Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Tab Popups in Mozilla


  • This topic is locked This topic is locked
15 replies to this topic

#1 dave0192

dave0192

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 30 December 2008 - 02:05 AM

I think its completely random, but while im surfing the net, tabs keep popping up and in the bottom left corner where it says loading or looking up it says an IP I dont know.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:51 AM, on 12/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI\Catalyst Media Center\CMCService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: copyright © 1993-1999 microsoft corp.
O1 - Hosts: this is a sample hosts file used by microsoft tcp/ip for windows.
O1 - Hosts: this file contains the mappings of ip addresses to host names. each
O1 - Hosts: entry should be kept on an individual line. the ip address should
O1 - Hosts: be placed in the first column followed by the corresponding host name.
O1 - Hosts: the ip address and the host name should be separated by at least one
O1 - Hosts: space.
O1 - Hosts: additionally, comments (such as these) may be inserted on individual
O1 - Hosts: lines or following the machine name denoted by a '
O1 - Hosts: for example:
O1 - Hosts: 102.54.94.97 rhino.acme.com
O1 - Hosts: 38.25.63.10 x.acme.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: CPrintEnhancer Object - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: (no name) - {bde34c33-6085-4ff1-90be-ca3ad88538d7} - (no file)
O2 - BHO: {12ffd137-6206-fc0b-04f4-e6eaa477719d} - {d917774a-ae6e-4f40-b0cf-6026731dff21} - C:\WINDOWS\system32\ndweqn.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CMCService] "C:\Program Files\ATI\Catalyst Media Center\CMCService.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE /A "C:\WINDOWS\system32\E_S6B3.tmp"
O4 - HKUS\S-1-5-19\..\Run: [rirawapola] Rundll32.exe "C:\WINDOWS\system32\pidagimu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [rirawapola] Rundll32.exe "C:\WINDOWS\system32\pidagimu.dll",s (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.brainfuse.com (HKLM)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - file://E:\awswaxd.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: rdjryw.dll,C:\WINDOWS\system32\vijibidi.dll,c:\windows\system32\juwefisi.dll,ndweqn.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7220 bytes

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 05 January 2009 - 06:19 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 dave0192

dave0192
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 05 January 2009 - 07:49 PM

MalwareBytes

Malwarebytes' Anti-Malware 1.32
Database version: 1619
Windows 5.1.2600 Service Pack 3

1/5/2009 4:18:57 PM
mbam-log-2009-01-05 (16-18-57).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 136727
Time elapsed: 38 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\LESLEY WATKINS\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LESLEY WATKINS\Application Data\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\LESLEY WATKINS\Application Data\GetModule\ofadik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LESLEY WATKINS\Application Data\GetModule\kwdik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LESLEY WATKINS\Application Data\GetModule\dicik.gz (Trojan.Agent) -> Quarantined and deleted successfully.

#4 dave0192

dave0192
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 05 January 2009 - 07:51 PM

Random System Information Tool Log

Logfile of random's system information tool 1.05 (written by random/random)
Run by LESLEY WATKINS at 2009-01-05 18:44:01
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 18 GB (41%) free of 45 GB
Total RAM: 1014 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:44:19 PM, on 1/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\ATI\Catalyst Media Center\CMCService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\LESLEY WATKINS\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\LESLEY WATKINS.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: copyright © 1993-1999 microsoft corp.
O1 - Hosts: this is a sample hosts file used by microsoft tcp/ip for windows.
O1 - Hosts: this file contains the mappings of ip addresses to host names. each
O1 - Hosts: entry should be kept on an individual line. the ip address should
O1 - Hosts: be placed in the first column followed by the corresponding host name.
O1 - Hosts: the ip address and the host name should be separated by at least one
O1 - Hosts: space.
O1 - Hosts: additionally, comments (such as these) may be inserted on individual
O1 - Hosts: lines or following the machine name denoted by a '
O1 - Hosts: for example:
O1 - Hosts: 102.54.94.97 rhino.acme.com
O1 - Hosts: 38.25.63.10 x.acme.com
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: CPrintEnhancer Object - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: (no name) - {bde34c33-6085-4ff1-90be-ca3ad88538d7} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE /A "C:\WINDOWS\system32\E_S6B3.tmp"
O4 - HKUS\S-1-5-19\..\Run: [rirawapola] Rundll32.exe "C:\WINDOWS\system32\pidagimu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [rirawapola] Rundll32.exe "C:\WINDOWS\system32\pidagimu.dll",s (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.brainfuse.com (HKLM)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - file://E:\awswaxd.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: rdjryw.dll,C:\WINDOWS\system32\vijibidi.dll,c:\windows\system32\juwefisi.dll,ndweqn.dll,avgrsstx.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6526 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Low Battery Alarm Program.job
C:\WINDOWS\tasks\jbjzgxlp.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2007-12-07 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-30 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE84A6AA-A333-4B92-B276-C11E2212E4FE}]
CPrintEnhancer Object - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll [2006-12-15 599472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bde34c33-6085-4ff1-90be-ca3ad88538d7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-01 1261336]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 169984]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-01-04 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus C62 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE [2002-04-10 74240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\320d18a1]
C:\WINDOWS\system32\tnldttkg.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePower Management]
C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe [2005-11-18 3079680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADMTray.exe]
C:\Acer\Empowering Technology\admtray.exe [2005-10-24 2462208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AidMakerDaemon]
C:\Program Files\AidMaker\aidmaker.exe [2008-11-15 382808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe /d locale=en-US ee://aol/imApp []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe /automount []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-01 1261336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY.exe [2005-11-11 1236992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMCService]
C:\Program Files\ATI\Catalyst Media Center\CMCService.exe [2008-06-05 172032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPM313e2b3d]
c:\windows\system32\juwefisi.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2005-10-19 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2005-12-13 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C62 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE [2002-04-10 74240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
C:\Acer\Empowering Technology\eRecovery\Monitor.exe [2005-11-16 397312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1156297513\ee\AOLSoftware.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-26 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\PROGRA~1\LAUNCH~1\LManager.exe [2005-11-24 589824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphcv1cj0er1q]
C:\WINDOWS\system32\lphcv1cj0er1q.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\manager]
C:\Windows\System32\drivers\setup\manager.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe [2004-08-06 139320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Plugin]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe [2003-10-07 147514]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rirawapola]
C:\WINDOWS\system32\pidagimu.dll []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2008-12-26 18081280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-08-18 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2007-11-20 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhcr1cj0er1q]
C:\Program Files\rhcr1cj0er1q\rhcr1cj0er1q.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-01-28 2097488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVCHOST.EXE]
C:\WINDOWS\system32\drivers\svchost.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-07-20 729177]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-12-07 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LOGITE~1.EXE [2007-03-26 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2
"Viewpoint Manager Service"=2
"UStorage Server Service"=2
"S24EventMonitor"=2
"RegSrvc"=2
"ose"=3
"MDM"=2
"McTaskManager"=2
"McShield"=3
"McAfeeFramework"=2
"iPod Service"=3
"IDriverT"=3
"EvtEng"=2
"AWService"=2
"Apple Mobile Device"=2
"MyWebSearchService"=2
"Bonjour Service"=2
"LxrSII1s"=2
"CyberLink Media Library Service"=2
"CLSched"=2
"CLCapSvc"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="rdjryw.dll,C:\WINDOWS\system32\vijibidi.dll,c:\windows\system32\juwefisi.dll,ndweqn.dll,avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2008-12-30 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\vijibidi.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Reserved]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Reserved]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 3 months======

2009-01-05 18:44:01 ----D---- C:\rsit
2009-01-04 23:11:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.TMP
2009-01-04 23:06:52 ----SHD---- C:\FOUND.000
2009-01-03 19:20:05 ----A---- C:\WINDOWS\RTHDCPL.EXE
2009-01-03 19:20:04 ----A---- C:\WINDOWS\Alcmtr.exe
2009-01-03 01:05:55 ----A---- C:\WINDOWS\vncutil64.exe
2009-01-03 01:05:54 ----A---- C:\WINDOWS\RtlUpd64.exe
2009-01-03 01:05:52 ----A---- C:\WINDOWS\RtlCPAPI.dll
2009-01-03 01:05:49 ----A---- C:\WINDOWS\RtkCoInstXP.dll
2009-01-03 01:05:49 ----A---- C:\WINDOWS\RtkAudioService64.exe
2009-01-03 01:05:46 ----A---- C:\WINDOWS\RTCOMDLL.dll
2009-01-03 01:05:46 ----A---- C:\WINDOWS\RCoInst64XP.dll
2009-01-03 01:05:44 ----A---- C:\WINDOWS\CPLUtl64.exe
2009-01-03 00:57:15 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\Uniblue
2009-01-03 00:57:15 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner
2009-01-02 00:52:42 ----A---- C:\WINDOWS\vncutil.exe
2009-01-02 00:52:40 ----A---- C:\WINDOWS\system32\RtkCoInstXP.dll
2009-01-02 00:52:40 ----A---- C:\WINDOWS\RtkAudioService.exe
2008-12-31 00:24:10 ----D---- C:\WINDOWS\048298C9A4D3490B9FF9AB023A9238F3.TMP
2008-12-30 16:02:58 ----D---- C:\Program Files\Trend Micro
2008-12-30 16:02:48 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-30 16:02:32 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-12-30 16:02:19 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2008-12-30 16:01:58 ----D---- C:\Program Files\Common Files\ATI Technologies
2008-12-30 16:01:58 ----D---- C:\Program Files\ATI Technologies
2008-12-30 16:01:57 ----SHD---- C:\WINDOWS\ftpcache
2008-12-30 02:02:09 ----A---- C:\WINDOWS\_delis32.ini
2008-12-30 00:40:01 ----D---- C:\Program Files\iTunes
2008-12-30 00:39:22 ----D---- C:\Program Files\Bonjour
2008-12-30 00:38:45 ----D---- C:\Program Files\QuickTime
2008-12-25 18:22:25 ----A---- C:\WINDOWS\system32\LxrSII1s.exe
2008-12-25 18:22:25 ----A---- C:\WINDOWS\system32\LxrSII1.dll
2008-12-25 15:22:31 ----A---- C:\WINDOWS\system32\msxml4a.dll
2008-12-25 15:21:49 ----D---- C:\WINDOWS\RegisteredPackages
2008-12-25 15:20:38 ----D---- C:\Program Files\ATI
2008-12-25 15:13:58 ----A---- C:\WINDOWS\system32\PsisDecd.dll
2008-12-25 00:23:59 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-25 00:23:45 ----D---- C:\Program Files\AVG
2008-12-24 15:05:56 ----A---- C:\WINDOWS\system32\392edcdf-.txt
2008-12-19 15:36:41 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\ImTOO Software Studio
2008-12-17 00:36:39 ----A---- C:\regdump.arm9.txt
2008-12-17 00:00:13 ----D---- C:\Program Files\eMule
2008-12-14 11:37:09 ----A---- C:\VundoFix.txt
2008-12-14 10:36:46 ----HD---- C:\$AVG8.VAULT$
2008-12-14 10:33:09 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-14 10:25:22 ----SH---- C:\WINDOWS\system32\ejomodez.ini
2008-12-13 19:07:30 ----SH---- C:\WINDOWS\system32\oridofod.ini
2008-12-13 18:20:59 ----SH---- C:\WINDOWS\system32\rrccwcab.ini
2008-12-12 15:43:54 ----HD---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 15:42:10 ----HD---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 15:42:07 ----HD---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 15:42:01 ----HD---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-11 14:37:44 ----A---- C:\WINDOWS\system32\xfcodec.dll
2008-12-09 23:36:42 ----D---- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-12-09 23:36:01 ----D---- C:\Program Files\Common Files\iS3
2008-12-09 23:36:01 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-12-07 23:30:05 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\Snapfish
2008-11-29 17:49:48 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\Google
2008-11-29 17:47:43 ----D---- C:\Program Files\Google
2008-11-23 21:11:40 ----D---- C:\Program Files\Microsoft Silverlight
2008-11-18 21:46:16 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\Xfire
2008-11-18 21:46:13 ----D---- C:\Program Files\Xfire
2008-11-15 14:24:06 ----D---- C:\WINDOWS\system32\Adobe
2008-11-15 01:02:41 ----D---- C:\WINDOWS\AidMaker
2008-11-15 01:02:41 ----D---- C:\Program Files\AidMaker
2008-11-12 03:00:52 ----HD---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 03:00:48 ----HD---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 03:00:37 ----HD---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-09 16:38:46 ----D---- C:\Program Files\BrainfuseQuickConnect
2008-10-26 21:59:17 ----D---- C:\Program Files\Siber Systems
2008-10-26 21:58:47 ----D---- C:\Program Files\uTorrent
2008-10-26 21:58:45 ----D---- C:\Program Files\Guitar Pro 5
2008-10-26 21:58:44 ----D---- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-10-26 21:58:41 ----D---- C:\Program Files\Common Files\NewTech Infosystems
2008-10-26 21:58:33 ----D---- C:\Program Files\SanDisk
2008-10-26 21:58:32 ----D---- C:\Program Files\Electronic Arts
2008-10-26 21:58:31 ----D---- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-10-26 21:58:31 ----D---- C:\Program Files\SmartFTP Client
2008-10-26 21:58:29 ----D---- C:\Program Files\Viewpoint
2008-10-26 21:58:29 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\Viewpoint
2008-10-26 21:58:23 ----D---- C:\WINDOWS\system32\FxsTmp
2008-10-26 21:58:22 ----HD---- C:\WINDOWS\$NtUninstallKB929399$
2008-10-26 21:58:19 ----HD---- C:\Documents and Settings\LESLEY WATKINS\Application Data\Move Networks
2008-10-26 21:58:19 ----D---- C:\WINDOWS\SxsCaPendDel
2008-10-26 21:58:19 ----D---- C:\WINDOWS\Sun
2008-10-26 21:58:19 ----D---- C:\WINDOWS\MUI
2008-10-26 21:58:19 ----D---- C:\WINDOWS\msapps
2008-10-26 21:58:19 ----D---- C:\WINDOWS\Minidump
2008-10-26 21:58:19 ----D---- C:\WINDOWS\Connection Wizard
2008-10-26 21:58:19 ----D---- C:\WINDOWS\Config
2008-10-26 21:58:19 ----D---- C:\Program Files\Windows Media Connect 2
2008-10-26 21:58:19 ----D---- C:\Program Files\NewTech Infosystems
2008-10-26 21:58:19 ----D---- C:\Program Files\MSXML 4.0
2008-10-26 21:58:19 ----D---- C:\Program Files\MSN
2008-10-26 21:58:19 ----D---- C:\Program Files\Lavasoft
2008-10-26 21:58:19 ----D---- C:\Program Files\ComPlus Applications
2008-10-26 21:58:19 ----D---- C:\Program Files\Apple Software Update
2008-10-26 21:58:19 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\WinRAR
2008-10-26 21:58:19 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\Symantec
2008-10-26 21:58:19 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\SmartFTP
2008-10-26 21:58:19 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\OnReally
2008-10-26 21:58:19 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\Nero
2008-10-26 21:58:19 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\NCH Swift Sound
2008-10-26 21:58:19 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\Media Player Classic
2008-10-26 21:58:19 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\Image Zone Express
2008-10-26 21:58:19 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\Identities
2008-10-26 21:58:19 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\Help
2008-10-26 21:58:19 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\Hamachi
2008-10-26 21:58:19 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\GetRightToGo
2008-10-26 21:58:19 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\CiscoCAA
2008-10-26 21:58:19 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\AdobeUM
2008-10-26 21:58:19 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-10-26 21:58:18 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\teamspeak2
2008-10-26 21:58:18 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\FrostWire
2008-10-26 21:58:18 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\FotoWire
2008-10-26 21:58:18 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\Aim
2008-10-26 21:58:18 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\acccore
2008-10-26 21:58:17 ----D---- C:\Program Files\Online Services
2008-10-26 21:58:17 ----D---- C:\Program Files\Microsoft.NET
2008-10-26 21:58:16 ----D---- C:\Program Files\Norton AntiVirus
2008-10-26 21:58:16 ----D---- C:\Program Files\Microsoft Visual Studio
2008-10-26 21:58:16 ----D---- C:\Program Files\directx
2008-10-26 21:58:16 ----D---- C:\Program Files\DIFX
2008-10-26 21:58:16 ----D---- C:\Program Files\CONEXANT
2008-10-26 21:58:16 ----D---- C:\Program Files\BitLord
2008-10-26 21:58:15 ----D---- C:\Program Files\WinPCap
2008-10-26 21:58:15 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-26 21:58:15 ----D---- C:\Program Files\Power Tab Software
2008-10-26 21:58:15 ----D---- C:\Program Files\NCH Swift Sound
2008-10-26 21:58:15 ----D---- C:\Program Files\MSXML 6.0
2008-10-26 21:58:15 ----D---- C:\Program Files\Microsoft ActiveSync
2008-10-26 21:58:15 ----D---- C:\Program Files\Messenger
2008-10-26 21:58:15 ----D---- C:\Program Files\DivX
2008-10-26 21:58:15 ----D---- C:\Program Files\Alcohol Soft
2008-10-25 23:03:40 ----D---- C:\Documents and Settings\All Users\Application Data\NexonUS
2008-10-23 22:44:20 ----HD---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-20 21:24:40 ----HD---- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-10-20 21:24:38 ----A---- C:\WINDOWS\system32\CNMLM97.DLL
2008-10-20 17:31:07 ----D---- C:\Documents and Settings\All Users\Application Data\RoboForm
2008-10-19 15:43:15 ----HD---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-19 15:43:11 ----HD---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-19 15:43:08 ----HD---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-19 15:42:36 ----HD---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-19 15:42:10 ----HD---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-11 14:35:56 ----A---- C:\DVDPATH.TXT
2008-10-09 15:48:59 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\uTorrent
2008-10-09 15:48:22 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\CyberLink
2008-10-09 15:48:04 ----D---- C:\Config.Msi

======List of files/folders modified in the last 3 months======

2009-01-05 15:13:14 ----RASH---- C:\boot.ini
2009-01-05 15:13:14 ----A---- C:\WINDOWS\win.ini
2009-01-05 15:13:14 ----A---- C:\WINDOWS\system.ini
2009-01-05 15:10:56 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2009-01-04 23:03:16 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-01-04 23:00:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-13 00:40:02 ----A---- C:\WINDOWS\system32\MSHTML.DLL
2008-10-23 06:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 04:07:00 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-16 14:38:40 ----N---- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 14:38:40 ----N---- C:\WINDOWS\system32\occache.dll
2008-10-16 14:38:40 ----N---- C:\WINDOWS\system32\mstime.dll
2008-10-16 14:38:40 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-16 14:38:40 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-10-16 14:38:40 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-16 14:38:40 ----A---- C:\WINDOWS\system32\url.dll
2008-10-16 14:38:38 ----N---- C:\WINDOWS\system32\msrating.dll
2008-10-16 14:38:38 ----N---- C:\WINDOWS\system32\iernonce.dll
2008-10-16 14:38:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 14:38:38 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 14:38:38 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-10-16 14:38:38 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 14:38:38 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-10-16 14:38:38 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-16 14:38:36 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2008-10-16 14:38:36 ----N---- C:\WINDOWS\system32\ieaksie.dll
2008-10-16 14:38:36 ----N---- C:\WINDOWS\system32\ieakeng.dll
2008-10-16 14:38:36 ----N---- C:\WINDOWS\system32\extmgr.dll
2008-10-16 14:38:36 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-10-16 14:38:36 ----A---- C:\WINDOWS\system32\icardie.dll
2008-10-16 14:38:34 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 14:38:34 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 14:38:34 ----A---- C:\WINDOWS\system32\advpack.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 07:11:10 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2008-10-16 07:11:10 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\NETAPI32.DLL
2008-10-15 01:04:54 ----N---- C:\WINDOWS\system32\ieakui.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-30 98440]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-30 26824]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-12-30 90632]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2004-12-23 58464]
R1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys []
R1 OsaFsLoc;OsaFsLoc; \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-02-27 21275]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 LxrSII1d;Secure II Driver; \??\C:\WINDOWS\system32\Drivers\LxrSII1d.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 osaio;osaio; \??\C:\WINDOWS\system32\drivers\osaio.sys []
R2 osanbm;osanbm; \??\C:\WINDOWS\system32\drivers\osanbm.sys []
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 40832]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 16896]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 998656]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-10-24 218496]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-01-17 6144]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-07-20 190592]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-04 1429632]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-10-18 721280]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 ATIAVPCI;ATI Unified AVStream service; C:\WINDOWS\system32\DRIVERS\atinavrr.sys [2008-05-08 752768]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-10-31 45312]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2006-07-20 223128]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2005-11-17 60928]
S3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys []
S3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2005-11-17 37888]
S3 ESMCR;ESMCR; C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2005-11-17 74624]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-12-26 4968448]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2004-12-23 108480]
S3 NdisFilt;OSA NdisFilter Protocol; C:\WINDOWS\System32\Drivers\NdisFilt.sys [2005-09-13 4392]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NETMNT;Acer NetMonitor Protocol; C:\WINDOWS\system32\DRIVERS\NETMNT.sys [2005-05-02 9600]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-03 32512]
S3 npkcrypt;npkcrypt; \??\D:\Lineage2\system\npkcrypt.sys []
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2005-01-31 211712]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2005-10-31 46080]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wg111nd5;NETGEAR WG111 802.11g Wireless USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\wg111nd5.sys [2004-03-03 339776]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-30 874776]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-30 231704]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-11-11 18944]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-03 86016]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
S4 AWService;AdminWorks Agent X6; C:\Acer\Empowering Technology\admServ.exe [2005-10-24 1314816]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S4 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe [2008-06-05 262246]
S4 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe [2008-06-05 110692]
S4 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe [2008-06-05 1073152]
S4 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S4 LxrSII1s;Lexar Secure II; C:\WINDOWS\system32\LxrSII1s.exe [2007-03-07 49152]
S4 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2004-08-06 102463]
S4 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\mcshield.exe [2004-08-18 221191]
S4 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\vstskmgr.exe [2004-08-18 28672]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S4 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe []
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
S4 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
S4 UStorage Server Service;UStorage Server Service; C:\WINDOWS\system32\UStorSrv.exe [2006-02-17 139264]
S4 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

-----------------EOF-----------------

#5 dave0192

dave0192
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 05 January 2009 - 07:53 PM

Random System Information Tool Info

info.txt logfile of random's system information tool 1.05 2009-01-05 18:44:22

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer eDataSecurity Management 1.00.23-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E431C518-2EE2-471E-9234-BE995C36D513}\setup.exe" -l0x9 -removeonly
Acer eLock Management-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}
Acer Empowering Technology framework-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{15B70821-7893-4607-805A-BB80F3EA8279}
Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\Setup.exe" -l0x9
Acer ePerformance Management-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{DEE08946-40F0-4890-853E-60A6C3306041}
Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x9
Acer ePresentation Management-->C:\WINDOWS\UnInst32.exe AcerePrj.UNI
Acer eSettings Management-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}
Acer GridVista-->C:\WINDOWS\UnInst32.exe GridV.UNI
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0684EECC-380C-4B97-8C51-5BDB9E4D679C}\setup.exe" -l0x9
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI AVIVO Codecs-->MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
AVG 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Broadcom 802.11 Network Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter"
Catalyst Media Center DVD Authoring Module-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC4F90EC-B1DA-11D9-9D77-000129760D75}\setup.exe" -uninstall
Catalyst Media Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_1025007F\HXFSETUP.EXE -U -IWstAzlK.inf
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet 3900 series-->C:\Program Files\HP\Digital Imaging\{3819891A-030B-4a4e-98ED-B28A649E48AB}\setup\hpzscr01.exe -datfile hpfscr05.dat
HP Deskjet 8.0 Software-->C:\Program Files\HP\Digital Imaging\{58535A90-1788-44f5-80BB-CFF62D9CE6D5}\setup\hpzscr01.exe -datfile hphscr13.dat -showdisconnect -forcereboot
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Smart Web Printing 1.0-->MsiExec.exe /X{E3030F57-9E6B-4E36-95B6-F7B4DBDEB8FB}
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Launch Manager-->C:\WINDOWS\UnInst32.exe LManager.UNI
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech Print Service-->C:\PROGRA~1\LOGITECH\PRINTS~1\UNWISE.EXE C:\PROGRA~1\LOGITECH\PRINTS~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee VirusScan Enterprise-->MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Network Play System (Patching)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
NTI Backup NOW! 4-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1033 BUN4
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\SETUP.EXE" -uninstall
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SmartFTP Client 3.0 Setup Files (remove only)-->C:\Program Files\SmartFTP Client 3.0 Setup Files\uninst-sftp.exe
SmartFTP Client-->MsiExec.exe /I{6F23C1A3-9F62-470C-BD12-B83F04E67865}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The Sims Complete Collection-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F2527115-B8BF-4FDB-B5DA-5AADFB7C13E1}\setup.exe" -l0x9 -l0009
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WavePad Uninstall-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
WebCam for MSN Messenger-->Rundll32.exe setupapi,InstallHinfSection DefaultUnInstall 128 C:\WINDOWS\INF\Athena.inf
Windows Driver Package - Intel (w29n51) net (09/12/2005 9.0.3.9)-->C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\w29n51_B4DB085D140C6265DCA5E78CC26122444CD2D577\w29n51.inf
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\YAHOO!\Common\YINSTH~1.DLL

======Hosts File======

copyright © 1993-1999 microsoft corp.
this is a sample hosts file used by microsoft tcp/ip for windows.
this file contains the mappings of ip addresses to host names. each
entry should be kept on an individual line. the ip address should
be placed in the first column followed by the corresponding host name.
the ip address and the host name should be separated by at least one
space.
additionally, comments (such as these) may be inserted on individual
lines or following the machine name denoted by a '
for example:

======Security center information======

AV: AVG Anti-Virus

System event log

Computer Name: LESLEYSLAPTOP
Event Code: 7036
Message: The Remote Access Connection Manager service entered the running state.

Record Number: 31839
Source Name: Service Control Manager
Time Written: 20081204165515.000000-360
Event Type: information
User:

Computer Name: LESLEYSLAPTOP
Event Code: 7035
Message: The Remote Access Connection Manager service was successfully sent a start control.

Record Number: 31838
Source Name: Service Control Manager
Time Written: 20081204165515.000000-360
Event Type: information
User: LESLEYSLAPTOP\LESLEY WATKINS

Computer Name: LESLEYSLAPTOP
Event Code: 7036
Message: The SSDP Discovery Service service entered the running state.

Record Number: 31837
Source Name: Service Control Manager
Time Written: 20081204165514.000000-360
Event Type: information
User:

Computer Name: LESLEYSLAPTOP
Event Code: 7035
Message: The SSDP Discovery Service service was successfully sent a start control.

Record Number: 31836
Source Name: Service Control Manager
Time Written: 20081204165514.000000-360
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: LESLEYSLAPTOP
Event Code: 7036
Message: The Application Layer Gateway Service service entered the running state.

Record Number: 31835
Source Name: Service Control Manager
Time Written: 20081204165512.000000-360
Event Type: information
User:

Application event log

Computer Name: LESLEY
Event Code: 0
Message:
Record Number: 1749
Source Name: hpqcxs08
Time Written: 20080520223931.000000-300
Event Type: information
User:

Computer Name: LESLEY
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 1748
Source Name: SecurityCenter
Time Written: 20080520223930.000000-300
Event Type: information
User:

Computer Name: LESLEY
Event Code: 0
Message:
Record Number: 1747
Source Name: hpqddsvc
Time Written: 20080520223929.000000-300
Event Type: information
User:

Computer Name: LESLEY
Event Code: 1
Message:
Record Number: 1746
Source Name: Bonjour Service
Time Written: 20080520223929.000000-300
Event Type: information
User:

Computer Name: LESLEY
Event Code: 1000
Message: Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 1745
Source Name: LoadPerf
Time Written: 20080520195310.000000-300
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"sourcesdk"=c:\program files\steam\steamapps\dave019283\sourcesdk
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------

#6 dave0192

dave0192
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 05 January 2009 - 07:55 PM

Gmer Result AttachedAttached File  GMER.txt   13.23KB   1 downloads

#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 06 January 2009 - 12:23 AM

Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {bde34c33-6085-4ff1-90be-ca3ad88538d7} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKUS\S-1-5-19\..\Run: [rirawapola] Rundll32.exe "C:\WINDOWS\system32\pidagimu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [rirawapola] Rundll32.exe "C:\WINDOWS\system32\pidagimu.dll",s (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Search - ?p=ZJfox000
O20 - AppInit_DLLs: rdjryw.dll,C:\WINDOWS\system32\vijibidi.dll,c:\windows\system32\juwefisi.dll,ndweqn.dll,avgrsstx.dll


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.



NEXT


Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :files
    C:\WINDOWS\tasks\jbjzgxlp.job
    C:\WINDOWS\system32\tnldttkg.dll
    c:\windows\system32\juwefisi.dll
    C:\WINDOWS\system32\lphcv1cj0er1q.exe
    C:\WINDOWS\system32\pidagimu.dll
    C:\Program Files\rhcr1cj0er1q
    C:\WINDOWS\system32\drivers\svchost.exe
    C:\WINDOWS\system32\vijibidi.dll
    c:\windows\system32\juwefisi.dll
    C:\WINDOWS\system32\ejomodez.ini
    C:\WINDOWS\system32\oridofod.ini
    C:\WINDOWS\system32\rrccwcab.ini
    
    :reg
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\320d18a1]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPM313e2b3d]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphcv1cj0er1q]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Plugin]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rirawapola]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhcr1cj0er1q]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVCHOST.EXE]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="avgrsstx.dll"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT again.. Post these logs in your next reply..

1. OTMoveIt3
2. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 dave0192

dave0192
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 07 January 2009 - 11:53 PM

OT Move It

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\WINDOWS\tasks\jbjzgxlp.job moved successfully.
File/Folder C:\WINDOWS\system32\tnldttkg.dll not found.
File/Folder c:\windows\system32\juwefisi.dll not found.
File/Folder C:\WINDOWS\system32\lphcv1cj0er1q.exe not found.
File/Folder C:\WINDOWS\system32\pidagimu.dll not found.
File/Folder C:\Program Files\rhcr1cj0er1q not found.
File/Folder C:\WINDOWS\system32\drivers\svchost.exe not found.
File/Folder C:\WINDOWS\system32\vijibidi.dll not found.
File/Folder c:\windows\system32\juwefisi.dll not found.
C:\WINDOWS\system32\ejomodez.ini moved successfully.
C:\WINDOWS\system32\oridofod.ini moved successfully.
C:\WINDOWS\system32\rrccwcab.ini moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\320d18a1\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPM313e2b3d\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphcv1cj0er1q\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Plugin\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rirawapola\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhcr1cj0er1q\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVCHOST.EXE\\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"avgrsstx.dll" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\LESLEY~1\LOCALS~1\Temp\etilqs_qrSf7drCz4YBlrmWd3pf scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\ce50570a-4976-4991-831c-74b5cbea94f0.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\LESLEY WATKINS\Local Settings\Application Data\Mozilla\Firefox\Profiles\q3a3i4kb.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LESLEY WATKINS\Local Settings\Application Data\Mozilla\Firefox\Profiles\q3a3i4kb.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LESLEY WATKINS\Local Settings\Application Data\Mozilla\Firefox\Profiles\q3a3i4kb.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LESLEY WATKINS\Local Settings\Application Data\Mozilla\Firefox\Profiles\q3a3i4kb.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LESLEY WATKINS\Local Settings\Application Data\Mozilla\Firefox\Profiles\q3a3i4kb.default\XUL.mfl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LESLEY WATKINS\Local Settings\Application Data\Mozilla\Firefox\Profiles\q3a3i4kb.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01072009_224924

Files moved on Reboot...
File C:\DOCUME~1\LESLEY~1\LOCALS~1\Temp\etilqs_qrSf7drCz4YBlrmWd3pf not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\WINDOWS\temp\ce50570a-4976-4991-831c-74b5cbea94f0.tmp moved successfully.
C:\Documents and Settings\LESLEY WATKINS\Local Settings\Application Data\Mozilla\Firefox\Profiles\q3a3i4kb.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\LESLEY WATKINS\Local Settings\Application Data\Mozilla\Firefox\Profiles\q3a3i4kb.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\LESLEY WATKINS\Local Settings\Application Data\Mozilla\Firefox\Profiles\q3a3i4kb.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\LESLEY WATKINS\Local Settings\Application Data\Mozilla\Firefox\Profiles\q3a3i4kb.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\LESLEY WATKINS\Local Settings\Application Data\Mozilla\Firefox\Profiles\q3a3i4kb.default\XUL.mfl moved successfully.
C:\Documents and Settings\LESLEY WATKINS\Local Settings\Application Data\Mozilla\Firefox\Profiles\q3a3i4kb.default\urlclassifier3.sqlite moved successfully.

#9 dave0192

dave0192
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 07 January 2009 - 11:56 PM

Random System Information Tool

Logfile of random's system information tool 1.05 (written by random/random)
Run by LESLEY WATKINS at 2009-01-07 22:55:00
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 18 GB (39%) free of 45 GB
Total RAM: 1014 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:55:17 PM, on 1/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\LESLEY WATKINS\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\LESLEY WATKINS.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE /A "C:\WINDOWS\system32\E_S6B3.tmp"
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 2045 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Low Battery Alarm Program.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-07 1601304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus C62 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE [2002-04-10 74240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePower Management]
C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe [2005-11-18 3079680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADMTray.exe]
C:\Acer\Empowering Technology\admtray.exe [2005-10-24 2462208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AidMakerDaemon]
C:\Program Files\AidMaker\aidmaker.exe [2008-11-15 382808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe /d locale=en-US ee://aol/imApp []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe /automount []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-07 1601304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY.exe [2005-11-11 1236992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CMCService]
C:\Program Files\ATI\Catalyst Media Center\CMCService.exe [2008-06-05 172032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2005-10-19 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [2005-12-13 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus C62 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE [2002-04-10 74240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
C:\Acer\Empowering Technology\eRecovery\Monitor.exe [2005-11-16 397312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1156297513\ee\AOLSoftware.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-26 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\PROGRA~1\LAUNCH~1\LManager.exe [2005-11-24 589824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\manager]
C:\Windows\System32\drivers\setup\manager.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe [2004-08-06 139320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe [2003-10-07 147514]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2008-12-26 18081280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-08-18 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2007-11-20 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-01-28 2097488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-07-20 729177]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-12-07 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LOGITE~1.EXE [2007-03-26 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2
"Viewpoint Manager Service"=2
"UStorage Server Service"=2
"S24EventMonitor"=2
"RegSrvc"=2
"ose"=3
"MDM"=2
"McTaskManager"=2
"McShield"=3
"McAfeeFramework"=2
"iPod Service"=3
"IDriverT"=3
"EvtEng"=2
"AWService"=2
"Apple Mobile Device"=2
"MyWebSearchService"=2
"Bonjour Service"=2
"LxrSII1s"=2
"CyberLink Media Library Service"=2
"CLSched"=2
"CLCapSvc"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-01-07 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Reserved]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Reserved]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 3 months======

2009-01-07 22:49:24 ----D---- C:\_OTMoveIt
2009-01-06 07:01:46 ----D---- C:\Program Files\FrostWire
2009-01-06 07:01:46 ----D---- C:\Program Files\AskBarDis
2009-01-05 21:41:19 ----D---- C:\Program Files\Realtek
2009-01-05 18:45:18 ----A---- C:\WINDOWS\gmer.ini
2009-01-05 18:45:17 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-01-05 18:45:17 ----A---- C:\WINDOWS\gmer.exe
2009-01-05 18:45:17 ----A---- C:\WINDOWS\gmer.dll
2009-01-05 18:44:01 ----D---- C:\rsit
2009-01-04 23:11:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.TMP
2009-01-04 23:06:52 ----SHD---- C:\FOUND.000
2009-01-03 19:20:05 ----A---- C:\WINDOWS\RTHDCPL.EXE
2009-01-03 19:20:04 ----A---- C:\WINDOWS\Alcmtr.exe
2009-01-03 01:05:55 ----A---- C:\WINDOWS\vncutil64.exe
2009-01-03 01:05:54 ----A---- C:\WINDOWS\RtlUpd64.exe
2009-01-03 01:05:52 ----A---- C:\WINDOWS\RtlCPAPI.dll
2009-01-03 01:05:49 ----A---- C:\WINDOWS\RtkCoInstXP.dll
2009-01-03 01:05:49 ----A---- C:\WINDOWS\RtkAudioService64.exe
2009-01-03 01:05:46 ----A---- C:\WINDOWS\RTCOMDLL.dll
2009-01-03 01:05:46 ----A---- C:\WINDOWS\RCoInst64XP.dll
2009-01-03 01:05:44 ----A---- C:\WINDOWS\CPLUtl64.exe
2009-01-03 00:57:15 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\Uniblue
2009-01-03 00:57:15 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner
2009-01-02 00:52:42 ----A---- C:\WINDOWS\vncutil.exe
2009-01-02 00:52:40 ----N---- C:\WINDOWS\system32\RtkCoInstXP.dll
2009-01-02 00:52:40 ----A---- C:\WINDOWS\RtkAudioService.exe
2008-12-31 00:24:10 ----D---- C:\WINDOWS\048298C9A4D3490B9FF9AB023A9238F3.TMP
2008-12-30 16:02:58 ----D---- C:\Program Files\Trend Micro
2008-12-30 16:02:48 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-30 16:02:32 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-12-30 16:02:19 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2008-12-30 16:01:58 ----D---- C:\Program Files\Common Files\ATI Technologies
2008-12-30 16:01:58 ----D---- C:\Program Files\ATI Technologies
2008-12-30 16:01:57 ----SHD---- C:\WINDOWS\ftpcache
2008-12-30 02:02:09 ----A---- C:\WINDOWS\_delis32.ini
2008-12-30 00:40:01 ----D---- C:\Program Files\iTunes
2008-12-30 00:39:22 ----D---- C:\Program Files\Bonjour
2008-12-30 00:38:45 ----D---- C:\Program Files\QuickTime
2008-12-25 18:22:25 ----A---- C:\WINDOWS\system32\LxrSII1s.exe
2008-12-25 18:22:25 ----A---- C:\WINDOWS\system32\LxrSII1.dll
2008-12-25 15:22:31 ----A---- C:\WINDOWS\system32\msxml4a.dll
2008-12-25 15:21:49 ----D---- C:\WINDOWS\RegisteredPackages
2008-12-25 15:20:38 ----D---- C:\Program Files\ATI
2008-12-25 15:13:58 ----A---- C:\WINDOWS\system32\PsisDecd.dll
2008-12-25 00:23:59 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-25 00:23:45 ----D---- C:\Program Files\AVG
2008-12-24 15:05:56 ----A---- C:\WINDOWS\system32\392edcdf-.txt
2008-12-19 15:36:41 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\ImTOO Software Studio
2008-12-17 00:36:39 ----A---- C:\regdump.arm9.txt
2008-12-17 00:00:13 ----D---- C:\Program Files\eMule
2008-12-14 11:37:09 ----A---- C:\VundoFix.txt
2008-12-14 10:36:46 ----HD---- C:\$AVG8.VAULT$
2008-12-14 10:33:09 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-12 15:43:54 ----HD---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 15:42:10 ----HD---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 15:42:07 ----HD---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 15:42:01 ----HD---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-11 14:37:44 ----A---- C:\WINDOWS\system32\xfcodec.dll
2008-12-09 23:36:42 ----D---- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-12-09 23:36:01 ----D---- C:\Program Files\Common Files\iS3
2008-12-09 23:36:01 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-12-07 23:30:05 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\Snapfish
2008-11-29 17:49:48 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\Google
2008-11-29 17:47:43 ----D---- C:\Program Files\Google
2008-11-23 21:11:40 ----D---- C:\Program Files\Microsoft Silverlight
2008-11-18 21:46:16 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\Xfire
2008-11-18 21:46:13 ----D---- C:\Program Files\Xfire
2008-11-15 14:24:06 ----D---- C:\WINDOWS\system32\Adobe
2008-11-15 01:02:41 ----D---- C:\WINDOWS\AidMaker
2008-11-15 01:02:41 ----D---- C:\Program Files\AidMaker
2008-11-12 03:00:52 ----HD---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 03:00:48 ----HD---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 03:00:37 ----HD---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-09 16:38:46 ----D---- C:\Program Files\BrainfuseQuickConnect
2008-10-26 21:59:17 ----D---- C:\Program Files\Siber Systems
2008-10-26 21:58:47 ----D---- C:\Program Files\uTorrent
2008-10-26 21:58:45 ----D---- C:\Program Files\Guitar Pro 5
2008-10-26 21:58:44 ----D---- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-10-26 21:58:41 ----D---- C:\Program Files\Common Files\NewTech Infosystems
2008-10-26 21:58:33 ----D---- C:\Program Files\SanDisk
2008-10-26 21:58:32 ----D---- C:\Program Files\Electronic Arts
2008-10-26 21:58:31 ----D---- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-10-26 21:58:31 ----D---- C:\Program Files\SmartFTP Client
2008-10-26 21:58:29 ----D---- C:\Program Files\Viewpoint
2008-10-26 21:58:29 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\Viewpoint
2008-10-26 21:58:23 ----D---- C:\WINDOWS\system32\FxsTmp
2008-10-26 21:58:22 ----HD---- C:\WINDOWS\$NtUninstallKB929399$
2008-10-26 21:58:19 ----HD---- C:\Documents and Settings\LESLEY WATKINS\Application Data\Move Networks
2008-10-26 21:58:19 ----D---- C:\WINDOWS\SxsCaPendDel
2008-10-26 21:58:19 ----D---- C:\WINDOWS\Sun
2008-10-26 21:58:19 ----D---- C:\WINDOWS\MUI
2008-10-26 21:58:19 ----D---- C:\WINDOWS\msapps
2008-10-26 21:58:19 ----D---- C:\WINDOWS\Minidump
2008-10-26 21:58:19 ----D---- C:\WINDOWS\Connection Wizard
2008-10-26 21:58:19 ----D---- C:\WINDOWS\Config
2008-10-26 21:58:19 ----D---- C:\Program Files\Windows Media Connect 2
2008-10-26 21:58:19 ----D---- C:\Program Files\NewTech Infosystems
2008-10-26 21:58:19 ----D---- C:\Program Files\MSXML 4.0
2008-10-26 21:58:19 ----D---- C:\Program Files\MSN
2008-10-26 21:58:19 ----D---- C:\Program Files\Lavasoft
2008-10-26 21:58:19 ----D---- C:\Program Files\ComPlus Applications
2008-10-26 21:58:19 ----D---- C:\Program Files\Apple Software Update
2008-10-26 21:58:19 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\WinRAR
2008-10-26 21:58:19 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\Symantec
2008-10-26 21:58:19 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\SmartFTP
2008-10-26 21:58:19 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\OnReally
2008-10-26 21:58:19 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\Nero
2008-10-26 21:58:19 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\NCH Swift Sound
2008-10-26 21:58:19 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\Media Player Classic
2008-10-26 21:58:19 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\Image Zone Express
2008-10-26 21:58:19 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\Identities
2008-10-26 21:58:19 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\Help
2008-10-26 21:58:19 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\Hamachi
2008-10-26 21:58:19 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\GetRightToGo
2008-10-26 21:58:19 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\CiscoCAA
2008-10-26 21:58:19 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\AdobeUM
2008-10-26 21:58:19 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-10-26 21:58:18 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\teamspeak2
2008-10-26 21:58:18 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\FrostWire
2008-10-26 21:58:18 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\FotoWire
2008-10-26 21:58:18 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\Aim
2008-10-26 21:58:18 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\acccore
2008-10-26 21:58:17 ----D---- C:\Program Files\Online Services
2008-10-26 21:58:17 ----D---- C:\Program Files\Microsoft.NET
2008-10-26 21:58:16 ----D---- C:\Program Files\Norton AntiVirus
2008-10-26 21:58:16 ----D---- C:\Program Files\Microsoft Visual Studio
2008-10-26 21:58:16 ----D---- C:\Program Files\directx
2008-10-26 21:58:16 ----D---- C:\Program Files\DIFX
2008-10-26 21:58:16 ----D---- C:\Program Files\CONEXANT
2008-10-26 21:58:16 ----D---- C:\Program Files\BitLord
2008-10-26 21:58:15 ----D---- C:\Program Files\WinPCap
2008-10-26 21:58:15 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-26 21:58:15 ----D---- C:\Program Files\Power Tab Software
2008-10-26 21:58:15 ----D---- C:\Program Files\NCH Swift Sound
2008-10-26 21:58:15 ----D---- C:\Program Files\MSXML 6.0
2008-10-26 21:58:15 ----D---- C:\Program Files\Microsoft ActiveSync
2008-10-26 21:58:15 ----D---- C:\Program Files\Messenger
2008-10-26 21:58:15 ----D---- C:\Program Files\DivX
2008-10-26 21:58:15 ----D---- C:\Program Files\Alcohol Soft
2008-10-25 23:03:40 ----D---- C:\Documents and Settings\All Users\Application Data\NexonUS
2008-10-23 22:44:20 ----HD---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-20 21:24:40 ----HD---- C:\Documents and Settings\All Users\Application Data\CanonBJ
2008-10-20 21:24:38 ----A---- C:\WINDOWS\system32\CNMLM97.DLL
2008-10-20 17:31:07 ----D---- C:\Documents and Settings\All Users\Application Data\RoboForm
2008-10-19 15:43:15 ----HD---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-19 15:43:11 ----HD---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-19 15:43:08 ----HD---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-19 15:42:36 ----HD---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-19 15:42:10 ----HD---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-11 14:35:56 ----A---- C:\DVDPATH.TXT
2008-10-09 15:48:59 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\uTorrent
2008-10-09 15:48:22 ----D---- C:\Documents and Settings\LESLEY WATKINS\Application Data\CyberLink
2008-10-09 15:48:04 ----D---- C:\Config.Msi

======List of files/folders modified in the last 3 months======

2009-01-07 22:50:28 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2009-01-07 22:49:40 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-01-05 15:13:14 ----RASH---- C:\boot.ini
2009-01-05 15:13:14 ----A---- C:\WINDOWS\win.ini
2009-01-05 15:13:14 ----A---- C:\WINDOWS\system.ini
2009-01-04 23:00:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-13 00:40:02 ----A---- C:\WINDOWS\system32\MSHTML.DLL
2008-10-23 06:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 04:07:00 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-16 14:38:40 ----N---- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 14:38:40 ----N---- C:\WINDOWS\system32\occache.dll
2008-10-16 14:38:40 ----N---- C:\WINDOWS\system32\mstime.dll
2008-10-16 14:38:40 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-16 14:38:40 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-10-16 14:38:40 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-16 14:38:40 ----A---- C:\WINDOWS\system32\url.dll
2008-10-16 14:38:38 ----N---- C:\WINDOWS\system32\msrating.dll
2008-10-16 14:38:38 ----N---- C:\WINDOWS\system32\iernonce.dll
2008-10-16 14:38:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 14:38:38 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 14:38:38 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-10-16 14:38:38 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 14:38:38 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-10-16 14:38:38 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-16 14:38:36 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2008-10-16 14:38:36 ----N---- C:\WINDOWS\system32\ieaksie.dll
2008-10-16 14:38:36 ----N---- C:\WINDOWS\system32\ieakeng.dll
2008-10-16 14:38:36 ----N---- C:\WINDOWS\system32\extmgr.dll
2008-10-16 14:38:36 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-10-16 14:38:36 ----A---- C:\WINDOWS\system32\icardie.dll
2008-10-16 14:38:34 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 14:38:34 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 14:38:34 ----A---- C:\WINDOWS\system32\advpack.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 07:11:10 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2008-10-16 07:11:10 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\NETAPI32.DLL
2008-10-15 01:04:54 ----N---- C:\WINDOWS\system32\ieakui.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-01-07 324872]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-01-07 27656]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-01-07 107272]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2004-12-23 58464]
R1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys []
R1 OsaFsLoc;OsaFsLoc; \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-02-27 21275]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 LxrSII1d;Secure II Driver; \??\C:\WINDOWS\system32\Drivers\LxrSII1d.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 osaio;osaio; \??\C:\WINDOWS\system32\drivers\osaio.sys []
R2 osanbm;osanbm; \??\C:\WINDOWS\system32\drivers\osanbm.sys []
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 40832]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 16896]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 998656]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-10-24 218496]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-07-20 190592]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-04 1429632]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-10-18 721280]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 ATIAVPCI;ATI Unified AVStream service; C:\WINDOWS\system32\DRIVERS\atinavrr.sys [2008-05-08 752768]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-10-31 45312]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2006-07-20 223128]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2005-11-17 60928]
S3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys []
S3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2005-11-17 37888]
S3 ESMCR;ESMCR; C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2005-11-17 74624]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-05 85969]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-12-26 4968448]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2004-12-23 108480]
S3 NdisFilt;OSA NdisFilter Protocol; C:\WINDOWS\System32\Drivers\NdisFilt.sys [2005-09-13 4392]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NETMNT;Acer NetMonitor Protocol; C:\WINDOWS\system32\DRIVERS\NETMNT.sys [2005-05-02 9600]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-03 32512]
S3 npkcrypt;npkcrypt; \??\D:\Lineage2\system\npkcrypt.sys []
S3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-01-17 6144]
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2005-01-31 211712]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2005-10-31 46080]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wg111nd5;NETGEAR WG111 802.11g Wireless USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\wg111nd5.sys [2004-03-03 339776]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-01-07 903960]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-01-07 298264]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-11-11 18944]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-03 86016]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
S4 AWService;AdminWorks Agent X6; C:\Acer\Empowering Technology\admServ.exe [2005-10-24 1314816]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S4 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe [2008-06-05 262246]
S4 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe [2008-06-05 110692]
S4 CyberLink Media Library Service;CyberLink Media Library Service; C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe [2008-06-05 1073152]
S4 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S4 LxrSII1s;Lexar Secure II; C:\WINDOWS\system32\LxrSII1s.exe [2007-03-07 49152]
S4 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2004-08-06 102463]
S4 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\mcshield.exe [2004-08-18 221191]
S4 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\vstskmgr.exe [2004-08-18 28672]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S4 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe []
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
S4 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
S4 UStorage Server Service;UStorage Server Service; C:\WINDOWS\system32\UStorSrv.exe [2006-02-17 139264]
S4 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

-----------------EOF-----------------

#10 dave0192

dave0192
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 08 January 2009 - 12:00 AM

Thank you! The popups stopped. I think updating malwarebytes solved it.

Another odd problem though (not sure if its malware) is that whenever I start firefox it always brings up that "Welcome to Firefox" page. Small problem but its aggravating having to exit out of it every time.

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 08 January 2009 - 02:27 AM

Good to hear that.. About Firefox, can you change your Home Page on Firefox?..

Just open Firefox >> Go to Tools >> Options >> Change your Home Page from there..


Lets do an online scan to make sure we don't miss any..


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 dave0192

dave0192
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 09 January 2009 - 06:08 PM

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3752 (20090108)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=7e1a9b1f59ed3b4fa11e4c6d97d59512
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-09 05:14:38
# local_time=2009-01-08 11:14:38 (-0600, Central Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=261215
# found=2
# scan_time=2908
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll Win32/Toolbar.MyWebSearch application (unable to clean - deleted) 00000000000000000000000000000000
C:\System Volume Information\_restore{9D7FE093-30E8-4750-B1B9-291EB5BE2043}\RP617\A0286768.dll Win32/Toolbar.MyWebSearch application (unable to clean - deleted) 00000000000000000000000000000000

#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 10 January 2009 - 03:56 PM

Looks good to me.. Lets do some cleanup...


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbsup:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#14 dave0192

dave0192
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 13 January 2009 - 10:56 PM

Well I did the OT cleanit and when it asked if it could scan, it immediately asked to restart once I clicked yes. I restarted, not sure if this is supposed to happen so fast. I also read those articles and I cleaned using their methods but that 'Welcome to Firefox' first run doesn't seem to stop.

#15 dave0192

dave0192
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:05:28 AM

Posted 13 January 2009 - 11:03 PM

Update : Its fixed :thumbsup:

I did something I should have tried a long time ago..reinstalled firefox. Im not sure what it fixed but the problem is solved.

Thank you sooo much for the help !




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users