Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde, Virtumonde.generic, Virtumonde.sci


  • This topic is locked This topic is locked
19 replies to this topic

#1 inlifeindeath

inlifeindeath

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 05 January 2009 - 07:41 PM

I was recently infected with the Trojans: Virtumonde, Virtumonde.generic, Virtumonde.sci, Virtumonde.prx, as well as the malware Smitfraud-C. and can't seem to remove them using spybot alone. The only things that the files do as far as I can tell, is open up pop up spam windows and show the windows security alert shield in the taskbar saying that my firewall is disabled, although it is actually enabled. Thanks!


DDS (Version 1.1.0) - NTFSx86
Run by Owner at 18:33:35.81 on Mon 01/05/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.130 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\NETGEAR\SC101 Manager Utility\ZeteraService.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearchURL,(Default) = hxxp://as.starware.com/dp/search?x=wKX1ILEOi+UdWpSlz2q9Dzn13Emww/YwvAthwXDvvODjTzyD2+DoaRpL0Xd0y3OYQbubtR3CnSyqrF22umN2YsiAfN83NQ5iQeI0Bg5eaBPGpLb2QhqiS3o6WJa24zlh
mSearchAssistant = hxxp://www.myway.com/mysearch/?ptnrS=BW
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\qoMgeCSJ.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: {a4b1e6f8-3047-4d7e-9c04-27b0e7dfcd01} - c:\windows\system32\mlJCvTlM.dll
BHO: {E5DB3C9C-19AF-4E6B-8E55-9FE3463EAFD0} - No File
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [MaxtorOneTouch] c:\progra~1\maxtor\onetouch\utils\OneTouch.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [60ef9b6e] rundll32.exe "c:\windows\system32\gsdtewor.dll",b
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear wg311v2 adapter\wlancfg5.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: igfxcui - igfxsrvc.dll
Notify: qoMgeCSJ - qoMgeCSJ.dll
AppInit_DLLs: avgrsstx.dll eflsrv.dll ncxkkh.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\qoMgeCSJ.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\mlJCvTlM

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\oteesk5q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-16 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-10-16 26824]
R3 ZetBus;Zetera Virtual Bus;c:\windows\system32\drivers\ZetBus.sys [2005-11-10 14080]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-10-16 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-10-16 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-10-16 76040]
R4 SFSZ;DataPlow SFS for Zetera Storage Devices;c:\windows\system32\drivers\sfsz.sys [2005-11-10 356224]
R4 Zetera;Zetera;c:\program files\netgear\sc101 manager utility\ZeteraService.exe [2005-11-10 69632]
S0 ZetSFD;ZetSFD;c:\windows\system32\drivers\ZetSFD.sys [2005-11-10 12032]
S3 ZetMPD;ZetMPD;c:\windows\system32\drivers\ZetMPD.sys [2005-11-10 4608]

=============== Created Last 30 ================

2009-01-05 18:15 <DIR> --d----- c:\program files\Trend Micro
2009-01-05 18:11 129,024 a------- c:\windows\system32\ncxkkh.dll
2009-01-05 18:11 129,024 a------- c:\windows\system32\kamfxkrw.dll
2009-01-04 19:20 120 ---sh--- c:\windows\system32\rowetdsg.ini
2009-01-04 19:20 72,704 a------- c:\windows\system32\gsdtewor.dll
2009-01-04 10:26 129,024 a------- c:\windows\system32\kljxiwfr.dll
2009-01-04 10:26 129,024 a------- c:\windows\system32\eflsrv.dll
2009-01-03 18:16 689,024 a--sh--- c:\windows\system32\MlTvCJlm.ini2
2009-01-03 16:32 95 a------- c:\windows\wininit.ini
2009-01-03 15:57 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-01-03 15:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-01-02 18:41 129,024 a------- c:\windows\system32\prkqlq.dll
2009-01-02 18:41 129,024 a------- c:\windows\system32\uxyklhbv.dll
2009-01-01 18:22 129,024 a------- c:\windows\system32\dlrduk.dll
2009-01-01 18:22 129,024 a------- c:\windows\system32\ugwggahr.dll
2009-01-01 18:19 72,704 a------- c:\windows\system32\vjfxivrh.dll
2008-12-31 18:20 129,024 a------- c:\windows\system32\dfkejc.dll
2008-12-31 18:20 129,024 a------- c:\windows\system32\drwprave.dll
2008-12-29 22:25 129,024 a------- c:\windows\system32\vxjujb.dll
2008-12-29 22:24 129,024 a------- c:\windows\system32\sistjefr.dll
2008-12-29 19:50 129,024 a------- c:\windows\system32\rsqlim.dll
2008-12-29 19:50 129,024 a------- c:\windows\system32\tciknany.dll
2008-12-28 17:46 <DIR> --d----- c:\docume~1\owner\applic~1\Twain
2008-12-28 17:44 129,024 a------- c:\windows\system32\lkutcj.dll
2008-12-28 17:44 129,024 a------- c:\windows\system32\drjontbt.dll
2008-12-28 17:42 <DIR> --d----- c:\program files\Webtools
2008-12-28 17:41 689,079 a--sh--- c:\windows\system32\MlTvCJlm.ini
2008-12-28 17:41 302,592 a------- c:\windows\system32\mlJCvTlM.dll
2008-12-28 17:35 34,816 a------- c:\windows\system32\qoMgeCSJ.dll
2008-12-28 17:35 <DIR> --d----- c:\program files\GetModule

==================== Find3M ====================

2008-10-23 06:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-19 16:21 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-16 12:55 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-10-15 19:00 666,112 a------- c:\windows\system32\wininet.dll
2004-07-02 12:19 40,960 a------- c:\windows\inf\wg311v2\imdinst.exe
2004-06-17 23:41 386,688 a------- c:\windows\inf\wg311v2\netwg311_XP.sys
2004-04-04 13:07 84,912 a------- c:\windows\inf\wg311v2\FwRad17.bin
2004-04-04 13:07 83,320 a------- c:\windows\inf\wg311v2\FwRad16.bin
2004-02-04 12:53 62,865 a------- c:\windows\inf\wg311v2\odysseyIM3.sys
2004-02-04 12:53 12,739 a------- c:\windows\inf\wg311v2\odNetInstall.dll

============= FINISH: 18:35:33.12 ===============

Attached Files


Edited by inlifeindeath, 05 January 2009 - 08:07 PM.


BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 06 January 2009 - 11:35 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 inlifeindeath

inlifeindeath
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 07 January 2009 - 01:53 PM

Malwarebytes' Anti-Malware 1.32
Database version: 1616
Windows 5.1.2600 Service Pack 3

1/7/2009 11:59:11 AM
mbam-log-2009-01-07 (11-59-11).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 105008
Time elapsed: 44 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 14
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 30

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\tswvspbw.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\qoMgeCSJ.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\eflsrv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ncxkkh.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qomgecsj (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{76bb4858-d78e-4a5f-bb7f-0a5df4bc79dc} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7edd166-323d-4961-92e1-2ac1ed615a2c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\60ef9b6e (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\qoMgeCSJ.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tswvspbw.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\wbpsvwst.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eflsrv.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ncxkkh.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0LAZS5M7\load[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0LAZS5M7\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5ZF9RL7C\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP390\A0027726.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP392\A0027763.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP392\A0027785.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP393\A0027805.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP394\A0027827.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP395\A0027856.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP395\A0027863.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP397\A0027957.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP398\A0027978.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dfkejc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drjontbt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drwprave.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kamfxkrw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kljxiwfr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lkutcj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\prkqlq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rsqlim.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sistjefr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tciknany.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uxyklhbv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vxjujb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yimfubij.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.


Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2009-01-07 12:04:57
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 63 GB (86%) free of 73 GB
Total RAM: 503 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:15 PM, on 1/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\NETGEAR\SC101 Manager Utility\ZeteraService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.myway.com/mysearch/?ptnrS=BW
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...hqiS3o6WJa24zlh
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {A4B1E6F8-3047-4D7E-9C04-27B0E7DFCD01} - (no file)
O2 - BHO: (no name) - {C37253DF-6319-4657-8E6A-F0506B6F151E} - C:\WINDOWS\system32\mlJCvTlM.dll (file missing)
O2 - BHO: (no name) - {E5DB3C9C-19AF-4E6B-8E55-9FE3463EAFD0} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll eflsrv.dll ncxkkh.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Zetera - Zetera Corporation - C:\Program Files\NETGEAR\SC101 Manager Utility\ZeteraService.exe

--
End of file - 6380 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\ISP signup reminder 1.job
C:\WINDOWS\tasks\ISP signup reminder 3.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-16 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A4B1E6F8-3047-4D7E-9C04-27B0E7DFCD01}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C37253DF-6319-4657-8E6A-F0506B6F151E}]
C:\WINDOWS\system32\mlJCvTlM.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5DB3C9C-19AF-4E6B-8E55-9FE3463EAFD0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-16 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"=C:\Program Files\Digital Media Reader\shwiconem.exe [2004-10-18 135168]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-13 212992]
"MaxtorOneTouch"=C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe [2003-05-21 45056]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-06-21 155648]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2004-01-07 49152]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-06-21 126976]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-27 1261336]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-09-12 36352]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
NETGEAR WG311v2 Smart Configuration.lnk - C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll eflsrv.dll ncxkkh.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-06-21 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\mlJCvTlM

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Disabled:javaw"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL"
"C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe"="C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Disabled:QuickBooks 2006 Data Manager"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Mozilla Firefox"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\SoulseekNS\slsk.exe"="C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-01-07 12:04:57 ----D---- C:\rsit
2009-01-07 11:06:56 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2009-01-07 11:06:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-07 11:06:45 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-06 17:32:02 ----ASH---- C:\WINDOWS\system32\MlTvCJlm.ini2
2009-01-05 18:15:47 ----D---- C:\Program Files\Trend Micro
2009-01-04 19:20:09 ----ASH---- C:\WINDOWS\system32\rowetdsg.ini
2009-01-03 16:32:48 ----A---- C:\WINDOWS\wininit.ini
2009-01-03 15:57:40 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-01-03 15:57:40 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-01 18:22:42 ----A---- C:\WINDOWS\system32\dlrduk.dll
2009-01-01 18:22:41 ----A---- C:\WINDOWS\system32\ugwggahr.dll
2009-01-01 18:19:42 ----A---- C:\WINDOWS\system32\vjfxivrh.dll
2008-12-28 17:46:58 ----D---- C:\Documents and Settings\Owner\Application Data\Twain
2008-12-28 17:42:26 ----A---- C:\WINDOWS\system32\6bcc5f10-.txt
2008-12-28 17:41:21 ----ASH---- C:\WINDOWS\system32\MlTvCJlm.ini
2008-12-18 11:56:01 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-10 22:30:10 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 22:28:59 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-10 22:28:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 22:27:59 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 22:27:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-01 18:33:24 ----D---- C:\WINDOWS\system32\Adobe
2008-11-19 22:34:05 ----D---- C:\Program Files\Audacity
2008-11-14 16:28:10 ----D---- C:\Documents and Settings\Owner\Application Data\WinRAR
2008-11-14 16:27:46 ----D---- C:\Program Files\WinRAR
2008-11-12 23:02:29 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-11 16:54:44 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-11 16:54:30 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-06 14:46:53 ----D---- C:\Program Files\Common Files\Apple
2008-11-06 14:46:47 ----D---- C:\Program Files\QuickTime
2008-11-06 14:46:37 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-11-06 14:45:53 ----D---- C:\Program Files\Apple Software Update
2008-11-06 14:45:53 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-11-04 09:23:59 ----D---- C:\Documents and Settings\Owner\Application Data\RhythmRascal
2008-11-04 09:22:55 ----D---- C:\Program Files\Rhythm Rascal
2008-11-03 18:22:34 ----D---- C:\WINDOWS\system32\XPSViewer
2008-11-03 18:22:23 ----D---- C:\Program Files\MSBuild
2008-11-03 18:22:04 ----D---- C:\Program Files\Reference Assemblies
2008-11-03 18:20:41 ----A---- C:\WINDOWS\system32\prntvpt.dll
2008-11-03 18:20:40 ----A---- C:\WINDOWS\system32\xpsshhdr.dll
2008-11-03 18:20:39 ----A---- C:\WINDOWS\system32\xpssvcs.dll
2008-11-03 18:20:38 ----D---- C:\02dc34d50910fe701e1e76
2008-11-02 16:32:00 ----A---- C:\WINDOWS\system32\igfxres.dll
2008-11-02 14:24:35 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-02 14:24:35 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-02 14:24:35 ----A---- C:\WINDOWS\system32\java.exe
2008-11-02 14:22:19 ----D---- C:\Program Files\ordrumbox
2008-11-02 14:12:30 ----D---- C:\Program Files\HammerHead
2008-10-31 22:25:27 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-10-31 22:24:59 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-10-31 22:24:33 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-10-31 22:24:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-10-31 22:23:39 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-10-31 11:02:58 ----A---- C:\WINDOWS\system32\spmsg.dll
2008-10-31 11:02:52 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-10-31 11:02:26 ----D---- C:\Program Files\Windows Media Connect 2
2008-10-31 11:02:06 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-10-31 11:00:05 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-10-31 10:59:14 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-10-31 10:53:05 ----D---- C:\Program Files\Netflix
2008-10-25 11:50:20 ----D---- C:\Documents and Settings\All Users\Application Data\Soulseek
2008-10-25 11:48:58 ----D---- C:\Program Files\SoulseekNS
2008-10-23 21:35:38 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-20 23:04:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-20 18:52:13 ----D---- C:\WINDOWS\Prefetch
2008-10-19 16:26:13 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-19 16:26:00 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-19 16:25:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-19 16:25:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-19 16:25:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-19 16:25:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-19 16:25:03 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-19 16:24:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-19 16:24:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-19 16:24:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-19 16:24:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-19 16:24:14 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-19 16:24:06 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-19 16:23:58 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-19 16:23:49 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-19 16:17:19 ----D---- C:\WINDOWS\system32\en-us
2008-10-19 16:17:17 ----D---- C:\WINDOWS\system32\scripting
2008-10-19 16:17:16 ----D---- C:\WINDOWS\l2schemas
2008-10-19 16:17:14 ----D---- C:\WINDOWS\system32\en
2008-10-19 16:17:13 ----D---- C:\WINDOWS\system32\bits
2008-10-19 16:12:01 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-19 16:09:02 ----D---- C:\WINDOWS\network diagnostic
2008-10-19 16:01:56 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-19 16:01:53 ----D---- C:\WINDOWS\EHome
2008-10-18 23:14:20 ----A---- C:\WINDOWS\system32\xmllite.dll
2008-10-18 23:14:14 ----A---- C:\WINDOWS\system32\wmphoto.dll
2008-10-18 23:14:08 ----A---- C:\WINDOWS\system32\wlanapi.dll
2008-10-18 23:14:05 ----A---- C:\WINDOWS\system32\windowscodecsext.dll
2008-10-18 23:14:05 ----A---- C:\WINDOWS\system32\windowscodecs.dll
2008-10-18 23:13:50 ----A---- C:\WINDOWS\system32\tspkg.dll
2008-10-18 23:13:49 ----A---- C:\WINDOWS\system32\tsgqec.dll
2008-10-18 23:13:37 ----A---- C:\WINDOWS\system32\spupdwxp.exe
2008-10-18 23:13:34 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-10-18 23:13:32 ----N---- C:\WINDOWS\slrundll.exe
2008-10-18 23:13:32 ----A---- C:\WINDOWS\system32\slserv.exe
2008-10-18 23:13:32 ----A---- C:\WINDOWS\system32\slrundll.exe
2008-10-18 23:13:32 ----A---- C:\WINDOWS\system32\slgen.dll
2008-10-18 23:13:32 ----A---- C:\WINDOWS\system32\slextspk.dll
2008-10-18 23:13:32 ----A---- C:\WINDOWS\system32\slcoinst.dll
2008-10-18 23:13:27 ----A---- C:\WINDOWS\system32\setupn.exe
2008-10-18 23:13:23 ----A---- C:\WINDOWS\system32\s3gnb.dll
2008-10-18 23:13:20 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2008-10-18 23:13:18 ----A---- C:\WINDOWS\system32\rasqec.dll
2008-10-18 23:13:16 ----A---- C:\WINDOWS\system32\qutil.dll
2008-10-18 23:13:15 ----A---- C:\WINDOWS\system32\qcliprov.dll
2008-10-18 23:13:14 ----A---- C:\WINDOWS\system32\qagentrt.dll
2008-10-18 23:13:14 ----A---- C:\WINDOWS\system32\qagent.dll
2008-10-18 23:13:10 ----A---- C:\WINDOWS\system32\photometadatahandler.dll
2008-10-18 23:13:04 ----A---- C:\WINDOWS\system32\onex.dll
2008-10-18 23:12:43 ----A---- C:\WINDOWS\system32\napstat.exe
2008-10-18 23:12:42 ----A---- C:\WINDOWS\system32\napmontr.dll
2008-10-18 23:12:42 ----A---- C:\WINDOWS\system32\napipsec.dll
2008-10-18 23:12:41 ----A---- C:\WINDOWS\system32\mtxparhd.dll
2008-10-18 23:12:40 ----A---- C:\WINDOWS\system32\msxml6r.dll
2008-10-18 23:12:40 ----A---- C:\WINDOWS\system32\msxml6.dll
2008-10-18 23:12:32 ----A---- C:\WINDOWS\system32\msshavmsg.dll
2008-10-18 23:12:32 ----A---- C:\WINDOWS\system32\mssha.dll
2008-10-18 23:11:59 ----A---- C:\WINDOWS\system32\mmcperf.exe
2008-10-18 23:11:58 ----A---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-10-18 23:11:58 ----A---- C:\WINDOWS\system32\mmcex.dll
2008-10-18 23:11:57 ----A---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-10-18 23:11:32 ----A---- C:\WINDOWS\system32\l2gpstore.dll
2008-10-18 23:11:22 ----A---- C:\WINDOWS\system32\kmsvc.dll
2008-10-18 23:11:21 ----A---- C:\WINDOWS\system32\kbdpash.dll
2008-10-18 23:11:21 ----A---- C:\WINDOWS\system32\kbdnepr.dll
2008-10-18 23:11:20 ----A---- C:\WINDOWS\system32\kbdiultn.dll
2008-10-18 23:11:20 ----A---- C:\WINDOWS\system32\kbdbhc.dll
2008-10-18 23:10:49 ----A---- C:\WINDOWS\system32\hsfcisp2.dll
2008-10-18 23:10:40 ----A---- C:\WINDOWS\system32\faxpatch.exe
2008-10-18 23:10:40 ----A---- C:\WINDOWS\002747_.tmp
2008-10-18 23:10:36 ----A---- C:\WINDOWS\system32\eapsvc.dll
2008-10-18 23:10:35 ----A---- C:\WINDOWS\system32\eapqec.dll
2008-10-18 23:10:35 ----A---- C:\WINDOWS\system32\eappprxy.dll
2008-10-18 23:10:35 ----A---- C:\WINDOWS\system32\eapphost.dll
2008-10-18 23:10:35 ----A---- C:\WINDOWS\system32\eappgnui.dll
2008-10-18 23:10:35 ----A---- C:\WINDOWS\system32\eappcfg.dll
2008-10-18 23:10:35 ----A---- C:\WINDOWS\system32\eapp3hst.dll
2008-10-18 23:10:35 ----A---- C:\WINDOWS\system32\eapolqec.dll
2008-10-18 23:10:27 ----A---- C:\WINDOWS\system32\dot3ui.dll
2008-10-18 23:10:27 ----A---- C:\WINDOWS\system32\dot3svc.dll
2008-10-18 23:10:27 ----A---- C:\WINDOWS\system32\dot3msm.dll
2008-10-18 23:10:27 ----A---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-10-18 23:10:27 ----A---- C:\WINDOWS\system32\dot3dlg.dll
2008-10-18 23:10:27 ----A---- C:\WINDOWS\system32\dot3cfg.dll
2008-10-18 23:10:27 ----A---- C:\WINDOWS\system32\dot3api.dll
2008-10-18 23:10:25 ----A---- C:\WINDOWS\system32\dimsroam.dll
2008-10-18 23:10:25 ----A---- C:\WINDOWS\system32\dimsntfy.dll
2008-10-18 23:10:24 ----A---- C:\WINDOWS\system32\dhcpqec.dll
2008-10-18 23:10:21 ----A---- C:\WINDOWS\system32\credssp.dll
2008-10-18 23:10:15 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2008-10-18 23:10:14 ----A---- C:\WINDOWS\system32\azroles.dll
2008-10-18 23:10:12 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2008-10-18 23:10:12 ----A---- C:\WINDOWS\system32\ativtmxx.dll
2008-10-18 23:10:12 ----A---- C:\WINDOWS\system32\ati3duag.dll
2008-10-18 23:10:12 ----A---- C:\WINDOWS\system32\ati3d1ag.dll
2008-10-18 23:10:11 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2008-10-18 23:10:11 ----A---- C:\WINDOWS\system32\ati2dvaa.dll
2008-10-18 23:10:11 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2008-10-18 23:10:04 ----A---- C:\WINDOWS\system32\aaclient.dll
2008-10-16 16:38:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-10-16 16:37:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-10-16 16:37:51 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-10-16 16:37:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-16 16:37:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 16:37:33 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-16 16:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-10-16 16:37:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-10-16 16:37:11 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-16 16:36:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-10-16 16:36:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-10-16 16:36:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-10-16 16:36:29 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-10-16 16:36:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-10-16 16:36:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-10-16 16:35:54 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-10-16 16:35:33 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-10-16 16:33:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956390_0$
2008-10-16 16:33:01 ----D---- C:\Program Files\MSXML 4.0
2008-10-16 16:32:46 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-10-16 13:11:09 ----A---- C:\WINDOWS\system32\pxsfs.dll
2008-10-16 13:11:09 ----A---- C:\WINDOWS\system32\pxinsa64.exe
2008-10-16 13:11:09 ----A---- C:\WINDOWS\system32\pxhpinst.exe
2008-10-16 13:11:09 ----A---- C:\WINDOWS\system32\pxcpya64.exe
2008-10-16 13:11:09 ----A---- C:\WINDOWS\system32\pxafs.dll
2008-10-16 13:11:08 ----A---- C:\WINDOWS\system32\vxblock.dll
2008-10-16 13:11:08 ----A---- C:\WINDOWS\system32\pxdrv.dll
2008-10-16 13:11:07 ----A---- C:\WINDOWS\system32\pxwave.dll
2008-10-16 13:11:07 ----A---- C:\WINDOWS\system32\pxmas.dll
2008-10-16 13:11:07 ----A---- C:\WINDOWS\system32\px.dll
2008-10-16 13:11:04 ----D---- C:\Program Files\Winamp
2008-10-16 13:11:04 ----D---- C:\Documents and Settings\Owner\Application Data\Winamp
2008-10-16 12:58:23 ----HD---- C:\$AVG8.VAULT$
2008-10-16 12:55:49 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-10-16 12:55:45 ----D---- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-10-16 12:55:31 ----D---- C:\Program Files\AVG
2008-10-16 12:55:30 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-16 12:42:57 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-10-16 10:56:17 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 10:56:17 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 10:56:17 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 10:43:41 ----HD---- C:\BJPrinter
2008-10-16 10:33:48 ----A---- C:\WINDOWS\system32\hidserv.dll

======List of files/folders modified in the last 3 months======

2009-01-07 12:02:35 ----D---- C:\WINDOWS\Temp
2009-01-07 12:02:14 ----D---- C:\Program Files\Mozilla Firefox
2009-01-07 12:00:53 ----RD---- C:\Program Files
2009-01-07 12:00:53 ----D---- C:\WINDOWS\system32\drivers
2009-01-07 12:00:53 ----D---- C:\WINDOWS\system32
2009-01-07 12:00:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-07 11:03:00 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-07 11:01:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-03 16:32:48 ----D---- C:\WINDOWS
2008-12-31 18:15:11 ----HD---- C:\WINDOWS\inf
2008-12-18 11:56:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-18 11:55:44 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-12 11:01:00 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-10 22:30:25 ----A---- C:\WINDOWS\imsins.BAK
2008-12-10 22:03:30 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-09 17:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-02 18:25:40 ----D---- C:\Documents and Settings\Owner\Application Data\Adobe
2008-12-02 18:25:38 ----D---- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-12-02 18:25:19 ----D---- C:\WINDOWS\system32\Macromed
2008-11-18 12:04:17 ----D---- C:\WINDOWS\Help
2008-11-11 16:54:04 ----SHD---- C:\WINDOWS\Installer
2008-11-11 16:54:01 ----D---- C:\WINDOWS\WinSxS
2008-11-06 14:46:53 ----D---- C:\Program Files\Common Files
2008-11-06 14:46:06 ----SD---- C:\WINDOWS\Tasks
2008-11-04 12:18:51 ----D---- C:\Program Files\Common Files\Adobe
2008-11-04 12:18:43 ----D---- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-11-04 09:52:16 ----RSD---- C:\WINDOWS\assembly
2008-11-04 09:52:16 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-04 09:22:58 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2008-11-03 18:22:14 ----RSD---- C:\WINDOWS\Fonts
2008-11-03 18:16:52 ----D---- C:\Program Files\Internet Explorer
2008-11-02 14:24:34 ----D---- C:\Program Files\Java
2008-10-31 11:02:36 ----A---- C:\WINDOWS\win.ini
2008-10-31 11:02:25 ----D---- C:\Program Files\Windows Media Player
2008-10-31 10:59:23 ----D---- C:\WINDOWS\system32\LogFiles
2008-10-23 06:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 04:06:59 ----A---- C:\WINDOWS\system32\tzchange.exe
2008-10-20 18:53:26 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-20 18:52:48 ----A---- C:\WINDOWS\setuplog.txt
2008-10-20 18:51:38 ----D---- C:\WINDOWS\system32\wbem
2008-10-20 18:51:38 ----D---- C:\WINDOWS\system32\Setup
2008-10-20 18:51:38 ----D---- C:\WINDOWS\AppPatch
2008-10-19 16:29:27 ----D---- C:\WINDOWS\security
2008-10-19 16:23:59 ----D---- C:\Program Files\Messenger
2008-10-19 16:17:53 ----D---- C:\WINDOWS\ime
2008-10-19 16:17:19 ----D---- C:\WINDOWS\system32\usmt
2008-10-19 16:17:13 ----D---- C:\WINDOWS\PeerNet
2008-10-19 16:17:12 ----D---- C:\Program Files\Movie Maker
2008-10-19 16:11:55 ----D---- C:\WINDOWS\system32\Restore
2008-10-19 16:11:55 ----D---- C:\WINDOWS\system32\npp
2008-10-19 16:11:54 ----D---- C:\WINDOWS\msagent
2008-10-19 16:11:52 ----D---- C:\WINDOWS\srchasst
2008-10-19 16:11:51 ----D---- C:\Program Files\NetMeeting
2008-10-19 16:11:49 ----D---- C:\WINDOWS\system32\Com
2008-10-19 16:11:45 ----D---- C:\Program Files\Windows NT
2008-10-19 16:11:45 ----D---- C:\Program Files\Outlook Express
2008-10-19 16:11:41 ----D---- C:\Program Files\Common Files\System
2008-10-19 16:11:12 ----D---- C:\WINDOWS\system32\oobe
2008-10-19 16:11:06 ----D---- C:\WINDOWS\system
2008-10-19 16:07:02 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-18 22:29:12 ----D---- C:\WINDOWS\Debug
2008-10-16 16:35:15 ----D---- C:\WINDOWS\Registration
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 13:09:29 ----D---- C:\Downloads
2008-10-16 12:55:23 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-16 12:49:03 ----D---- C:\Program Files\Symantec
2008-10-16 12:49:03 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-10-16 12:25:10 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-16 12:05:22 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-16 11:06:29 ----D---- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-10-16 10:45:41 ----D---- C:\WINDOWS\occache
2008-10-16 10:38:46 ----A---- C:\WINDOWS\hplj1320.ini
2008-10-16 10:38:40 ----D---- C:\Program Files\Hewlett-Packard
2008-10-16 10:38:32 ----HD---- C:\Program Files\Zero G Registry
2008-10-16 10:36:59 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-16 10:36:59 ----D---- C:\Program Files\HP
2008-10-16 10:36:21 ----A---- C:\WINDOWS\Disney.ini
2008-10-15 19:00:11 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-15 19:00:11 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-15 19:00:10 ----A---- C:\WINDOWS\system32\shdocvw.dll
2008-10-15 10:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-10-16 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-10-16 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-06-06 8552]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-10-16 76040]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 SFSZ;DataPlow SFS for Zetera Storage Devices; C:\WINDOWS\system32\drivers\sfsz.sys [2005-10-17 356224]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-06-17 220032]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-06-21 807998]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 netwg311;NETGEAR WG311v2 802.11g Wireless PCI Adapter; C:\WINDOWS\system32\DRIVERS\netwg311.sys [2004-06-17 386688]
R3 odysseyIM3;Odyssey Network Services Miniport; C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2005-06-16 62865]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-03-18 542976]
R3 SunkFilt;Alcor Micro Corp - 9360; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056]
R3 ZetBus;Zetera Virtual Bus; C:\WINDOWS\system32\DRIVERS\ZetBus.sys [2005-10-13 14080]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2004-01-29 122110]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2004-01-29 99002]
S3 Dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SunkFilt39;Alcor Micro Corp - 3239; \??\C:\WINDOWS\System32\Drivers\sunkfilt39.sys []
S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZetMPD;ZetMPD; C:\WINDOWS\system32\DRIVERS\ZetMPD.sys [2005-10-13 4608]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-16 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-16 231704]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2005-06-06 172032]
R2 Zetera;Zetera; C:\Program Files\NETGEAR\SC101 Manager Utility\ZeteraService.exe [2005-10-13 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.05 2009-01-07 12:05:19

======Uninstall list======

-->MsiExec.exe /I{688A3383-3CE7-4094-9188-9C39D1E4FCB6}
-->MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Actiontec Gateway-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9692FD03-6662-4E62-B08C-30DFF51651E1}\setup.exe" -l0x9
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop Album 2.0 Starter Edition-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Digital Media Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
HammerHead Rhythm Station-->C:\Program Files\HammerHead\Uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Software Update-->MsiExec.exe /X{90B5E602-1867-449D-86FD-FC9DEA4434BF}
Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Linksys Bi-Admin-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Linksys\PrintServer\Uninst.isu"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Maxtor OneTouch-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3EC91FDF-FE9A-43D5-96C4-8A9C24372500} /l1033
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2004 System Pack-->MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Money 2004-->MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
NETGEAR SC101 Storage Central Manager software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88C5ADCE-C110-45DB-960B-43F21087CBF2}\setup.exe" -l0x9 -removeonly
NETGEAR WG311v2 802.11g Wireless PCI Adapter-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{936D42B8-FE51-41D5-A74A-6182F6CDB17B}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Print Server Driver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Print Server\PTP\Uninst.isu"
QuickBooks Pro 2005-->msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="pro" QBFULLNAME="QuickBooks Pro 2005" ADDREMOVE=1
QuickBooks Pro 2006-->msiexec.exe /I {688A3383-3CE7-4094-9188-9C39D1E4FCB6} UNIQUE_NAME="pro" QBFULLNAME="QuickBooks Pro 2006" ADDREMOVE=1
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Rhythm Rascal-->MsiExec.exe /I{080EC56E-708E-4F76-8777-F925ED655C9A}
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
SoftV92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IURSLST5K.inf
SoulSeek 157 NS 13c-->"C:\Program Files\SoulseekNS\uninstall.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: AVG Anti-Virus Free

System event log

Computer Name: EMACHINE
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{C568A271-F63D-41EE-9BDB-91945EF9EC12} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 96134
Source Name: Tcpip
Time Written: 20081230020517.000000-360
Event Type: information
User:

Computer Name: EMACHINE
Event Code: 7036
Message: The Wireless Zero Configuration service entered the running state.

Record Number: 96133
Source Name: Service Control Manager
Time Written: 20081230020458.000000-360
Event Type: information
User:

Computer Name: EMACHINE
Event Code: 7035
Message: The Wireless Zero Configuration service was successfully sent a start control.

Record Number: 96132
Source Name: Service Control Manager
Time Written: 20081230020457.000000-360
Event Type: information
User: EMACHINE\Owner

Computer Name: EMACHINE
Event Code: 7036
Message: The Wireless Zero Configuration service entered the stopped state.

Record Number: 96131
Source Name: Service Control Manager
Time Written: 20081230020457.000000-360
Event Type: information
User:

Computer Name: EMACHINE
Event Code: 7035
Message: The Wireless Zero Configuration service was successfully sent a stop control.

Record Number: 96130
Source Name: Service Control Manager
Time Written: 20081230020455.000000-360
Event Type: information
User: EMACHINE\Owner

Application event log

Computer Name: EMACHINE
Event Code: 1000
Message: Faulting application iexplore.exe, version 6.0.2900.2180, faulting module mshtml.dll, version 6.0.2900.2912, fault address 0x001652af.

Record Number: 3158
Source Name: Application Error
Time Written: 20060616124035.000000-300
Event Type: error
User:

Computer Name: EMACHINE
Event Code: 2002
Message:
Record Number: 3157
Source Name: EAPOL
Time Written: 20060616124022.000000-300
Event Type: information
User:

Computer Name: EMACHINE
Event Code: 2003
Message:
Record Number: 3156
Source Name: EAPOL
Time Written: 20060616124022.000000-300
Event Type: information
User:

Computer Name: EMACHINE
Event Code: 2002
Message:
Record Number: 3155
Source Name: EAPOL
Time Written: 20060616124018.000000-300
Event Type: information
User:

Computer Name: EMACHINE
Event Code: 2003
Message:
Record Number: 3154
Source Name: EAPOL
Time Written: 20060616124018.000000-300
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"ASLOGDIR"=C:\Program Files\Intuit\QuickBooks 2006\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------

gmer attached

Attached Files

  • Attached File  gmer.log   1.05KB   22 downloads


#4 inlifeindeath

inlifeindeath
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 07 January 2009 - 01:56 PM

i posted the files in separate posts, but for some reason it combined them. thanks for your help!

#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 08 January 2009 - 12:40 AM

IMPORTANT!! Uninstall Spybot S&D.. Then do below..


Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.myway.com/mysearch/?ptnrS=BW
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...hqiS3o6WJa24zlh
O2 - BHO: (no name) - {A4B1E6F8-3047-4D7E-9C04-27B0E7DFCD01} - (no file)
O2 - BHO: (no name) - {C37253DF-6319-4657-8E6A-F0506B6F151E} - C:\WINDOWS\system32\mlJCvTlM.dll (file missing)
O2 - BHO: (no name) - {E5DB3C9C-19AF-4E6B-8E55-9FE3463EAFD0} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O20 - AppInit_DLLs: avgrsstx.dll eflsrv.dll ncxkkh.dll


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis




NEXT


Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :files
    C:\WINDOWS\system32\mlJCvTlM.dll
    C:\WINDOWS\system32\MlTvCJlm.ini2
    C:\WINDOWS\system32\rowetdsg.ini
    C:\WINDOWS\system32\dlrduk.dll
    C:\WINDOWS\system32\ugwggahr.dll
    C:\WINDOWS\system32\vjfxivrh.dll
    C:\Documents and Settings\Owner\Application Data\Twain
    C:\WINDOWS\system32\6bcc5f10-.txt
    C:\WINDOWS\system32\MlTvCJlm.ini
    
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="avgrsstx.dll"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




Run RSIT again.. Post these logs in your next reply...

1. OTMoveIT3
2. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#6 inlifeindeath

inlifeindeath
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 08 January 2009 - 06:06 PM

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\mlJCvTlM.dll not found.
C:\WINDOWS\system32\MlTvCJlm.ini2 moved successfully.
C:\WINDOWS\system32\rowetdsg.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\dlrduk.dll
C:\WINDOWS\system32\dlrduk.dll NOT unregistered.
C:\WINDOWS\system32\dlrduk.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ugwggahr.dll
C:\WINDOWS\system32\ugwggahr.dll NOT unregistered.
C:\WINDOWS\system32\ugwggahr.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\vjfxivrh.dll
C:\WINDOWS\system32\vjfxivrh.dll NOT unregistered.
C:\WINDOWS\system32\vjfxivrh.dll moved successfully.
C:\Documents and Settings\Owner\Application Data\Twain moved successfully.
C:\WINDOWS\system32\6bcc5f10-.txt moved successfully.
C:\WINDOWS\system32\MlTvCJlm.ini moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"avgrsstx.dll" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Authentication Packages"|hex(7):6d,73,76,31,5f,30,00,00 /E : value set successfully!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_LxqfdnqsnV4MpcpWrHXM scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\oteesk5q.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\oteesk5q.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\oteesk5q.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\oteesk5q.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\oteesk5q.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\oteesk5q.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01082009_165844

Files moved on Reboot...
File C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_LxqfdnqsnV4MpcpWrHXM not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\oteesk5q.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\oteesk5q.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\oteesk5q.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\oteesk5q.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\oteesk5q.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\oteesk5q.default\XUL.mfl moved successfully.




Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2009-01-08 17:05:33
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 63 GB (87%) free of 73 GB
Total RAM: 503 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:05:39 PM, on 1/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\NETGEAR\SC101 Manager Utility\ZeteraService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Zetera - Zetera Corporation - C:\Program Files\NETGEAR\SC101 Manager Utility\ZeteraService.exe

--
End of file - 4885 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\ISP signup reminder 1.job
C:\WINDOWS\tasks\ISP signup reminder 3.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-16 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-16 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"=C:\Program Files\Digital Media Reader\shwiconem.exe [2004-10-18 135168]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-13 212992]
"MaxtorOneTouch"=C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe [2003-05-21 45056]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-06-21 155648]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2004-01-07 49152]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-06-21 126976]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-27 1261336]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-09-12 36352]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
NETGEAR WG311v2 Smart Configuration.lnk - C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-06-21 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Disabled:javaw"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL"
"C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe"="C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Disabled:QuickBooks 2006 Data Manager"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Mozilla Firefox"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\SoulseekNS\slsk.exe"="C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-01-08 16:58:44 ----D---- C:\_OTMoveIt
2009-01-07 12:07:35 ----A---- C:\WINDOWS\gmer.ini
2009-01-07 12:07:33 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-01-07 12:07:33 ----A---- C:\WINDOWS\gmer.exe
2009-01-07 12:07:33 ----A---- C:\WINDOWS\gmer.dll
2009-01-07 12:04:57 ----D---- C:\rsit
2009-01-07 11:06:56 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2009-01-07 11:06:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-07 11:06:45 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-05 18:15:47 ----D---- C:\Program Files\Trend Micro
2009-01-03 16:32:48 ----A---- C:\WINDOWS\wininit.ini
2009-01-03 15:57:40 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-01-03 15:57:40 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-18 11:56:01 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-10 22:30:10 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 22:28:59 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-10 22:28:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 22:27:59 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 22:27:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-01 18:33:24 ----D---- C:\WINDOWS\system32\Adobe
2008-11-19 22:34:05 ----D---- C:\Program Files\Audacity
2008-11-14 16:28:10 ----D---- C:\Documents and Settings\Owner\Application Data\WinRAR
2008-11-14 16:27:46 ----D---- C:\Program Files\WinRAR
2008-11-12 23:02:29 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-11 16:54:44 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-11 16:54:30 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-06 14:46:53 ----D---- C:\Program Files\Common Files\Apple
2008-11-06 14:46:47 ----D---- C:\Program Files\QuickTime
2008-11-06 14:46:37 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-11-06 14:45:53 ----D---- C:\Program Files\Apple Software Update
2008-11-06 14:45:53 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-11-04 09:23:59 ----D---- C:\Documents and Settings\Owner\Application Data\RhythmRascal
2008-11-04 09:22:55 ----D---- C:\Program Files\Rhythm Rascal
2008-11-03 18:22:34 ----D---- C:\WINDOWS\system32\XPSViewer
2008-11-03 18:22:23 ----D---- C:\Program Files\MSBuild
2008-11-03 18:22:04 ----D---- C:\Program Files\Reference Assemblies
2008-11-03 18:20:41 ----A---- C:\WINDOWS\system32\prntvpt.dll
2008-11-03 18:20:40 ----A---- C:\WINDOWS\system32\xpsshhdr.dll
2008-11-03 18:20:39 ----A---- C:\WINDOWS\system32\xpssvcs.dll
2008-11-03 18:20:38 ----D---- C:\02dc34d50910fe701e1e76
2008-11-02 16:32:00 ----A---- C:\WINDOWS\system32\igfxres.dll
2008-11-02 14:24:35 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-02 14:24:35 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-02 14:24:35 ----A---- C:\WINDOWS\system32\java.exe
2008-11-02 14:22:19 ----D---- C:\Program Files\ordrumbox
2008-11-02 14:12:30 ----D---- C:\Program Files\HammerHead
2008-10-31 22:25:27 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-10-31 22:24:59 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-10-31 22:24:33 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-10-31 22:24:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-10-31 22:23:39 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-10-31 11:02:58 ----A---- C:\WINDOWS\system32\spmsg.dll
2008-10-31 11:02:52 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-10-31 11:02:26 ----D---- C:\Program Files\Windows Media Connect 2
2008-10-31 11:02:06 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-10-31 11:00:05 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-10-31 10:59:14 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-10-31 10:53:05 ----D---- C:\Program Files\Netflix
2008-10-25 11:50:20 ----D---- C:\Documents and Settings\All Users\Application Data\Soulseek
2008-10-25 11:48:58 ----D---- C:\Program Files\SoulseekNS
2008-10-23 21:35:38 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-20 23:04:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-20 18:52:13 ----D---- C:\WINDOWS\Prefetch
2008-10-19 16:26:13 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-19 16:26:00 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-19 16:25:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-19 16:25:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-19 16:25:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-19 16:25:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-19 16:25:03 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-19 16:24:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-19 16:24:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-19 16:24:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-19 16:24:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-19 16:24:14 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-19 16:24:06 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-19 16:23:58 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-19 16:23:49 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-19 16:17:19 ----D---- C:\WINDOWS\system32\en-us
2008-10-19 16:17:17 ----D---- C:\WINDOWS\system32\scripting
2008-10-19 16:17:16 ----D---- C:\WINDOWS\l2schemas
2008-10-19 16:17:14 ----D---- C:\WINDOWS\system32\en
2008-10-19 16:17:13 ----D---- C:\WINDOWS\system32\bits
2008-10-19 16:12:01 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-19 16:09:02 ----D---- C:\WINDOWS\network diagnostic
2008-10-19 16:01:56 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-19 16:01:53 ----D---- C:\WINDOWS\EHome
2008-10-18 23:14:20 ----A---- C:\WINDOWS\system32\xmllite.dll
2008-10-18 23:14:14 ----A---- C:\WINDOWS\system32\wmphoto.dll
2008-10-18 23:14:08 ----A---- C:\WINDOWS\system32\wlanapi.dll
2008-10-18 23:14:05 ----A---- C:\WINDOWS\system32\windowscodecsext.dll
2008-10-18 23:14:05 ----A---- C:\WINDOWS\system32\windowscodecs.dll
2008-10-18 23:13:50 ----A---- C:\WINDOWS\system32\tspkg.dll
2008-10-18 23:13:49 ----A---- C:\WINDOWS\system32\tsgqec.dll
2008-10-18 23:13:37 ----A---- C:\WINDOWS\system32\spupdwxp.exe
2008-10-18 23:13:34 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-10-18 23:13:32 ----N---- C:\WINDOWS\slrundll.exe
2008-10-18 23:13:32 ----A---- C:\WINDOWS\system32\slserv.exe
2008-10-18 23:13:32 ----A---- C:\WINDOWS\system32\slrundll.exe
2008-10-18 23:13:32 ----A---- C:\WINDOWS\system32\slgen.dll
2008-10-18 23:13:32 ----A---- C:\WINDOWS\system32\slextspk.dll
2008-10-18 23:13:32 ----A---- C:\WINDOWS\system32\slcoinst.dll
2008-10-18 23:13:27 ----A---- C:\WINDOWS\system32\setupn.exe
2008-10-18 23:13:23 ----A---- C:\WINDOWS\system32\s3gnb.dll
2008-10-18 23:13:20 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2008-10-18 23:13:18 ----A---- C:\WINDOWS\system32\rasqec.dll
2008-10-18 23:13:16 ----A---- C:\WINDOWS\system32\qutil.dll
2008-10-18 23:13:15 ----A---- C:\WINDOWS\system32\qcliprov.dll
2008-10-18 23:13:14 ----A---- C:\WINDOWS\system32\qagentrt.dll
2008-10-18 23:13:14 ----A---- C:\WINDOWS\system32\qagent.dll
2008-10-18 23:13:10 ----A---- C:\WINDOWS\system32\photometadatahandler.dll
2008-10-18 23:13:04 ----A---- C:\WINDOWS\system32\onex.dll
2008-10-18 23:12:43 ----A---- C:\WINDOWS\system32\napstat.exe
2008-10-18 23:12:42 ----A---- C:\WINDOWS\system32\napmontr.dll
2008-10-18 23:12:42 ----A---- C:\WINDOWS\system32\napipsec.dll
2008-10-18 23:12:41 ----A---- C:\WINDOWS\system32\mtxparhd.dll
2008-10-18 23:12:40 ----A---- C:\WINDOWS\system32\msxml6r.dll
2008-10-18 23:12:40 ----A---- C:\WINDOWS\system32\msxml6.dll
2008-10-18 23:12:32 ----A---- C:\WINDOWS\system32\msshavmsg.dll
2008-10-18 23:12:32 ----A---- C:\WINDOWS\system32\mssha.dll
2008-10-18 23:11:59 ----A---- C:\WINDOWS\system32\mmcperf.exe
2008-10-18 23:11:58 ----A---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-10-18 23:11:58 ----A---- C:\WINDOWS\system32\mmcex.dll
2008-10-18 23:11:57 ----A---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-10-18 23:11:32 ----A---- C:\WINDOWS\system32\l2gpstore.dll
2008-10-18 23:11:22 ----A---- C:\WINDOWS\system32\kmsvc.dll
2008-10-18 23:11:21 ----A---- C:\WINDOWS\system32\kbdpash.dll
2008-10-18 23:11:21 ----A---- C:\WINDOWS\system32\kbdnepr.dll
2008-10-18 23:11:20 ----A---- C:\WINDOWS\system32\kbdiultn.dll
2008-10-18 23:11:20 ----A---- C:\WINDOWS\system32\kbdbhc.dll
2008-10-18 23:10:49 ----A---- C:\WINDOWS\system32\hsfcisp2.dll
2008-10-18 23:10:40 ----A---- C:\WINDOWS\system32\faxpatch.exe
2008-10-18 23:10:40 ----A---- C:\WINDOWS\002747_.tmp
2008-10-18 23:10:36 ----A---- C:\WINDOWS\system32\eapsvc.dll
2008-10-18 23:10:35 ----A---- C:\WINDOWS\system32\eapqec.dll
2008-10-18 23:10:35 ----A---- C:\WINDOWS\system32\eappprxy.dll
2008-10-18 23:10:35 ----A---- C:\WINDOWS\system32\eapphost.dll
2008-10-18 23:10:35 ----A---- C:\WINDOWS\system32\eappgnui.dll
2008-10-18 23:10:35 ----A---- C:\WINDOWS\system32\eappcfg.dll
2008-10-18 23:10:35 ----A---- C:\WINDOWS\system32\eapp3hst.dll
2008-10-18 23:10:35 ----A---- C:\WINDOWS\system32\eapolqec.dll
2008-10-18 23:10:27 ----A---- C:\WINDOWS\system32\dot3ui.dll
2008-10-18 23:10:27 ----A---- C:\WINDOWS\system32\dot3svc.dll
2008-10-18 23:10:27 ----A---- C:\WINDOWS\system32\dot3msm.dll
2008-10-18 23:10:27 ----A---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-10-18 23:10:27 ----A---- C:\WINDOWS\system32\dot3dlg.dll
2008-10-18 23:10:27 ----A---- C:\WINDOWS\system32\dot3cfg.dll
2008-10-18 23:10:27 ----A---- C:\WINDOWS\system32\dot3api.dll
2008-10-18 23:10:25 ----A---- C:\WINDOWS\system32\dimsroam.dll
2008-10-18 23:10:25 ----A---- C:\WINDOWS\system32\dimsntfy.dll
2008-10-18 23:10:24 ----A---- C:\WINDOWS\system32\dhcpqec.dll
2008-10-18 23:10:21 ----A---- C:\WINDOWS\system32\credssp.dll
2008-10-18 23:10:15 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2008-10-18 23:10:14 ----A---- C:\WINDOWS\system32\azroles.dll
2008-10-18 23:10:12 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2008-10-18 23:10:12 ----A---- C:\WINDOWS\system32\ativtmxx.dll
2008-10-18 23:10:12 ----A---- C:\WINDOWS\system32\ati3duag.dll
2008-10-18 23:10:12 ----A---- C:\WINDOWS\system32\ati3d1ag.dll
2008-10-18 23:10:11 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2008-10-18 23:10:11 ----A---- C:\WINDOWS\system32\ati2dvaa.dll
2008-10-18 23:10:11 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2008-10-18 23:10:04 ----A---- C:\WINDOWS\system32\aaclient.dll
2008-10-16 16:38:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-10-16 16:37:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-10-16 16:37:51 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-10-16 16:37:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-16 16:37:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 16:37:33 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-16 16:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-10-16 16:37:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-10-16 16:37:11 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-16 16:36:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-10-16 16:36:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-10-16 16:36:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-10-16 16:36:29 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-10-16 16:36:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-10-16 16:36:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-10-16 16:35:54 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-10-16 16:35:33 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-10-16 16:33:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956390_0$
2008-10-16 16:33:01 ----D---- C:\Program Files\MSXML 4.0
2008-10-16 16:32:46 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-10-16 13:11:09 ----A---- C:\WINDOWS\system32\pxsfs.dll
2008-10-16 13:11:09 ----A---- C:\WINDOWS\system32\pxinsa64.exe
2008-10-16 13:11:09 ----A---- C:\WINDOWS\system32\pxhpinst.exe
2008-10-16 13:11:09 ----A---- C:\WINDOWS\system32\pxcpya64.exe
2008-10-16 13:11:09 ----A---- C:\WINDOWS\system32\pxafs.dll
2008-10-16 13:11:08 ----A---- C:\WINDOWS\system32\vxblock.dll
2008-10-16 13:11:08 ----A---- C:\WINDOWS\system32\pxdrv.dll
2008-10-16 13:11:07 ----A---- C:\WINDOWS\system32\pxwave.dll
2008-10-16 13:11:07 ----A---- C:\WINDOWS\system32\pxmas.dll
2008-10-16 13:11:07 ----A---- C:\WINDOWS\system32\px.dll
2008-10-16 13:11:04 ----D---- C:\Program Files\Winamp
2008-10-16 13:11:04 ----D---- C:\Documents and Settings\Owner\Application Data\Winamp
2008-10-16 12:58:23 ----HD---- C:\$AVG8.VAULT$
2008-10-16 12:55:49 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-10-16 12:55:45 ----D---- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-10-16 12:55:31 ----D---- C:\Program Files\AVG
2008-10-16 12:55:30 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-16 12:42:57 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-10-16 10:56:17 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 10:56:17 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 10:56:17 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 10:43:41 ----HD---- C:\BJPrinter
2008-10-16 10:33:48 ----A---- C:\WINDOWS\system32\hidserv.dll

======List of files/folders modified in the last 3 months======

2009-01-08 17:05:38 ----D---- C:\WINDOWS\Temp
2009-01-08 17:03:23 ----D---- C:\Program Files\Mozilla Firefox
2009-01-08 17:01:15 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-08 16:58:45 ----D---- C:\WINDOWS\system32
2009-01-08 16:48:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-07 12:07:35 ----D---- C:\WINDOWS
2009-01-07 12:07:33 ----D---- C:\WINDOWS\system32\drivers
2009-01-07 12:00:53 ----RD---- C:\Program Files
2009-01-07 11:03:00 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-31 18:15:11 ----HD---- C:\WINDOWS\inf
2008-12-18 11:56:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-18 11:55:44 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-12 11:01:00 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-10 22:30:25 ----A---- C:\WINDOWS\imsins.BAK
2008-12-10 22:03:30 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-09 17:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-02 18:25:40 ----D---- C:\Documents and Settings\Owner\Application Data\Adobe
2008-12-02 18:25:38 ----D---- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-12-02 18:25:19 ----D---- C:\WINDOWS\system32\Macromed
2008-11-18 12:04:17 ----D---- C:\WINDOWS\Help
2008-11-11 16:54:04 ----SHD---- C:\WINDOWS\Installer
2008-11-11 16:54:01 ----D---- C:\WINDOWS\WinSxS
2008-11-06 14:46:53 ----D---- C:\Program Files\Common Files
2008-11-06 14:46:06 ----SD---- C:\WINDOWS\Tasks
2008-11-04 12:18:51 ----D---- C:\Program Files\Common Files\Adobe
2008-11-04 12:18:43 ----D---- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-11-04 09:52:16 ----RSD---- C:\WINDOWS\assembly
2008-11-04 09:52:16 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-04 09:22:58 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2008-11-03 18:22:14 ----RSD---- C:\WINDOWS\Fonts
2008-11-03 18:16:52 ----D---- C:\Program Files\Internet Explorer
2008-11-02 14:24:34 ----D---- C:\Program Files\Java
2008-10-31 11:02:36 ----A---- C:\WINDOWS\win.ini
2008-10-31 11:02:25 ----D---- C:\Program Files\Windows Media Player
2008-10-31 10:59:23 ----D---- C:\WINDOWS\system32\LogFiles
2008-10-23 06:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 04:06:59 ----A---- C:\WINDOWS\system32\tzchange.exe
2008-10-20 18:53:26 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-20 18:52:48 ----A---- C:\WINDOWS\setuplog.txt
2008-10-20 18:51:38 ----D---- C:\WINDOWS\system32\wbem
2008-10-20 18:51:38 ----D---- C:\WINDOWS\system32\Setup
2008-10-20 18:51:38 ----D---- C:\WINDOWS\AppPatch
2008-10-19 16:29:27 ----D---- C:\WINDOWS\security
2008-10-19 16:23:59 ----D---- C:\Program Files\Messenger
2008-10-19 16:17:53 ----D---- C:\WINDOWS\ime
2008-10-19 16:17:19 ----D---- C:\WINDOWS\system32\usmt
2008-10-19 16:17:13 ----D---- C:\WINDOWS\PeerNet
2008-10-19 16:17:12 ----D---- C:\Program Files\Movie Maker
2008-10-19 16:11:55 ----D---- C:\WINDOWS\system32\Restore
2008-10-19 16:11:55 ----D---- C:\WINDOWS\system32\npp
2008-10-19 16:11:54 ----D---- C:\WINDOWS\msagent
2008-10-19 16:11:52 ----D---- C:\WINDOWS\srchasst
2008-10-19 16:11:51 ----D---- C:\Program Files\NetMeeting
2008-10-19 16:11:49 ----D---- C:\WINDOWS\system32\Com
2008-10-19 16:11:45 ----D---- C:\Program Files\Windows NT
2008-10-19 16:11:45 ----D---- C:\Program Files\Outlook Express
2008-10-19 16:11:41 ----D---- C:\Program Files\Common Files\System
2008-10-19 16:11:12 ----D---- C:\WINDOWS\system32\oobe
2008-10-19 16:11:06 ----D---- C:\WINDOWS\system
2008-10-19 16:07:02 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-18 22:29:12 ----D---- C:\WINDOWS\Debug
2008-10-16 16:35:15 ----D---- C:\WINDOWS\Registration
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 13:09:29 ----D---- C:\Downloads
2008-10-16 12:55:23 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-16 12:49:03 ----D---- C:\Program Files\Symantec
2008-10-16 12:49:03 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-10-16 12:25:10 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-16 12:05:22 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-16 11:06:29 ----D---- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-10-16 10:45:41 ----D---- C:\WINDOWS\occache
2008-10-16 10:38:46 ----A---- C:\WINDOWS\hplj1320.ini
2008-10-16 10:38:40 ----D---- C:\Program Files\Hewlett-Packard
2008-10-16 10:38:32 ----HD---- C:\Program Files\Zero G Registry
2008-10-16 10:36:59 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-16 10:36:59 ----D---- C:\Program Files\HP
2008-10-16 10:36:21 ----A---- C:\WINDOWS\Disney.ini
2008-10-15 19:00:11 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-15 19:00:11 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-15 19:00:10 ----A---- C:\WINDOWS\system32\shdocvw.dll
2008-10-15 10:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-10-16 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-10-16 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-06-06 8552]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-10-16 76040]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 SFSZ;DataPlow SFS for Zetera Storage Devices; C:\WINDOWS\system32\drivers\sfsz.sys [2005-10-17 356224]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-06-17 220032]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-06-21 807998]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 netwg311;NETGEAR WG311v2 802.11g Wireless PCI Adapter; C:\WINDOWS\system32\DRIVERS\netwg311.sys [2004-06-17 386688]
R3 odysseyIM3;Odyssey Network Services Miniport; C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2005-06-16 62865]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-03-18 542976]
R3 SunkFilt;Alcor Micro Corp - 9360; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056]
R3 ZetBus;Zetera Virtual Bus; C:\WINDOWS\system32\DRIVERS\ZetBus.sys [2005-10-13 14080]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2004-01-29 122110]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2004-01-29 99002]
S3 Dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-07 85969]
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SunkFilt39;Alcor Micro Corp - 3239; \??\C:\WINDOWS\System32\Drivers\sunkfilt39.sys []
S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZetMPD;ZetMPD; C:\WINDOWS\system32\DRIVERS\ZetMPD.sys [2005-10-13 4608]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-16 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-16 231704]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2005-06-06 172032]
R2 Zetera;Zetera; C:\Program Files\NETGEAR\SC101 Manager Utility\ZeteraService.exe [2005-10-13 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 09 January 2009 - 08:07 AM

Looks good, lets do an online scan to make sure we get them all :thumbsup:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 inlifeindeath

inlifeindeath
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 09 January 2009 - 09:04 PM

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3755 (20090109)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=4e7d9018ca6d3848b7065a0b297ca2eb
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-10 02:00:56
# local_time=2009-01-09 08:00:56 (-0600, Central Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=263978
# found=2
# scan_time=2500
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetSpeedMonitor.zip Win32/Bagle.gen.zip worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip Win32/Bagle.gen.zip worm (unable to clean - deleted) 00000000000000000000000000000000

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 10 January 2009 - 04:06 PM

Looks good to me.. Lets do some cleanup...


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbsup:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 inlifeindeath

inlifeindeath
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 10 January 2009 - 05:36 PM

thanks so much! everything seems to be all good. can you please recommend a good anti-virus program for protection?

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 11 January 2009 - 12:18 AM

You already have AVG8 which is good enough for me.. Just read and take notes of the miekiemoes articles that I showed you before on how to prevent malware..


Anymore question? :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 inlifeindeath

inlifeindeath
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 12 January 2009 - 07:00 PM

Title was: Infected with Vundo.DA, DB, & DD, Please help me! ~ OB

The only symptom I've had so far is the windows shield prompting me to turn on my firewall, despite it already bring turned on. Ran an AVG scan and it comes up with 9 trojans, named in the topic. Please help!


DDS (Ver_09-01-07.01) - NTFSx86
Run by Owner at 17:54:41.48 on Mon 01/12/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.193 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\NETGEAR\SC101 Manager Utility\ZeteraService.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {d16077fc-bad5-5799-af54-fa30a1499814}: {4189941a-03af-45fa-9975-5dabcf77061d} - c:\windows\system32\ewrjwn.dll
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\geBsqqRk.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: {cd1d9fd7-0c62-4a9c-8faa-a90227185de7} - c:\windows\system32\iifeeeCT.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [GetModule33] "c:\program files\getmodule\GetModule33.exe"
mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [MaxtorOneTouch] c:\progra~1\maxtor\onetouch\utils\OneTouch.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [60ef9b6e] rundll32.exe "c:\windows\system32\ogqukciq.dll",b
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear wg311v2 adapter\wlancfg5.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: geBsqqRk - geBsqqRk.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: avgrsstx.dll ewrjwn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\geBsqqRk.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\iifeeeCT

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\oteesk5q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-16 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-10-16 26824]
R3 ZetBus;Zetera Virtual Bus;c:\windows\system32\drivers\ZetBus.sys [2005-11-10 14080]
R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-10-16 875288]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-10-16 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-10-16 76040]
R4 SFSZ;DataPlow SFS for Zetera Storage Devices;c:\windows\system32\drivers\sfsz.sys [2005-11-10 356224]
R4 Zetera;Zetera;c:\program files\netgear\sc101 manager utility\ZeteraService.exe [2005-11-10 69632]
S0 ZetSFD;ZetSFD;c:\windows\system32\drivers\ZetSFD.sys [2005-11-10 12032]
S3 ZetMPD;ZetMPD;c:\windows\system32\drivers\ZetMPD.sys [2005-11-10 4608]

=============== Created Last 30 ================

2009-01-10 17:28 1,256,329 ---sh--- c:\windows\system32\qickuqgo.ini
2009-01-10 17:25 676,018 a--sh--- c:\windows\system32\TCeeefii.ini2
2009-01-10 17:25 676,070 a--sh--- c:\windows\system32\TCeeefii.ini
2009-01-10 17:20 <DIR> --d----- c:\program files\GetModule
2009-01-10 17:20 <DIR> --d----- c:\program files\iCheck
2009-01-10 17:20 36,352 a------- c:\windows\system32\geBsqqRk.dll
2009-01-09 19:14 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-01-07 11:06 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-01-07 11:06 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-07 11:06 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-07 11:06 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-07 11:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-05 18:15 <DIR> --d----- c:\program files\Trend Micro
2009-01-03 16:32 95 a------- c:\windows\wininit.ini
2009-01-03 15:57 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-01-03 15:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

==================== Find3M ====================

2008-10-23 06:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-19 16:21 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-16 12:55 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-10-15 19:00 666,112 a------- c:\windows\system32\wininet.dll
2004-07-02 12:19 40,960 a------- c:\windows\inf\wg311v2\imdinst.exe
2004-06-17 23:41 386,688 a------- c:\windows\inf\wg311v2\netwg311_XP.sys
2004-04-04 13:07 84,912 a------- c:\windows\inf\wg311v2\FwRad17.bin
2004-04-04 13:07 83,320 a------- c:\windows\inf\wg311v2\FwRad16.bin
2004-02-04 12:53 62,865 a------- c:\windows\inf\wg311v2\odysseyIM3.sys
2004-02-04 12:53 12,739 a------- c:\windows\inf\wg311v2\odNetInstall.dll

============= FINISH: 17:55:24.03 ===============

Attached Files


Edited by Orange Blossom, 12 January 2009 - 10:47 PM.
Merged topics. ~ OB


#13 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,012 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:34 AM

Posted 12 January 2009 - 10:49 PM

Hello inlifeindeath,

With the approval of your helper, I have merged your latest topic with your previously existing topic.

Back to you fenzodahl512 :)

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:34 PM

Posted 12 January 2009 - 10:53 PM

Thank you OB..

Hello... You just get re-infected.. Please update and run Malwarebytes' again and post the log here.. Then do below..

Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 inlifeindeath

inlifeindeath
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:34 AM

Posted 13 January 2009 - 01:11 PM

Malwarebytes' Anti-Malware 1.32
Database version: 1648
Windows 5.1.2600 Service Pack 3

1/13/2009 12:04:02 PM
mbam-log-2009-01-13 (12-04-02).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 92102
Time elapsed: 38 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 15
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\geBsqqRk.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4189941a-03af-45fa-9975-5dabcf77061d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4189941a-03af-45fa-9975-5dabcf77061d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebsqqrk (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\icheck (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\GetModule (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\60ef9b6e (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\getmodule33 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\ewrjwn.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\geBsqqRk.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KXEN0H6V\CAQJCPAB (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP400\A0028296.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP400\A0028298.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.


Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2009-01-13 12:10:13
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 63 GB (87%) free of 73 GB
Total RAM: 503 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:27 PM, on 1/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\NETGEAR\SC101 Manager Utility\ZeteraService.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {CD1D9FD7-0C62-4A9C-8FAA-A90227185DE7} - C:\WINDOWS\system32\iifeeeCT.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll ewrjwn.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Zetera - Zetera Corporation - C:\Program Files\NETGEAR\SC101 Manager Utility\ZeteraService.exe

--
End of file - 5236 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\ISP signup reminder 1.job
C:\WINDOWS\tasks\ISP signup reminder 3.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-16 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD1D9FD7-0C62-4A9C-8FAA-A90227185DE7}]
C:\WINDOWS\system32\iifeeeCT.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-16 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"=C:\Program Files\Digital Media Reader\shwiconem.exe [2004-10-18 135168]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-13 212992]
"MaxtorOneTouch"=C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe [2003-05-21 45056]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-06-21 155648]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2004-01-07 49152]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-06-21 126976]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-27 1261336]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-09-12 36352]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2007-07-12 132496]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
NETGEAR WG311v2 Smart Configuration.lnk - C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll ewrjwn.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-06-21 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\iifeeeCT

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Disabled:javaw"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL"
"C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe"="C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Disabled:QuickBooks 2006 Data Manager"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Mozilla Firefox"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\SoulseekNS\slsk.exe"="C:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d809ddb-d6c2-11d9-83c0-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480


======List of files/folders created in the last 3 months======

2009-01-13 12:10:13 ----D---- C:\rsit
2009-01-10 17:28:43 ----SH---- C:\WINDOWS\system32\qickuqgo.ini
2009-01-10 17:26:22 ----A---- C:\WINDOWS\system32\6bcc5f10-.txt
2009-01-10 17:25:35 ----ASH---- C:\WINDOWS\system32\TCeeefii.ini2
2009-01-10 17:25:33 ----ASH---- C:\WINDOWS\system32\TCeeefii.ini
2009-01-09 19:14:54 ----D---- C:\Program Files\EsetOnlineScanner
2009-01-07 11:06:56 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2009-01-07 11:06:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-07 11:06:45 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-05 18:15:47 ----D---- C:\Program Files\Trend Micro
2009-01-03 16:32:48 ----A---- C:\WINDOWS\wininit.ini
2009-01-03 15:57:40 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-01-03 15:57:40 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-18 11:56:01 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-10 22:30:10 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 22:28:59 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-10 22:28:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 22:27:59 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 22:27:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-01 18:33:24 ----D---- C:\WINDOWS\system32\Adobe
2008-11-19 22:34:05 ----D---- C:\Program Files\Audacity
2008-11-14 16:28:10 ----D---- C:\Documents and Settings\Owner\Application Data\WinRAR
2008-11-14 16:27:46 ----D---- C:\Program Files\WinRAR
2008-11-12 23:02:29 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-11 16:54:44 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-11 16:54:30 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-06 14:46:53 ----D---- C:\Program Files\Common Files\Apple
2008-11-06 14:46:47 ----D---- C:\Program Files\QuickTime
2008-11-06 14:46:37 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-11-06 14:45:53 ----D---- C:\Program Files\Apple Software Update
2008-11-06 14:45:53 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-11-04 09:23:59 ----D---- C:\Documents and Settings\Owner\Application Data\RhythmRascal
2008-11-04 09:22:55 ----D---- C:\Program Files\Rhythm Rascal
2008-11-03 18:22:34 ----D---- C:\WINDOWS\system32\XPSViewer
2008-11-03 18:22:23 ----D---- C:\Program Files\MSBuild
2008-11-03 18:22:04 ----D---- C:\Program Files\Reference Assemblies
2008-11-03 18:20:41 ----A---- C:\WINDOWS\system32\prntvpt.dll
2008-11-03 18:20:40 ----A---- C:\WINDOWS\system32\xpsshhdr.dll
2008-11-03 18:20:39 ----A---- C:\WINDOWS\system32\xpssvcs.dll
2008-11-03 18:20:38 ----D---- C:\02dc34d50910fe701e1e76
2008-11-02 16:32:00 ----A---- C:\WINDOWS\system32\igfxres.dll
2008-11-02 14:24:35 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-02 14:24:35 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-02 14:24:35 ----A---- C:\WINDOWS\system32\java.exe
2008-11-02 14:22:19 ----D---- C:\Program Files\ordrumbox
2008-11-02 14:12:30 ----D---- C:\Program Files\HammerHead
2008-10-31 22:25:27 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-10-31 22:24:59 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-10-31 22:24:33 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-10-31 22:24:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-10-31 22:23:39 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-10-31 11:02:58 ----A---- C:\WINDOWS\system32\spmsg.dll
2008-10-31 11:02:52 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-10-31 11:02:26 ----D---- C:\Program Files\Windows Media Connect 2
2008-10-31 11:02:06 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-10-31 11:00:05 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-10-31 10:59:14 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-10-31 10:53:05 ----D---- C:\Program Files\Netflix
2008-10-25 11:50:20 ----D---- C:\Documents and Settings\All Users\Application Data\Soulseek
2008-10-25 11:48:58 ----D---- C:\Program Files\SoulseekNS
2008-10-23 21:35:38 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-20 23:04:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-20 18:52:13 ----D---- C:\WINDOWS\Prefetch
2008-10-19 16:26:13 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-19 16:26:00 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-19 16:25:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-19 16:25:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-19 16:25:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-19 16:25:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-19 16:25:03 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-19 16:24:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-19 16:24:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-19 16:24:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-19 16:24:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-19 16:24:14 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-19 16:24:06 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-19 16:23:58 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-19 16:23:49 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-19 16:17:19 ----D---- C:\WINDOWS\system32\en-us
2008-10-19 16:17:17 ----D---- C:\WINDOWS\system32\scripting
2008-10-19 16:17:16 ----D---- C:\WINDOWS\l2schemas
2008-10-19 16:17:14 ----D---- C:\WINDOWS\system32\en
2008-10-19 16:17:13 ----D---- C:\WINDOWS\system32\bits
2008-10-19 16:12:01 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-19 16:09:02 ----D---- C:\WINDOWS\network diagnostic
2008-10-19 16:01:56 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-19 16:01:53 ----D---- C:\WINDOWS\EHome
2008-10-18 23:14:20 ----A---- C:\WINDOWS\system32\xmllite.dll
2008-10-18 23:14:14 ----A---- C:\WINDOWS\system32\wmphoto.dll
2008-10-18 23:14:08 ----A---- C:\WINDOWS\system32\wlanapi.dll
2008-10-18 23:14:05 ----A---- C:\WINDOWS\system32\windowscodecsext.dll
2008-10-18 23:14:05 ----A---- C:\WINDOWS\system32\windowscodecs.dll
2008-10-18 23:13:50 ----A---- C:\WINDOWS\system32\tspkg.dll
2008-10-18 23:13:49 ----A---- C:\WINDOWS\system32\tsgqec.dll
2008-10-18 23:13:37 ----A---- C:\WINDOWS\system32\spupdwxp.exe
2008-10-18 23:13:34 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-10-18 23:13:32 ----N---- C:\WINDOWS\slrundll.exe
2008-10-18 23:13:32 ----A---- C:\WINDOWS\system32\slserv.exe
2008-10-18 23:13:32 ----A---- C:\WINDOWS\system32\slrundll.exe
2008-10-18 23:13:32 ----A---- C:\WINDOWS\system32\slgen.dll
2008-10-18 23:13:32 ----A---- C:\WINDOWS\system32\slextspk.dll
2008-10-18 23:13:32 ----A---- C:\WINDOWS\system32\slcoinst.dll
2008-10-18 23:13:27 ----A---- C:\WINDOWS\system32\setupn.exe
2008-10-18 23:13:23 ----A---- C:\WINDOWS\system32\s3gnb.dll
2008-10-18 23:13:20 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2008-10-18 23:13:18 ----A---- C:\WINDOWS\system32\rasqec.dll
2008-10-18 23:13:16 ----A---- C:\WINDOWS\system32\qutil.dll
2008-10-18 23:13:15 ----A---- C:\WINDOWS\system32\qcliprov.dll
2008-10-18 23:13:14 ----A---- C:\WINDOWS\system32\qagentrt.dll
2008-10-18 23:13:14 ----A---- C:\WINDOWS\system32\qagent.dll
2008-10-18 23:13:10 ----A---- C:\WINDOWS\system32\photometadatahandler.dll
2008-10-18 23:13:04 ----A---- C:\WINDOWS\system32\onex.dll
2008-10-18 23:12:43 ----A---- C:\WINDOWS\system32\napstat.exe
2008-10-18 23:12:42 ----A---- C:\WINDOWS\system32\napmontr.dll
2008-10-18 23:12:42 ----A---- C:\WINDOWS\system32\napipsec.dll
2008-10-18 23:12:41 ----A---- C:\WINDOWS\system32\mtxparhd.dll
2008-10-18 23:12:40 ----A---- C:\WINDOWS\system32\msxml6r.dll
2008-10-18 23:12:40 ----A---- C:\WINDOWS\system32\msxml6.dll
2008-10-18 23:12:32 ----A---- C:\WINDOWS\system32\msshavmsg.dll
2008-10-18 23:12:32 ----A---- C:\WINDOWS\system32\mssha.dll
2008-10-18 23:11:59 ----A---- C:\WINDOWS\system32\mmcperf.exe
2008-10-18 23:11:58 ----A---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-10-18 23:11:58 ----A---- C:\WINDOWS\system32\mmcex.dll
2008-10-18 23:11:57 ----A---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-10-18 23:11:32 ----A---- C:\WINDOWS\system32\l2gpstore.dll
2008-10-18 23:11:22 ----A---- C:\WINDOWS\system32\kmsvc.dll
2008-10-18 23:11:21 ----A---- C:\WINDOWS\system32\kbdpash.dll
2008-10-18 23:11:21 ----A---- C:\WINDOWS\system32\kbdnepr.dll
2008-10-18 23:11:20 ----A---- C:\WINDOWS\system32\kbdiultn.dll
2008-10-18 23:11:20 ----A---- C:\WINDOWS\system32\kbdbhc.dll
2008-10-18 23:10:49 ----A---- C:\WINDOWS\system32\hsfcisp2.dll
2008-10-18 23:10:40 ----A---- C:\WINDOWS\system32\faxpatch.exe
2008-10-18 23:10:40 ----A---- C:\WINDOWS\002747_.tmp
2008-10-18 23:10:36 ----A---- C:\WINDOWS\system32\eapsvc.dll
2008-10-18 23:10:35 ----A---- C:\WINDOWS\system32\eapqec.dll
2008-10-18 23:10:35 ----A---- C:\WINDOWS\system32\eappprxy.dll
2008-10-18 23:10:35 ----A---- C:\WINDOWS\system32\eapphost.dll
2008-10-18 23:10:35 ----A---- C:\WINDOWS\system32\eappgnui.dll
2008-10-18 23:10:35 ----A---- C:\WINDOWS\system32\eappcfg.dll
2008-10-18 23:10:35 ----A---- C:\WINDOWS\system32\eapp3hst.dll
2008-10-18 23:10:35 ----A---- C:\WINDOWS\system32\eapolqec.dll
2008-10-18 23:10:27 ----A---- C:\WINDOWS\system32\dot3ui.dll
2008-10-18 23:10:27 ----A---- C:\WINDOWS\system32\dot3svc.dll
2008-10-18 23:10:27 ----A---- C:\WINDOWS\system32\dot3msm.dll
2008-10-18 23:10:27 ----A---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-10-18 23:10:27 ----A---- C:\WINDOWS\system32\dot3dlg.dll
2008-10-18 23:10:27 ----A---- C:\WINDOWS\system32\dot3cfg.dll
2008-10-18 23:10:27 ----A---- C:\WINDOWS\system32\dot3api.dll
2008-10-18 23:10:25 ----A---- C:\WINDOWS\system32\dimsroam.dll
2008-10-18 23:10:25 ----A---- C:\WINDOWS\system32\dimsntfy.dll
2008-10-18 23:10:24 ----A---- C:\WINDOWS\system32\dhcpqec.dll
2008-10-18 23:10:21 ----A---- C:\WINDOWS\system32\credssp.dll
2008-10-18 23:10:15 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2008-10-18 23:10:14 ----A---- C:\WINDOWS\system32\azroles.dll
2008-10-18 23:10:12 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2008-10-18 23:10:12 ----A---- C:\WINDOWS\system32\ativtmxx.dll
2008-10-18 23:10:12 ----A---- C:\WINDOWS\system32\ati3duag.dll
2008-10-18 23:10:12 ----A---- C:\WINDOWS\system32\ati3d1ag.dll
2008-10-18 23:10:11 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2008-10-18 23:10:11 ----A---- C:\WINDOWS\system32\ati2dvaa.dll
2008-10-18 23:10:11 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2008-10-18 23:10:04 ----A---- C:\WINDOWS\system32\aaclient.dll
2008-10-16 16:38:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-10-16 16:37:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-10-16 16:37:51 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-10-16 16:37:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-16 16:37:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 16:37:33 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-16 16:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-10-16 16:37:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-10-16 16:37:11 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-16 16:36:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-10-16 16:36:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-10-16 16:36:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-10-16 16:36:29 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-10-16 16:36:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-10-16 16:36:12 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2008-10-16 16:35:54 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-10-16 16:35:33 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-10-16 16:33:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956390_0$
2008-10-16 16:33:01 ----D---- C:\Program Files\MSXML 4.0
2008-10-16 16:32:46 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-10-16 13:11:09 ----A---- C:\WINDOWS\system32\pxsfs.dll
2008-10-16 13:11:09 ----A---- C:\WINDOWS\system32\pxinsa64.exe
2008-10-16 13:11:09 ----A---- C:\WINDOWS\system32\pxhpinst.exe
2008-10-16 13:11:09 ----A---- C:\WINDOWS\system32\pxcpya64.exe
2008-10-16 13:11:09 ----A---- C:\WINDOWS\system32\pxafs.dll
2008-10-16 13:11:08 ----A---- C:\WINDOWS\system32\vxblock.dll
2008-10-16 13:11:08 ----A---- C:\WINDOWS\system32\pxdrv.dll
2008-10-16 13:11:07 ----A---- C:\WINDOWS\system32\pxwave.dll
2008-10-16 13:11:07 ----A---- C:\WINDOWS\system32\pxmas.dll
2008-10-16 13:11:07 ----A---- C:\WINDOWS\system32\px.dll
2008-10-16 13:11:04 ----D---- C:\Program Files\Winamp
2008-10-16 13:11:04 ----D---- C:\Documents and Settings\Owner\Application Data\Winamp
2008-10-16 12:58:23 ----HD---- C:\$AVG8.VAULT$
2008-10-16 12:55:49 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-10-16 12:55:45 ----D---- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-10-16 12:55:31 ----D---- C:\Program Files\AVG
2008-10-16 12:55:30 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-16 12:42:57 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-10-16 10:56:17 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 10:56:17 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 10:56:17 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 10:43:41 ----HD---- C:\BJPrinter
2008-10-16 10:33:48 ----A---- C:\WINDOWS\system32\hidserv.dll

======List of files/folders modified in the last 3 months======

2009-01-13 12:10:01 ----D---- C:\WINDOWS\system32
2009-01-13 12:10:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-13 12:07:27 ----D---- C:\Program Files\Mozilla Firefox
2009-01-13 12:07:24 ----D---- C:\WINDOWS\Temp
2009-01-13 12:05:31 ----RD---- C:\Program Files
2009-01-13 12:05:31 ----D---- C:\WINDOWS\system32\drivers
2009-01-13 12:04:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-11 11:16:07 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-10 16:10:51 ----D---- C:\WINDOWS
2009-01-09 19:14:47 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-31 18:15:11 ----HD---- C:\WINDOWS\inf
2008-12-18 11:56:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-18 11:55:44 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-12 11:01:00 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-10 22:30:25 ----A---- C:\WINDOWS\imsins.BAK
2008-12-10 22:03:30 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-09 17:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-02 18:25:40 ----D---- C:\Documents and Settings\Owner\Application Data\Adobe
2008-12-02 18:25:38 ----D---- C:\Documents and Settings\Owner\Application Data\Macromedia
2008-12-02 18:25:19 ----D---- C:\WINDOWS\system32\Macromed
2008-11-18 12:04:17 ----D---- C:\WINDOWS\Help
2008-11-11 16:54:04 ----SHD---- C:\WINDOWS\Installer
2008-11-11 16:54:01 ----D---- C:\WINDOWS\WinSxS
2008-11-06 14:46:53 ----D---- C:\Program Files\Common Files
2008-11-06 14:46:06 ----SD---- C:\WINDOWS\Tasks
2008-11-04 12:18:51 ----D---- C:\Program Files\Common Files\Adobe
2008-11-04 12:18:43 ----D---- C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-11-04 09:52:16 ----RSD---- C:\WINDOWS\assembly
2008-11-04 09:52:16 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-04 09:22:58 ----SD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2008-11-03 18:22:14 ----RSD---- C:\WINDOWS\Fonts
2008-11-03 18:16:52 ----D---- C:\Program Files\Internet Explorer
2008-11-02 14:24:34 ----D---- C:\Program Files\Java
2008-10-31 11:02:36 ----A---- C:\WINDOWS\win.ini
2008-10-31 11:02:25 ----D---- C:\Program Files\Windows Media Player
2008-10-31 10:59:23 ----D---- C:\WINDOWS\system32\LogFiles
2008-10-23 06:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 04:06:59 ----A---- C:\WINDOWS\system32\tzchange.exe
2008-10-20 18:53:26 ----A---- C:\WINDOWS\OEWABLog.txt
2008-10-20 18:52:48 ----A---- C:\WINDOWS\setuplog.txt
2008-10-20 18:51:38 ----D---- C:\WINDOWS\system32\wbem
2008-10-20 18:51:38 ----D---- C:\WINDOWS\system32\Setup
2008-10-20 18:51:38 ----D---- C:\WINDOWS\AppPatch
2008-10-19 16:29:27 ----D---- C:\WINDOWS\security
2008-10-19 16:23:59 ----D---- C:\Program Files\Messenger
2008-10-19 16:17:53 ----D---- C:\WINDOWS\ime
2008-10-19 16:17:19 ----D---- C:\WINDOWS\system32\usmt
2008-10-19 16:17:13 ----D---- C:\WINDOWS\PeerNet
2008-10-19 16:17:12 ----D---- C:\Program Files\Movie Maker
2008-10-19 16:11:55 ----D---- C:\WINDOWS\system32\Restore
2008-10-19 16:11:55 ----D---- C:\WINDOWS\system32\npp
2008-10-19 16:11:54 ----D---- C:\WINDOWS\msagent
2008-10-19 16:11:52 ----D---- C:\WINDOWS\srchasst
2008-10-19 16:11:51 ----D---- C:\Program Files\NetMeeting
2008-10-19 16:11:49 ----D---- C:\WINDOWS\system32\Com
2008-10-19 16:11:45 ----D---- C:\Program Files\Windows NT
2008-10-19 16:11:45 ----D---- C:\Program Files\Outlook Express
2008-10-19 16:11:41 ----D---- C:\Program Files\Common Files\System
2008-10-19 16:11:12 ----D---- C:\WINDOWS\system32\oobe
2008-10-19 16:11:06 ----D---- C:\WINDOWS\system
2008-10-19 16:07:02 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-18 22:29:12 ----D---- C:\WINDOWS\Debug
2008-10-16 16:35:15 ----D---- C:\WINDOWS\Registration
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 13:09:29 ----D---- C:\Downloads
2008-10-16 12:55:23 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-16 12:49:03 ----D---- C:\Program Files\Symantec
2008-10-16 12:49:03 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-10-16 12:25:10 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-16 12:05:22 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-16 11:06:29 ----D---- C:\Documents and Settings\Owner\Application Data\Mozilla
2008-10-16 10:45:41 ----D---- C:\WINDOWS\occache
2008-10-16 10:38:46 ----A---- C:\WINDOWS\hplj1320.ini
2008-10-16 10:38:40 ----D---- C:\Program Files\Hewlett-Packard
2008-10-16 10:38:32 ----HD---- C:\Program Files\Zero G Registry
2008-10-16 10:36:59 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-16 10:36:59 ----D---- C:\Program Files\HP
2008-10-16 10:36:21 ----A---- C:\WINDOWS\Disney.ini
2008-10-15 19:00:11 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-15 19:00:11 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-15 19:00:10 ----A---- C:\WINDOWS\system32\shdocvw.dll
2008-10-15 10:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-10-16 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-10-16 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-06-06 8552]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-10-16 76040]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 SFSZ;DataPlow SFS for Zetera Storage Devices; C:\WINDOWS\system32\drivers\sfsz.sys [2005-10-17 356224]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-06-17 220032]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-06-21 807998]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 netwg311;NETGEAR WG311v2 802.11g Wireless PCI Adapter; C:\WINDOWS\system32\DRIVERS\netwg311.sys [2004-06-17 386688]
R3 odysseyIM3;Odyssey Network Services Miniport; C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2005-06-16 62865]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-03-18 542976]
R3 SunkFilt;Alcor Micro Corp - 9360; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056]
R3 ZetBus;Zetera Virtual Bus; C:\WINDOWS\system32\DRIVERS\ZetBus.sys [2005-10-13 14080]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2004-01-29 122110]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2004-01-29 99002]
S3 Dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SunkFilt39;Alcor Micro Corp - 3239; \??\C:\WINDOWS\System32\Drivers\sunkfilt39.sys []
S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZetMPD;ZetMPD; C:\WINDOWS\system32\DRIVERS\ZetMPD.sys [2005-10-13 4608]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-16 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-16 231704]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2005-06-06 172032]
R2 Zetera;Zetera; C:\Program Files\NETGEAR\SC101 Manager Utility\ZeteraService.exe [2005-10-13 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.05 2009-01-13 12:10:31

======Uninstall list======

-->MsiExec.exe /I{688A3383-3CE7-4094-9188-9C39D1E4FCB6}
-->MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Actiontec Gateway-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9692FD03-6662-4E62-B08C-30DFF51651E1}\setup.exe" -l0x9
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop Album 2.0 Starter Edition-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Digital Media Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
ESET Online Scanner-->C:\WINDOWS\system32\OnlineScannerUninstaller.exe
HammerHead Rhythm Station-->C:\Program Files\HammerHead\Uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Software Update-->MsiExec.exe /X{90B5E602-1867-449D-86FD-FC9DEA4434BF}
Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Linksys Bi-Admin-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Linksys\PrintServer\Uninst.isu"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Maxtor OneTouch-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3EC91FDF-FE9A-43D5-96C4-8A9C24372500} /l1033
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2004 System Pack-->MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Money 2004-->MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
NETGEAR SC101 Storage Central Manager software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88C5ADCE-C110-45DB-960B-43F21087CBF2}\setup.exe" -l0x9 -removeonly
NETGEAR WG311v2 802.11g Wireless PCI Adapter-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{936D42B8-FE51-41D5-A74A-6182F6CDB17B}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Print Server Driver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Print Server\PTP\Uninst.isu"
QuickBooks Pro 2005-->msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="pro" QBFULLNAME="QuickBooks Pro 2005" ADDREMOVE=1
QuickBooks Pro 2006-->msiexec.exe /I {688A3383-3CE7-4094-9188-9C39D1E4FCB6} UNIQUE_NAME="pro" QBFULLNAME="QuickBooks Pro 2006" ADDREMOVE=1
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Rhythm Rascal-->MsiExec.exe /I{080EC56E-708E-4F76-8777-F925ED655C9A}
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
SoftV92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IURSLST5K.inf
SoulSeek 157 NS 13c-->"C:\Program Files\SoulseekNS\uninstall.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

=====HijackThis Backups=====

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.myway.com/mysearch/?ptnrS=BW
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
O2 - BHO: (no name) - {C37253DF-6319-4657-8E6A-F0506B6F151E} - C:\WINDOWS\system32\mlJCvTlM.dll (file missing)
O20 - AppInit_DLLs: avgrsstx.dll eflsrv.dll ncxkkh.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: (no name) - {A4B1E6F8-3047-4D7E-9C04-27B0E7DFCD01} - (no file)
O2 - BHO: (no name) - {E5DB3C9C-19AF-4E6B-8E55-9FE3463EAFD0} - (no file)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...hqiS3o6WJa24zlh

======Security center information======

AV: AVG Anti-Virus Free

System event log

Computer Name: EMACHINE
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{C568A271-F63D-41EE-9BDB-91945EF9EC12} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 97364
Source Name: Tcpip
Time Written: 20090101052836.000000-360
Event Type: information
User:

Computer Name: EMACHINE
Event Code: 7036
Message: The Wireless Zero Configuration service entered the running state.

Record Number: 97363
Source Name: Service Control Manager
Time Written: 20090101052820.000000-360
Event Type: information
User:

Computer Name: EMACHINE
Event Code: 7035
Message: The Wireless Zero Configuration service was successfully sent a start control.

Record Number: 97362
Source Name: Service Control Manager
Time Written: 20090101052820.000000-360
Event Type: information
User: EMACHINE\Owner

Computer Name: EMACHINE
Event Code: 7036
Message: The Wireless Zero Configuration service entered the stopped state.

Record Number: 97361
Source Name: Service Control Manager
Time Written: 20090101052819.000000-360
Event Type: information
User:

Computer Name: EMACHINE
Event Code: 7035
Message: The Wireless Zero Configuration service was successfully sent a stop control.

Record Number: 97360
Source Name: Service Control Manager
Time Written: 20090101052818.000000-360
Event Type: information
User: EMACHINE\Owner

Application event log

Computer Name: EMACHINE
Event Code: 1000
Message: Faulting application iexplore.exe, version 6.0.2900.2180, faulting module mshtml.dll, version 6.0.2900.2912, fault address 0x001652af.

Record Number: 3158
Source Name: Application Error
Time Written: 20060616124035.000000-300
Event Type: error
User:

Computer Name: EMACHINE
Event Code: 2002
Message:
Record Number: 3157
Source Name: EAPOL
Time Written: 20060616124022.000000-300
Event Type: information
User:

Computer Name: EMACHINE
Event Code: 2003
Message:
Record Number: 3156
Source Name: EAPOL
Time Written: 20060616124022.000000-300
Event Type: information
User:

Computer Name: EMACHINE
Event Code: 2002
Message:
Record Number: 3155
Source Name: EAPOL
Time Written: 20060616124018.000000-300
Event Type: information
User:

Computer Name: EMACHINE
Event Code: 2003
Message:
Record Number: 3154
Source Name: EAPOL
Time Written: 20060616124018.000000-300
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"ASLOGDIR"=C:\Program Files\Intuit\QuickBooks 2006\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users