-05 18:35:07 ----RSD---- C:\WINDOWS\assembly
2008-12-03 23:17:40 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-02 15:24:57 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-02 02:46:09 ----D---- C:\Temp
2008-11-29 05:30:15 ----D---- C:\WINDOWS\nview
2008-11-29 05:28:09 ----D---- C:\WINDOWS\system32\RTCOM
2008-11-29 05:23:50 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-29 05:23:01 ----D---- C:\Program Files\AGEIA Technologies
2008-11-29 05:22:11 ----D---- C:\WINDOWS\Help
2008-11-15 18:00:36 ----D---- C:\WINDOWS\system32\config
2008-11-13 03:04:32 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-13 03:01:00 ----D---- C:\WINDOWS\WinSxS
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nwiz.exe
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvwss.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvwimg.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvwddi.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvvitvs.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvshell.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvmobls.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvmctray.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvmccss.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvmccsrs.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvmccs.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nview.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvgames.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvdspsch.exe
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvdisps.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvcuda.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvcplui.exe
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvcpl.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvcolor.exe
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvcodins.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvcod.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvappbar.exe
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nvapi.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2008-11-12 14:54:00 ----A---- C:\WINDOWS\system32\keystone.exe
2008-11-12 13:45:46 ----A---- C:\WINDOWS\system32\NVUNINST.EXE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-09 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-09 26824]
R1 DMICall;Sony DMI Call service; C:\WINDOWS\System32\DRIVERS\DMICall.sys [2000-12-05 3952]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 NPPTNT;NPPTNT; \??\C:\WINDOWS\System32\npptNT.sys []
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 enodpl;enodpl; C:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552]
R2 IOPort;IOPort; \??\C:\WINDOWS\system32\DRIVERS\IOPORT.SYS []
R2 tandpl;tandpl; C:\WINDOWS\System32\drivers\tandpl.sys [2003-04-19 4736]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-10-28 3341824]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-01-29 16168]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-11-11 4946944]
R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
R3 RivaTuner32;RivaTuner32; \??\C:\Program Files\RivaTuner v2.11\RivaTuner32.sys []
R3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtHDMI.sys [2008-11-12 3720832]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-06-17 83968]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S2 npkcrypt;npkcrypt; \??\D:\Games that are awesome ubah\Mabinogi\npkcrypt.sys []
S2 X4HSX32;X4HSX32; \??\D:\Games that are awesome ubah\GameTap\bin\Release\X4HSX32.Sys []
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2003-05-23 1171648]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-12-04 730956]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cdiskdun;cdiskdun; \??\C:\DOCUME~1\Jason\LOCALS~1\Temp\cdiskdun.sys []
S3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2003-07-02 186068]
S3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2003-07-02 493280]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-11-10 340704]
S3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2003-07-02 6144]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2003-07-02 136448]
S3 E1000;Intel® PRO/1000 Adapter Driver; C:\WINDOWS\System32\DRIVERS\e1000325.sys [2003-03-11 121344]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 EL90X;3Com EtherLink XL 90X Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xnd5.sys [2001-08-17 153631]
S3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2003-07-02 116416]
S3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\System32\drivers\ha10kx2k.sys [2003-07-02 819760]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2006-08-11 154112]
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2006-08-11 180224]
S3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
S3 hidgame;Microsoft Hid to Joystick Port Enabler; C:\WINDOWS\system32\DRIVERS\hidgame.sys [2001-08-17 8576]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-04-15 90907]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 NPDriver;Norton Unerase Protection Driver; \??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS []
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2003-04-04 30336]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-11-12 6188320]
S3 Or8139n5;Or8139n5; \??\C:\DOCUME~1\Jason\LOCALS~1\Temp\Or8139n5.sys []
S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2003-07-02 113840]
S3 PacketNTx;Packet helper driver; \??\C:\WINDOWS\system32\drivers\PacketNTx.sys []
S3 PciCon;PciCon; \??\E:\PciCon.sys []
S3 RadProbe;Radeon Probe Driver; C:\WINDOWS\system32\DRIVERS\RadProbe.sys []
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-06-13 45568]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 smrt;Sony MPEG RealTime encoder board; C:\WINDOWS\System32\DRIVERS\smrt.sys [2003-07-12 761472]
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-07-17 578752]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\System32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva016;XDva016; \??\C:\WINDOWS\system32\XDva016.sys []
S3 XDva025;XDva025; \??\C:\WINDOWS\system32\XDva025.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-10-28 585728]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-09 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
R2 npkcmsvc;npkcmsvc; D:\Games that are awesome ubah\Mabinogi\npkcmsvc.exe [2007-08-02 80528]
R2 NProtectService;Norton Unerase Protection; C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE [2002-08-14 135168]
R2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-07-25 66872]
R2 Speed Disk service;Speed Disk service; C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe [2002-08-14 172065]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-10-28 593920]
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-11-12 163908]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe -d -f C:\Program Files\WinPcap\rpcapd.ini []
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe [2003-04-18 65536]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-03-06 72704]

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 13 December 2008 - 05:51 AM

Hello, my name is fenzodahl512 and welcome to BC.. Please do the following...


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DO NOT mouseclick combofix's window while its running. That may cause it to stall




NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post these logs in your next reply..

1. ComboFix
2. A fresh HijackThis log
3. Attach GMER report


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 agentjayd007

agentjayd007
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 15 December 2008 - 02:44 AM

Heres all of it.

ComboFix 08-12-14.04 - Jason 2008-12-15 1:21:13.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2728 [GMT -6:00]
Running from: d:\netscape downloads\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jason\Application Data\RACLE~1
c:\documents and settings\Jason\My Documents\SMBOLS~1
c:\documents and settings\Jason\My Documents\WNSXS~1
c:\program files\Common Files\smante~1
c:\program files\Common Files\sstem~1
c:\program files\Common Files\wnsxs~1
c:\program files\mbols~1
c:\program files\Spyware Guard 2008
c:\program files\Spyware Guard 2008\conf.cfg
c:\program files\Spyware Guard 2008\mbase.vdb
c:\program files\Spyware Guard 2008\quarantine.vdb
c:\program files\Spyware Guard 2008\queue.vdb
c:\program files\Spyware Guard 2008\vbase.vdb
c:\windows\curity~1
c:\windows\fnts~1
c:\windows\fnts~2
c:\windows\reged.exe
c:\windows\scurit~1
c:\windows\smante~1
c:\windows\smbols~1
c:\windows\spoolsystem.exe
c:\windows\sys.com
c:\windows\syscert.exe
c:\windows\sysexplorer.exe
c:\windows\system32\asks~1
c:\windows\system32\curity~1
c:\windows\system32\dobe~1
c:\windows\system32\drivers\npf.sys
c:\windows\system32\fexmodqc.dll
c:\windows\system32\fNoYayay.ini
c:\windows\system32\mbols~1
c:\windows\system32\packet.dll
c:\windows\system32\ppatch~1
c:\windows\system32\pthreadVC.dll
c:\windows\system32\skjcanan.dll
c:\windows\system32\stem~1
c:\windows\system32\stem32~1
c:\windows\system32\TDSSpvvqlbba.dat
c:\windows\system32\ubdrhikv.dll
c:\windows\system32\wapisvtr.exe
c:\windows\system32\wjkfnpdw.dll
c:\windows\system32\wnsxs~1
c:\windows\system32\wpcap.dll
c:\windows\system32\xwrdimgx.dll
c:\windows\vmreg.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSUPDATE
-------\Legacy_NPF
-------\Legacy_TDSSSERV.SYS
-------\Legacy_WINDOWS_OVERLAY_COMPONENTS
-------\Service_NPF
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-11-15 to 2008-12-15 )))))))))))))))))))))))))))))))
.

2008-12-10 03:53 . 2008-12-10 03:53 <DIR> d-------- c:\program files\Common Files\DirectX
2008-12-10 03:47 . 2008-12-10 03:47 <DIR> d-------- C:\rsit
2008-12-10 03:47 . 2008-12-10 03:47 <DIR> d-------- c:\program files\trend micro
2008-12-10 00:52 . 2008-12-10 00:52 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-10 00:52 . 2008-12-10 00:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-10 00:52 . 2008-12-03 19:53 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-10 00:52 . 2008-12-03 19:53 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-10 00:45 . 2008-12-10 00:45 <DIR> d-------- c:\documents and settings\Jason\Application Data\Malwarebytes
2008-12-09 23:56 . 2008-12-09 23:56 1 --a------ c:\windows\system32\uniq.tll
2008-12-09 03:25 . 2008-12-14 10:46 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-09 03:25 . 2008-12-09 03:25 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-09 03:25 . 2008-12-09 03:25 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-09 03:16 . 2008-12-09 03:16 99,256 --a------ c:\windows\system32\drivers\av5flt.sys
2008-12-08 05:50 . 2008-12-08 05:50 585 --a------ C:\Spyware Guard 2008.lnk
2008-12-06 07:01 . 2008-12-07 08:33 8,627 --a------ c:\windows\system32\PAV_FOG.OPC
2008-12-06 05:08 . 2008-12-06 05:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Backup
2008-12-06 05:08 . 2003-10-22 18:23 446,464 --a------ c:\windows\system32\HHActiveX.dll
2008-12-06 05:08 . 2008-06-26 11:25 197,888 --a------ c:\windows\system32\drivers\neti1634.sys
2008-12-06 05:07 . 2008-12-06 05:07 <DIR> d-------- c:\documents and settings\Jason\Application Data\Panda Security
2008-12-06 05:07 . 2008-12-06 05:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Panda Security
2008-12-06 05:05 . 2008-12-09 21:22 <DIR> d-------- c:\program files\Common Files\Panda Security
2008-12-06 04:55 . 2008-12-06 04:55 148 --a------ c:\windows\AvDetected.ini
2008-12-03 23:05 . 2008-12-09 03:18 461 --a------ c:\windows\system32\win32hlp.cnf
2008-12-03 22:48 . 2008-12-09 23:56 1 --a------ c:\windows\system32\test.ttt
2008-11-29 05:27 . 2008-11-10 15:35 34,816 --a------ c:\windows\system32\RtkCoInstXP.dll
2008-11-29 05:22 . 2008-11-29 05:30 <DIR> d-------- c:\windows\NV40683500.TMP
2008-11-17 00:46 . 2008-12-04 16:03 <DIR> d-------- c:\documents and settings\Jason\Application Data\skypePM
2008-11-17 00:46 . 2008-11-17 00:46 48 --ah----- c:\windows\system32\ezsidmv.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-09 09:41 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-09 09:25 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-12-02 21:24 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-29 11:23 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-29 11:23 --------- d-----w c:\program files\AGEIA Technologies
2008-11-13 09:10 --------- d-----w c:\documents and settings\Jason\Application Data\MobMapUpdater
2008-11-12 20:54 6,188,320 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2008-11-12 16:29 3,720,832 ----a-w c:\windows\system32\drivers\RtHDMI.sys
2008-11-11 23:21 4,946,944 ----a-w c:\windows\system32\drivers\RtkHDAud.sys
2008-11-07 22:40 17,421,824 ----a-w c:\windows\RTHDCPL.EXE
2008-11-06 06:34 --------- d-----w c:\documents and settings\All Users\Application Data\ATI
2008-11-06 06:29 --------- d-----w c:\program files\ATI Technologies
2008-11-06 06:29 --------- d-----w c:\program files\ATI
2008-11-03 18:39 --------- dc-h--w c:\documents and settings\All Users\Application Data\{C2278D61-978F-4EB3-A8F3-E90811A93014}
2008-11-03 18:39 --------- d-----w c:\program files\iXi Tools
2008-11-03 18:37 --------- d-----w c:\program files\SystemRequirementsLab
2008-10-30 02:53 --------- d-----w c:\program files\MSECache
2008-10-29 03:10 3,341,824 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2008-10-29 01:18 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2008-10-27 18:35 --------- d-----w c:\documents and settings\Jason\Application Data\SystemRequirementsLab
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-17 06:05 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2008-09-30 22:38 2,168,320 ----a-w c:\windows\MicCal.exe
2008-09-19 23:48 1,200,128 ----a-w c:\windows\RtlUpd.exe
2008-09-19 23:48 1,200,128 ----a-w c:\windows\RtkUpd.exe
2008-07-26 02:10 22,328 ----a-w c:\documents and settings\Jason\Application Data\PnkBstrK.sys
2008-06-29 09:25 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2006-07-13 21:44 156,273 ----a-w c:\documents and settings\Jason\Application Data\FNTCACHE.BIN
2006-02-07 03:31 774,144 -c--a-w c:\program files\RngInterstitial.dll
2005-08-30 19:54 280,064 -c--a-w c:\documents and settings\Jason\Application Data\tizhook.bin
1992-10-08 06:16 2,025 -c--a-w c:\documents and settings\Jason\README.COM
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Yahoo! Pager"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"DriverUpdaterPro"="c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe" [2008-11-03 2539008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="c:\windows\system32\ezSP_Px.exe" [2002-08-20 40960]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-15 180269]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2008-03-30 267048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.11\RivaTuner.exe" [2008-09-16 2715648]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2007-10-04 307200]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-09 1261336]
"CTHelper"="CTHELPER.EXE" [2003-07-02 c:\windows\system32\cthelper.exe]
"CtxfiReg"="CTXFIREG.EXE" [2006-08-11 c:\windows\system32\CTXFIREG.EXE]
"AsioReg"="CTASIO.DLL" [2003-07-02 c:\windows\system32\ctasio.dll]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 c:\windows\system32\CTXFIHLP.EXE]
"nwiz"="nwiz.exe" [2008-11-12 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-07 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMidi"="MIDIDEF.EXE" [2003-07-02 c:\windows\mididef.exe]

c:\documents and settings\Jason\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-05-15 479232]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jason^Start Menu^Programs^Startup^Z_Start.lnk]
path=c:\documents and settings\Jason\Start Menu\Programs\Startup\Z_Start.lnk
backup=c:\windows\pss\Z_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bvj]
c:\program files\Common Files\S?mantec\javaw.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2005-06-02 00:34 67160 c:\program files\AIM95\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-03-25 14:21 50528 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtcMouseMaestro]
--------- 2005-11-09 17:18 286720 c:\program files\MMaestro\Kmaestro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 18:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
--a------ 2002-08-20 11:29 40960 c:\windows\system32\ezSP_Px.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2003-04-07 01:07 114688 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 01:41 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2003-04-07 01:19 155648 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 09:36 267048 d:\itunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 11:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-11-12 14:54 13672448 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-11-12 14:54 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 22:37 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-08-15 23:36 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
--a--c--- 2003-04-19 23:08 28672 c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
--a------ 2007-01-04 15:38 112336 c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 16:43 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZTgServerSwitch]
--a--c--- 2003-06-23 18:32 1409024 c:\program files\support.com\client\bin\tgcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2003-05-23 11:43 88363 c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2003-07-02 18:51 28672 c:\windows\system32\cthelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-08-11 13:56 18944 c:\windows\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-11-12 14:54 1630208 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\AIM95\\aim.exe"=
"d:\\Games that are awesome ubah\\Warcraft III\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"d:\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32"=
"d:\\Netscape\\netscape.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\iTunes\\iTunes.exe"=
"d:\\AIM95\\aim.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\Games that are awesome ubah\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\WINDOWS\\system32\\cmd.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Program Files\\Common Files\\Nikon\\Monitor\\NkMonitor.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:RSP
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"11000:TCP"= 11000:TCP:Auth Server
"10000:UDP"= 10000:UDP:Margin Server
"1100:TCP"= 1100:TCP:Matrix
"41897:TCP"= 41897:TCP:null

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-09 97928]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-09 231704]
R2 IOPort;IOPort;\??\c:\windows\system32\DRIVERS\IOPORT.SYS [1998-11-27 6144]
R2 NProtectService;Norton Unerase Protection;c:\program files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE [2003-11-30 135168]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-10-15 24652]
S3 cdiskdun;cdiskdun;\??\c:\docume~1\Jason\LOCALS~1\Temp\cdiskdun.sys []
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [2007-03-30 96256]
S3 Or8139n5;Or8139n5;\??\c:\docume~1\Jason\LOCALS~1\Temp\Or8139n5.sys []
S3 PacketNTx;Packet helper driver;\??\c:\windows\system32\drivers\PacketNTx.sys [2004-06-24 24544]
S3 PciCon;PciCon;\??\E:\PciCon.sys []
S3 XDva016;XDva016;\??\c:\windows\system32\XDva016.sys []
S3 XDva025;XDva025;\??\c:\windows\system32\XDva025.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-12-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []

2008-03-08 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- d:\spybot\Spybot - Search & Destroy\SpybotSD.exe [2004-05-12 01:03]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{3255322B-ABCC-B053-90DC-F48AAAA1FFC3} - (no file)
URLSearchHooks-{A1C0A011-6DA6-203B-F7D8-611333DF6996} - (no file)
URLSearchHooks-{7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
BHO-{4B4FBE25-6F18-498A-840D-2E386BA28FF4} - c:\windows\system32\yayaYoNf.dll
BHO-{BBC6AA66-15A3-4EA0-AF37-B2595D65269F} - c:\windows\system32\geBqQJDW.dll
Toolbar-{7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
WebBrowser-{7C5C0F58-E061-457D-9033-77307F5ED00C} - (no file)
HKCU-Run-Aim6 - (no file)
HKU-Default-Run-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe
Notify-avldr - avldr.dll
Notify-xxyyxyXq - xxyyxyXq.dll
SafeBoot-PskSvcRetail
MSConfigStartUp-2322852 - c:\progra~1\2322852\2322852.exe
MSConfigStartUp-ATICCC - c:\program files\ATI Technologies\ATI.ACE\cli.exe
MSConfigStartUp-ATIPTA - c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
MSConfigStartUp-CMMan - c:\program files\CMMan\CMMan.exe
MSConfigStartUp-CU1 - c:\program files\Common Files\VCClient\VCClient.exe
MSConfigStartUp-CU2 - c:\program files\Common Files\VCClient\VCMain.exe
MSConfigStartUp-FCHelp - c:\program files\FCHelp\FCHelp.exe
MSConfigStartUp-gcasServ - d:\microsoft beta spyware thingy\gcasServ.exe
MSConfigStartUp-Iinl - c:\docume~1\Jason\MYDOCU~1\WNSXS~1\userinit.exe
MSConfigStartUp-Microsoft Works Update Detection - c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
MSConfigStartUp-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe
MSConfigStartUp-OM2_Monitor - c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
MSConfigStartUp-OSS - c:\windows\rlvknlg.exe
MSConfigStartUp-snss Launcher - c:\program files\snss\snss.exe
MSConfigStartUp-Steam - d:\games that are awesome ubah\Orange Box\Steam.exe
MSConfigStartUp-sws - c:\program files\GlobalDialer\domer00075\gd-dial.exe
MSConfigStartUp-Symantec NetDriver Monitor - c:\progra~1\SYMNET~1\SNDMon.exe
MSConfigStartUp-TizzleTalk - d:\tizzletalk\TizzleTalk.exe
MSConfigStartUp-WeatherDPA - c:\program files\Zango\bin\10.3.36.0\Weather.exe
MSConfigStartUp-ZangoOE - c:\program files\Zango\bin\10.3.36.0\OEAddOn.exe
MSConfigStartUp-ZangoSA - c:\program files\Zango\bin\10.3.36.0\ZangoSA.exe
MSConfigStartUp-{63-3C-C0-07-ZN} - c:\windows\system32\rkdsregp.exe
MSConfigStartUp-09080C0E0F0A09 - D3D2D6D8D9D4.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - d:\word\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
LSP: 255x01,4

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\default.vnr\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www.gamefaqs.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npagent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npclntax_ZangoSA.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npImgCtl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
FF - plugin: d:\divx\DivX Content Uploader\npUpload.dll
FF - plugin: d:\divx\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\divx\DivX Web Player\npdivx32.dll
FF - plugin: d:\itunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\reader\Reader\browser\nppdf32.dll
FF - plugin: d:\real\Netscape6\nppl3260.dll
FF - plugin: d:\real\Netscape6\nprjplug.dll
FF - plugin: d:\real\Netscape6\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 01:24:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\windows\system32\Ati2evxx.dll
c:\program files\Stardock\Object Desktop\ThemeManager\fastload.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
d:\games that are awesome ubah\Mabinogi\npkcmsvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\progra~1\NORTON~3\SPEEDD~1\NOPDB.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2008-12-15 1:31:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-15 07:31:02

Pre-Run: 1,948,139,520 bytes free
Post-Run: 1,979,072,512 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect

417 --- E O F --- 2008-11-13 09:08:32


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:43:16 AM, on 12/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
D:\Games that are awesome ubah\Mabinogi\npkcmsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
D:\iTunes\iTunesHelper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Winrar\WinRAR.exe
C:\DOCUME~1\Jason\LOCALS~1\Temp\Rar$EX00.015\gmer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.gamefaqs.com/"); (C:\Documents and Settings\JASON\Application Data\Mozilla\Profiles\default\bwktux4g.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\JASON\Application Data\Mozilla\Profiles\default\bwktux4g.slt\prefs.js)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CtxfiReg] CTXFIREG.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32 /S CTASIO.DLL
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.11\RivaTuner.exe" /S
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Startup: Nikon Monitor.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Word\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Word\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Broken Internet access because of LSP provider '25,5x4' missing
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - D:\Games that are awesome ubah\Mabinogi\npkcmsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11378 bytes

Attached Files



#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 15 December 2008 - 03:37 AM

Uninstall Viewpoint from your computer..


Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :services
    cdiskdun
    Or8139n5
    
    :files
    c:\windows\system32\uniq.tll
    C:\Spyware Guard 2008.lnk
    c:\windows\system32\PAV_FOG.OPC
    c:\windows\AvDetected.ini
    c:\windows\system32\win32hlp.cnf
    c:\windows\system32\test.ttt
    c:\documents and settings\Jason\README.COM
    c:\documents and settings\Jason\Application Data\tizhook.bin
    c:\program files\Common Files\S?mantec /u
    
    :reg
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bvj]
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



------------------------


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



Run RSIT again.. post these logs in your next reply...

1. OTMoveIt3
2. Malwarebytes'
3. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:50 PM

Posted 23 December 2008 - 02:03 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users