Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan vundo and antivirus2009...please help


  • This topic is locked This topic is locked
17 replies to this topic

#1 jackie2929

jackie2929

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 11 January 2009 - 09:16 AM

please help me. I am at a loss as to how to get rid of this vundo. as for the aitivirus 2009, i am not yet fully infected with it i dont think, the web site just pops up randomly.
thanks Jackie




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:08 AM, on 1/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [D-Link RangeBooster G WUA-2340] C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [f80de4a1] rundll32.exe "C:\WINDOWS\system32\kopuvehe.dll",b
O4 - HKLM\..\Run: [CPMfb3ed73d] Rundll32.exe "c:\windows\system32\wilawibe.dll",a
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188485988734
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188485983562
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photolab.ca/Upload/ImageUploader4.cab
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host-d.oddcast.com/hostClientIE.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {AAF421E6-7914-430A-9981-72B31AFF3BF4} (There Launcher) - file://c:\Program Files\There\ThereClient\ThereLauncher.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Plug-in 1.4.2) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...470/mcfscan.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\perajugo.dll c:\windows\system32\ c:\windows\system32\vorupofi.dll c:\windows\system32\wilawibe.dll
O20 - Winlogon Notify: vtstu - C:\WINDOWS\
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wilawibe.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wilawibe.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\RangeBooster G WUA-2340\JSWUtil\jswpsapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 12109 bytes

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 12 January 2009 - 02:25 PM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 jackie2929

jackie2929
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 14 January 2009 - 08:38 PM

thanks for the reply..
here is the log of MBAM
Malwarebytes' Anti-Malware 1.32
Database version: 1652
Windows 5.1.2600 Service Pack 3

1/14/2009 12:39:46 PM
mbam-log-2009-01-14 (12-39-46).txt

Scan type: Full Scan (C:\|D:\|G:\|)
Objects scanned: 246803
Time elapsed: 1 hour(s), 29 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 8
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\putayila.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pqqfvx.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9b0dc3c1-2a65-4728-969f-37e763155d9d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9b0dc3c1-2a65-4728-969f-37e763155d9d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9b0dc3c1-2a65-4728-969f-37e763155d9d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f80de4a1 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmfb3ed73d (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\pqqfvx.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\putayila.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\aliyatup.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eanxbi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nakonaze.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rapavogo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

#4 jackie2929

jackie2929
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 14 January 2009 - 08:42 PM

rist log

Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrator at 2009-01-14 20:39:44
Microsoft Windows XP Professional Service Pack 3
System drive C: has 59 GB (55%) free of 108 GB
Total RAM: 1535 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:39:45 PM, on 1/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\LTMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [D-Link RangeBooster G WUA-2340] C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photolab.ca/Upload/ImageUploader4.cab
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host-d.oddcast.com/hostClientIE.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab
O16 - DPF: {AAF421E6-7914-430A-9981-72B31AFF3BF4} (There Launcher) - file://c:\Program Files\There\ThereClient\ThereLauncher.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Plug-in 1.4.2) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...470/mcfscan.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\perajugo.dll c:\windows\system32\ c:\windows\system32\vorupofi.dll pqqfvx.dll c:\windows\system32\dadujume.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: vtstu - C:\WINDOWS\
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\RangeBooster G WUA-2340\JSWUtil\jswpsapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 11207 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Norton Security Online - Run Full System Scan - Administrator.job
C:\WINDOWS\tasks\Uniblue SpyEraser Nag.job
C:\WINDOWS\tasks\Uniblue SpyEraser.job
C:\WINDOWS\tasks\XoftSpySE 2.job
C:\WINDOWS\tasks\XoftSpySE.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-28 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-23 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-23 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-23 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2003-10-03 118784]
"HPHmon05"=C:\WINDOWS\System32\hphmon05.exe [2003-05-23 483328]
"KBD"=C:\HP\KBD\KBD.EXE [2003-02-11 61440]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]
"LTMSG"=LTMSG.exe 7 []
"PS2"=C:\WINDOWS\system32\ps2.exe [2002-10-16 81920]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-08-12 335872]
"Sunkist2k"=C:\Program Files\Multimedia Card Reader\shwicon2k.exe [2003-08-14 139264]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"LXCCCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll []
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2008-04-13 50176]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\point32.exe [2004-06-03 204800]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-23 136600]
"D-Link RangeBooster G WUA-2340"=C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe [2008-09-23 1667072]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2007-01-19 49152]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-28 1261336]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-02-28 570664]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WeatherEye"=C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe [2008-05-30 4501912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe [2002-10-07 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\csrss]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Manager]
C:\Program Files\Rogers\Update Manager\UpdateManager.exe [2004-09-10 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Ubisoft register.lnk]
C:\PROGRA~1\Ubisoft\Register\schedule.exe [2004-10-13 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TotalMedia Backup Monitor.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TypeAgent.lnk]
[]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll C:\WINDOWS\system32\perajugo.dll c:\windows\system32\ c:\windows\system32\vorupofi.dll pqqfvx.dll c:\windows\system32\dadujume.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-02-21 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-10-03 319488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtstu]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\pisinuza.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=4B000000
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\Yserver.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe"="C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Microsoft Plus! Digital Media Edition\PhotoStory\PhotoStory.exe"="C:\Program Files\Microsoft Plus! Digital Media Edition\PhotoStory\PhotoStory.exe:*:Enabled:Plus! Photo Story"
"C:\kav\kav7\setup.exe"="C:\kav\kav7\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c7c7ffa-bde5-11dc-8b73-001b11bdcecc}]
shell\AutoRun\command - F:\xfk2m3xs.bat
shell\explore\command - F:\xfk2m3xs.bat
shell\open\command - F:\xfk2m3xs.bat


======File associations======

.reg - edit -
.reg - open -

======List of files/folders created in the last 3 months======

65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\vuvisabe.dll
2009-01-14 20:27:53 ----A---- C:\WINDOWS\gmer.ini
2009-01-14 20:27:51 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-01-14 20:27:51 ----A---- C:\WINDOWS\gmer.exe
2009-01-14 20:27:51 ----A---- C:\WINDOWS\gmer.dll
2009-01-14 10:21:25 ----A---- C:\WINDOWS\system32\muweb.dll
2009-01-13 08:08:30 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-13 07:27:59 ----D---- C:\VundoFix Backups
2009-01-13 07:27:59 ----A---- C:\VundoFix.txt
2009-01-12 13:00:20 ----SH---- C:\WINDOWS\system32\epanevir.ini
2009-01-10 07:30:32 ----SH---- C:\WINDOWS\system32\akiludob.ini
2009-01-05 18:42:52 ----D---- C:\Program Files\LeeGTs Games
2008-12-29 18:04:49 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-12-29 17:49:02 ----A---- C:\WINDOWS\system32\TweakUI.exe
2008-12-29 17:10:44 ----HDC---- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-12-29 14:06:07 ----HD---- C:\$AVG8.VAULT$
2008-12-29 14:00:52 ----A---- C:\WINDOWS\Setup1.exe
2008-12-29 14:00:51 ----A---- C:\WINDOWS\ST6UNST.EXE
2008-12-28 21:37:13 ----D---- C:\Documents and Settings\Administrator\Application Data\ImgBurn
2008-12-28 21:32:33 ----D---- C:\Program Files\ImgBurn
2008-12-28 19:19:14 ----D---- C:\rsit
2008-12-28 15:07:57 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-28 15:07:38 ----D---- C:\Program Files\AVG
2008-12-28 15:07:37 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-28 15:01:20 ----D---- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-12-28 09:32:53 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-28 09:32:44 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-28 09:32:25 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-27 20:51:00 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-27 10:58:44 ----D---- C:\ComboFix
2008-12-23 19:17:18 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-23 19:17:09 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-23 19:17:09 ----D---- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-12-23 18:34:22 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-23 18:34:22 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-23 18:34:22 ----A---- C:\WINDOWS\system32\java.exe
2008-12-23 18:34:22 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-23 18:12:11 ----D---- C:\Program Files\CCleaner
2008-12-21 19:10:19 ----SHD---- C:\RECYCLER
2008-12-21 15:35:51 ----A---- C:\ComboFix.txt
2008-12-21 15:02:21 ----D---- C:\WINDOWS\ERDNT
2008-12-21 10:27:45 ----A---- C:\WINDOWS\system32\wnicapi.dll
2008-12-21 10:27:45 ----A---- C:\WINDOWS\system32\wlanapp.dll
2008-12-21 10:27:45 ----A---- C:\WINDOWS\system32\odSupp_M.dll
2008-12-21 10:27:45 ----A---- C:\WINDOWS\system32\JJAKEn.dll
2008-12-21 10:27:45 ----A---- C:\WINDOWS\system32\AQCKGen.dll
2008-12-21 10:27:45 ----A---- C:\WINDOWS\system32\ANIWZCS2.dll
2008-12-21 10:27:45 ----A---- C:\WINDOWS\system32\ANICtl.dll
2008-12-21 10:27:45 ----A---- C:\WINDOWS\system32\aIPH.dll
2008-12-21 10:27:26 ----D---- C:\Program Files\ANI
2008-12-21 10:27:26 ----A---- C:\WINDOWS\system32\ANIOApi.dll
2008-12-21 10:27:16 ----D---- C:\Program Files\D-Link
2008-12-21 10:27:16 ----A---- C:\WINDOWS\system32\jswscsup.dll
2008-12-20 10:31:19 ----D---- C:\Program Files\Trend Micro
2008-12-19 06:39:44 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-12-19 06:39:38 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-19 06:39:38 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-18 21:08:34 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-16 18:05:30 ----D---- C:\Program Files\Common Files\INCA Shared
2008-12-16 18:01:39 ----D---- C:\Program Files\Softnyx
2008-12-14 23:06:53 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-14 23:05:43 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-14 23:02:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-14 23:01:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-14 23:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-06 11:07:55 ----A---- C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-11-29 14:53:38 ----D---- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-11-29 14:09:16 ----D---- C:\Program Files\XP Codec Pack
2008-11-24 07:27:56 ----D---- C:\WINDOWS\system32\appmgmt
2008-11-22 15:58:30 ----D---- C:\Program Files\Photo Viewer
2008-11-22 08:00:26 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-11-22 08:00:26 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-22 08:00:25 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2008-11-15 13:47:59 ----D---- C:\Documents and Settings\All Users\Application Data\Corel
2008-11-13 13:40:35 ----D---- C:\WINDOWS\system32\NtmsData
2008-11-10 20:01:45 ----D---- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
2008-11-10 19:40:01 ----D---- C:\Program Files\Windows Media Components
2008-11-10 19:38:26 ----D---- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-11-09 20:30:33 ----D---- C:\Documents and Settings\Administrator\Application Data\BitZipper
2008-11-04 20:46:40 ----D---- C:\Documents and Settings\Administrator\Application Data\Template
2008-10-31 11:45:10 ----D---- C:\WINDOWS\system32\CTF
2008-10-26 22:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-23 22:34:55 ----D---- C:\Program Files\Incomplete
2008-10-19 22:06:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-19 22:06:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-19 22:06:10 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-19 22:04:54 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-19 22:04:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-19 22:01:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-19 20:03:54 ----D---- C:\Program Files\MSN Chat Monitor

======List of files/folders modified in the last 3 months======

2009-01-14 20:27:53 ----D---- C:\WINDOWS
2009-01-14 20:27:51 ----D---- C:\WINDOWS\system32\drivers
2009-01-14 18:21:37 ----D---- C:\Program Files\Mozilla Firefox
2009-01-14 15:20:44 ----D---- C:\WINDOWS\Prefetch
2009-01-14 12:41:46 ----D---- C:\WINDOWS\Temp
2009-01-14 12:41:03 ----D---- C:\WINDOWS\system32
2009-01-14 12:41:02 ----RD---- C:\Program Files
2009-01-14 12:40:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-14 10:21:24 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-13 08:08:59 ----SHD---- C:\WINDOWS\Installer
2009-01-13 08:08:58 ----D---- C:\Config.Msi
2009-01-13 08:08:30 ----D---- C:\Program Files\Common Files
2009-01-13 08:06:14 ----SD---- C:\WINDOWS\Tasks
2009-01-13 08:06:12 ----D---- C:\Program Files\XoftSpySE
2009-01-12 12:53:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-12 12:53:13 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-12 11:41:03 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-11 10:43:11 ----A---- C:\WINDOWS\dssar.ini
2009-01-11 00:59:40 ----D---- C:\Program Files\Lx_cats
2009-01-10 09:56:42 ----A---- C:\WINDOWS\wininit.ini
2009-01-10 09:34:07 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-01-07 16:13:12 ----D---- C:\WINDOWS\system32\Restore
2009-01-07 12:43:59 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2009-01-07 10:50:26 ----D---- C:\Program Files\The Palace
2008-12-29 17:11:15 ----D---- C:\Program Files\Uniblue
2008-12-29 17:00:54 ----D---- C:\Program Files\Microsoft IntelliPoint
2008-12-29 16:47:46 ----HD---- C:\WINDOWS\inf
2008-12-29 16:47:46 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-28 20:24:50 ----A---- C:\WINDOWS\system32\MsiExec.exe.log
2008-12-28 20:21:18 ----D---- C:\Program Files\Common Files\Nero
2008-12-28 20:20:05 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2008-12-28 19:06:46 ----D---- C:\Program Files\TrojanHunter 5.0
2008-12-28 18:59:49 ----RASH---- C:\boot.ini
2008-12-28 18:59:49 ----A---- C:\WINDOWS\win.ini
2008-12-28 18:59:49 ----A---- C:\WINDOWS\system.ini
2008-12-28 17:45:26 ----A---- C:\WINDOWS\system32\thxcfg.ini
2008-12-28 16:59:54 ----D---- C:\WINDOWS\pss
2008-12-28 16:57:16 ----RSD---- C:\WINDOWS\assembly
2008-12-28 16:56:43 ----RSD---- C:\WINDOWS\Fonts
2008-12-28 16:39:01 ----D---- C:\Program Files\Rogers
2008-12-28 16:37:50 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-28 16:37:46 ----D---- C:\Program Files\Corel
2008-12-28 15:04:04 ----D---- C:\Program Files\Three Rings Design
2008-12-28 15:02:52 ----D---- C:\Program Files\PartyGaming
2008-12-28 15:02:05 ----D---- C:\Program Files\PCPitstop
2008-12-28 15:01:34 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-12-28 09:32:51 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-28 09:32:39 ----D---- C:\WINDOWS\WinSxS
2008-12-28 09:17:45 ----D---- C:\WINDOWS\Registration
2008-12-27 10:59:05 ----SHD---- C:\System Volume Information
2008-12-27 09:10:01 ----D---- C:\Program Files\ArcSoft
2008-12-23 18:52:45 ----D---- C:\Program Files\Adobe
2008-12-23 18:34:02 ----D---- C:\Program Files\Java
2008-12-23 18:14:06 ----D---- C:\WINDOWS\Debug
2008-12-23 18:14:02 ----D---- C:\WINDOWS\Minidump
2008-12-23 18:09:07 ----D---- C:\downloaded programs
2008-12-21 19:41:29 ----D---- C:\Program Files\Common Files\Scanner
2008-12-21 15:32:08 ----D---- C:\WINDOWS\AppPatch
2008-12-21 15:12:38 ----D---- C:\WINDOWS\system32\config
2008-12-21 14:33:10 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-21 14:33:01 ----D---- C:\WINDOWS\Help
2008-12-21 10:29:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-21 10:28:21 ----D---- C:\WINDOWS\security
2008-12-21 10:28:09 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-19 16:43:47 ----D---- C:\Program Files\LimeWire
2008-12-18 22:02:48 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-18 21:04:01 ----D---- C:\Program Files\Internet Explorer
2008-12-18 13:45:34 ----D---- C:\Documents and Settings\All Users\Application Data\PCPitstop
2008-12-15 12:33:00 ----D---- C:\WINDOWS\system32\wbem
2008-12-12 12:01:00 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-11-24 07:26:39 ----D---- C:\Program Files\DivX
2008-11-23 09:08:40 ----D---- C:\WINDOWS\repair
2008-11-19 21:18:33 ----D---- C:\Program Files\Bonjour
2008-11-15 13:57:34 ----D---- C:\WINDOWS\system32\spool
2008-11-15 13:48:34 ----D---- C:\Documents and Settings\Administrator\Application Data\Corel
2008-11-15 13:43:59 ----D---- C:\Program Files\Common Files\Corel
2008-11-13 14:17:41 ----D---- C:\WINDOWS\system32\oobe
2008-11-13 14:17:40 ----D---- C:\WINDOWS\system32\mui
2008-11-13 14:17:40 ----D---- C:\WINDOWS\system32\Macromed
2008-11-13 14:17:37 ----D---- C:\WINDOWS\system32\Adobe
2008-11-10 20:50:33 ----D---- C:\WINDOWS\Downloaded Installations
2008-11-09 21:18:21 ----A---- C:\WINDOWS\DUMP831b.tmp
2008-11-09 21:16:42 ----A---- C:\WINDOWS\DUMP831a.tmp
2008-11-09 21:15:07 ----A---- C:\WINDOWS\DUMP82eb.tmp
2008-11-09 21:13:29 ----A---- C:\WINDOWS\DUMP827e.tmp
2008-11-09 21:12:00 ----A---- C:\WINDOWS\DUMP86d3.tmp
2008-11-09 21:10:31 ----A---- C:\WINDOWS\DUMP8424.tmp
2008-11-09 21:07:49 ----A---- C:\WINDOWS\DUMP850e.tmp
2008-11-09 21:02:26 ----A---- C:\WINDOWS\DUMP81c2.tmp
2008-11-09 21:00:53 ----A---- C:\WINDOWS\DUMP87ae.tmp
2008-11-09 20:49:06 ----A---- C:\WINDOWS\DUMP880c.tmp
2008-11-09 20:46:50 ----A---- C:\WINDOWS\DUMP8201.tmp
2008-11-09 20:45:13 ----A---- C:\WINDOWS\DUMP8210.tmp
2008-11-09 20:42:28 ----A---- C:\WINDOWS\DUMP8184.tmp
2008-11-09 20:40:59 ----A---- C:\WINDOWS\DUMP84fe.tmp
2008-11-09 20:39:21 ----A---- C:\WINDOWS\DUMP91c0.tmp
2008-10-31 11:39:48 ----HD---- C:\hp
2008-10-23 07:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 05:06:59 ----A---- C:\WINDOWS\system32\tzchange.exe
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-15 20:00:11 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-15 20:00:11 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-15 20:00:10 ----A---- C:\WINDOWS\system32\shdocvw.dll
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2006-02-01 43672]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-28 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-28 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-07-30 12032]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys []
R3 A5AGU;D-Link USB Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2008-06-13 386784]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-02-21 1505792]
R3 EvcapMaui;Emuzed EvcapMaui Device; C:\WINDOWS\System32\DRIVERS\EvcapMau.sys [2003-10-02 177664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 JSWSCIMD;jswscimd Service; C:\WINDOWS\system32\DRIVERS\jswscimd.sys [2008-02-12 57440]
R3 ltmodem5;Agere Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-07-02 652497]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2004-06-03 20352]
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2001-06-04 14112]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-02-25 105088]
R3 SunkFilt;Alcor Micro Corp - 9360; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-28 31280]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS []
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-10-08 120830]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-10-08 98842]
S3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-14 85969]
S3 HidIr;Microsoft Infrared HID Driver; C:\WINDOWS\System32\DRIVERS\hidir.sys [2008-04-13 19200]
S3 HNBCP;Intel® AnyPoint™ PCI 10 Mbps Network Adapter Driver; C:\WINDOWS\System32\DRIVERS\HNBCP_5.sys [2001-04-02 58034]
S3 HNBCU;Intel® AnyPoint™ USB 10 Mbps Network Adapter Driver; C:\WINDOWS\System32\DRIVERS\HNBCU_5.SYS [2001-08-01 71227]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-10-08 93979]
S3 IrBus;Infrared bus filter driver for eHome remote controls; C:\WINDOWS\System32\DRIVERS\IrBus.sys [2008-04-13 46592]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2003-12-17 28276]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 naecd;naecd; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\naecd.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS []
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS []
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-28 31280]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 XDva008;XDva008; \??\C:\WINDOWS\System32\XDva008.sys []
S3 XTrapD12;XTrapD12; \??\C:\Program Files\Legend Of Ares\\XTrap\XTrapD12.sys []
S3 YMIDUSB;YAMAHA Corporation USB MIDI Driver; C:\WINDOWS\System32\Drivers\ymidusb.sys [2003-01-22 169088]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-21 405504]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-28 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\ehome\ehSched.exe [2008-04-13 84992]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-23 152984]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-02-25 303104]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2007-01-19 49152]
S2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe []
S2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2005-02-24 73728]
S3 jswpsapi;Jumpstart Wifi Protected Setup; C:\Program Files\D-Link\RangeBooster G WUA-2340\JSWUtil\jswpsapi.exe [2008-05-19 356434]
S3 License Management Service ESD;License Management Service ESD; C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe [2005-10-02 69120]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]
S4 lxcc_device;lxcc_device; C:\WINDOWS\system32\lxcccoms.exe [2005-02-25 466944]
S4 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-09-04 1251720]

-----------------EOF-----------------


rist log

info.txt logfile of random's system information tool 1.05 2008-12-28 19:19:25

======Uninstall list======

-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\Setup.exe" /X
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Groove Playback Engine-->RunDll32 C:\WINDOWS\DOWNLO~1\GrooveAX.dll,_RemoveGroove@16
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop Elements 2.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.dll"
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Age of Mythology Gold-->"C:\Program Files\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /uninstall
ANIO Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
ArcSoft DVD SlideShow (Shared Components)-->C:\Program Files\Common Files\element5 Shared\Uninstall\ArcSoft DVD SlideShow\B1FA2000\UninstApplet.exe /uninstall
ArcSoft ShowBiz 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}\setup.exe" -l0x9
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Button Manager v1.874-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{703C4409-D597-433A-9B17-E411D9236451}\setup.exe" -l0x9 -removeonly
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon EOS 5D WIA Driver-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BB3AB664-D92B-4CB5-8B3E-D841841F4E68} /l1033
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Utilities CameraWindow-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
Canon Utilities Digital Photo Professional 3.3-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\Digital Photo Professional\Uninst.ini"
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities MyCamera-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities Original Data Security Tools-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\Original Data Security Tools\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities Picture Style Editor-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\Picture Style Editor\Uninst.ini"
Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities WFT-E1/E2/E3 Utility-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\WFT Utility\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files\Common Files\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Corel Paint Shop Pro Photo X2-->MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3}
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
Hardwood Euchre-->C:\Program Files\Hardwood Euchre\Euchre.exe -Uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Instant Support-->C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
HP Photo and Imaging 2.0 - Photosmart Cameras-->MsiExec.exe /X{5D7F0A0E-369E-46C0-9F99-FAB21A064781}
HP PSC & OfficeJet 3.0-->"C:\Program Files\HP\Digital Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update-->MsiExec.exe /X{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}
ImageMixer for HDD Camcorder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44E5B47F-870E-4E38-A458-8A5FC4DCFECF}\Setup.exe" -l0x9 UNINSTALL -removeonly
Intel® Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
IntelliMover Data Transfer Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
KBD-->C:\HP\KBD\KBD.EXE uninstalled
Lexmark 3300 Series-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxccUNST.EXE -NOLICENSE
LimeWire 4.8.1-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Macromedia Shockwave Player-->MsiExec.exe /X{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Melody Assistant-->C:\Program Files\Melody Assistant\Uninstal\Uninstal.exe
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition-->MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Multimedia Card Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{145CACAF-9B34-41FC-BE49-7D510A253E78}
MUSICMATCH Media Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3207208B-A2E1-4326-95E8-6642443B1DD2}\Setup.exe" -l0x9
Musicnotes Player V1.22.3-->"C:\Program Files\Musicnotes\Player\unins000.exe"
MySlideShow Gold 2.7.7-->"C:\Program Files\MySlideShow Gold 2\unins000.exe"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Notation Musician 2.2-->C:\Program Files\Notation\Uninst_Notation Musician 2.2.exe /U "C:\Program Files\Notation\Uninst_Notation Musician 2.2.log"
NoteWorthy Composer 2 Viewer-->"C:\Program Files\NoteWorthy Composer 2 Viewer\Uninstall.exe"
NoteWorthy Composer-->C:\PROGRA~1\NOTEWO~2\Uninstal.exe
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
PC*MILER 15.0-->C:\WINDOWS\IsUninst.exe -fC:\PMW150\Uninst.isu
PC-Doctor for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
Photo Viewer 2.24-->"C:\Program Files\Photo Viewer\uninstall.exe"
Photodex Presenter-->C:\Program Files\Photodex Presenter\uninst.exe
Photosmart 140,240,7200,7600,7700,7900 Series-->C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
Pictures Slideshow Maker-->C:\PROGRA~1\PICTUR~1\PICTUR~1\UNWISE.EXE C:\PROGRA~1\PICTUR~1\PICTUR~1\INSTALL.LOG
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2007-->MsiExec.exe /X{0D2E80C8-0875-43EB-9623-47118E2DFBCA}
RangeBooster G WUA-2340-->C:\Program Files\InstallShield Installation Information\{188CEE76-0503-4910-A845-E1DC45685DA0}\setup.exe -runfromtemp -l0x0009 -removeonly
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rogers Yahoo! Applications-->C:\PROGRA~1\Yahoo!\Common\uninstall.exe
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Serif PhotoPlus 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}\Setup.exe" -l0x9
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Star Wars®: Knights of the Old Republic ™-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}\setup.exe" -l0x9
Supermarket Mania-->C:\PROGRA~1\PLAYFI~1\SUPERM~1\UNWISE.EXE C:\PROGRA~1\PLAYFI~1\SUPERM~1\INSTALL.LOG
The Palace Client Install-->\UNWISE.EXE C:\PROGRA~1\MOZILL~1\
There (remove only)-->"c:\Program Files\There\ThereClientUninst.exe"
toolkit-->c:\Windows\HPTK\unhptkit.exe
uninstall Fast Food Tycoon-->C:\Fast Food Tycoon\AUTORUN.EXE
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update Manager (remove only)-->"C:\Program Files\Rogers\Update Manager\uninst.exe"
Update Manager-->MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
Updates from HP-->C:\WINDOWS\BWUnin-6.2.3.66.exe -AppId 137903
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VeryPDF PDF2Word v3.0-->"C:\Program Files\VeryPDF PDF2Word v3.0\unins000.exe"
Wedding Dash 2-->C:\DOCUME~1\ALLUSE~1\APPLIC~1\PLAYFI~1\Games\WEDDIN~1\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\APPLIC~1\PLAYFI~1\Games\WEDDIN~1\INSTALL.LOG
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WordPerfect Office X3-->MsiExec.exe /I{83FBD495-DDF6-4C8D-92D6-10261DD6F6A3}
XP Codec Pack-->C:\Program Files\XP Codec Pack\Uninstall.exe
YAMAHA Digital Music Notebook-->MsiExec.exe /X{0D0DDFE1-CAE2-4EA4-8589-1B21E1320383}
YAMAHA Musicsoft Downloader 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6D3C6846-CDB6-418F-8FDB-DA21FE064F86}\Setup.exe" -l0x9

=====HijackThis Backups=====

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O20 - AppInit_DLLs: perftssys.dll

======Security center information======

AV: AVG Anti-Virus Free (disabled)
AV: Norton Security Online (disabled)
FW: Norton Security Online

System event log

Computer Name: JACKIE
Event Code: 4201
Message: The system detected that network adapter D-Link...USB Adapter - Packet Scheduler Miniport was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 14922
Source Name: Tcpip
Time Written: 20081120134242.000000-300
Event Type: information
User:

Computer Name: JACKIE
Event Code: 6005
Message: The Event log service was started.

Record Number: 14921
Source Name: EventLog
Time Written: 20081120134233.000000-300
Event Type: information
User:

Computer Name: JACKIE
Event Code: 6009
Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Multiprocessor Free.

Record Number: 14920
Source Name: EventLog
Time Written: 20081120134233.000000-300
Event Type: information
User:

Computer Name: JACKIE
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 14919
Source Name: W32Time
Time Written: 20081120104521.000000-300
Event Type: warning
User:

Computer Name: JACKIE
Event Code: 7036
Message: The Messenger Sharing Folders USN Journal Reader service service entered the running state.

Record Number: 14918
Source Name: Service Control Manager
Time Written: 20081119220740.000000-300
Event Type: information
User:

Application event log

Computer Name: JACKIE
Event Code: 103
Message: msnmsgr (3412) \\.\C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\clark1616@hotmail.com\SharingMetadata\Working\database_C0F8_DEE_F80D_E40E\dfsr.db: The database engine stopped the instance (0).

Record Number: 1697
Source Name: ESENT
Time Written: 20080907120437.000000-240
Event Type: information
User:

Computer Name: JACKIE
Event Code: 102
Message: msnmsgr (3412) \\.\C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\clark1616@hotmail.com\SharingMetadata\Working\database_C0F8_DEE_F80D_E40E\dfsr.db: The database engine started a new instance (0).

Record Number: 1696
Source Name: ESENT
Time Written: 20080907115944.000000-240
Event Type: information
User:

Computer Name: JACKIE
Event Code: 100
Message: msnmsgr (3412) The database engine 5.01.2600.2780 started.

Record Number: 1695
Source Name: ESENT
Time Written: 20080907115944.000000-240
Event Type: information
User:

Computer Name: JACKIE
Event Code: 101
Message: msnmsgr (2872) The database engine stopped.

Record Number: 1694
Source Name: ESENT
Time Written: 20080907111457.000000-240
Event Type: information
User:

Computer Name: JACKIE
Event Code: 103
Message: msnmsgr (2872) \\.\C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\clark1616@hotmail.com\SharingMetadata\Working\database_C0F8_DEE_F80D_E40E\dfsr.db: The database engine stopped the instance (0).

Record Number: 1693
Source Name: ESENT
Time Written: 20080907111457.000000-240
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Ulead Systems\MPEG
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

#5 jackie2929

jackie2929
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 14 January 2009 - 08:47 PM

Gmer file

Attached Files

  • Attached File  gmer.txt   292bytes   20 downloads


#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 15 January 2009 - 03:59 AM

IMPORTANT!! Uninstall these programs first (if present..) so that they won't interfere with our fixes..

1. Lavasoft Ad-Aware
2. Spybot - Search & Destroy
3. Viewpoint (all of them..)




Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\perajugo.dll c:\windows\system32\ c:\windows\system32\vorupofi.dll pqqfvx.dll c:\windows\system32\dadujume.dll
O20 - Winlogon Notify: vtstu - C:\WINDOWS\


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.




NEXT


Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :services
    
    :files
    C:\WINDOWS\system32\perajugo.dll
    c:\windows\system32\vorupofi.dll
    c:\windows\system32\dadujume.dll
    C:\WINDOWS\system32\pisinuza.dll
    C:\WINDOWS\system32\epanevir.ini
    C:\WINDOWS\system32\akiludob.ini
    
    :reg
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\csrss]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"="avgrsstx.dll"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c7c7ffa-bde5-11dc-8b73-001b11bdcecc}]
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT again... Post these logs in your next reply..

1. OTMoveIt3
2. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 jackie2929

jackie2929
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 15 January 2009 - 07:31 AM

thanks ever so much for your help...
here are the logs
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
File/Folder C:\WINDOWS\system32\perajugo.dll not found.
File/Folder c:\windows\system32\vorupofi.dll not found.
File/Folder c:\windows\system32\dadujume.dll not found.
File/Folder C:\WINDOWS\system32\pisinuza.dll not found.
C:\WINDOWS\system32\epanevir.ini moved successfully.
C:\WINDOWS\system32\akiludob.ini moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\csrss\\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"avgrsstx.dll" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c7c7ffa-bde5-11dc-8b73-001b11bdcecc}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_m2IQG2UHaOEBMFf6YEHw scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Cookies\index.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_224.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\lk0lrbnl.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\lk0lrbnl.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\lk0lrbnl.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\lk0lrbnl.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\lk0lrbnl.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\lk0lrbnl.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01152009_072328

Files moved on Reboot...
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_m2IQG2UHaOEBMFf6YEHw not found!
File move failed. C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\Cookies\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_224.dat not found!
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\lk0lrbnl.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\lk0lrbnl.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\lk0lrbnl.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\lk0lrbnl.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\lk0lrbnl.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\lk0lrbnl.default\XUL.mfl moved successfully.


Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrator at 2009-01-15 07:29:20
Microsoft Windows XP Professional Service Pack 3
System drive C: has 59 GB (55%) free of 108 GB
Total RAM: 1535 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:29:24 AM, on 1/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\notepad.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [D-Link RangeBooster G WUA-2340] C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photolab.ca/Upload/ImageUploader4.cab
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host-d.oddcast.com/hostClientIE.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab
O16 - DPF: {AAF421E6-7914-430A-9981-72B31AFF3BF4} (There Launcher) - file://c:\Program Files\There\ThereClient\ThereLauncher.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Plug-in 1.4.2) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...470/mcfscan.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\D-Link\RangeBooster G WUA-2340\JSWUtil\jswpsapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: License Management Service ESD - element5 - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 11069 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Norton Security Online - Run Full System Scan - Administrator.job
C:\WINDOWS\tasks\Uniblue SpyEraser Nag.job
C:\WINDOWS\tasks\Uniblue SpyEraser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-28 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-23 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-23 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-23 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2003-10-03 118784]
"HPHmon05"=C:\WINDOWS\System32\hphmon05.exe [2003-05-23 483328]
"KBD"=C:\HP\KBD\KBD.EXE [2003-02-11 61440]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]
"LTMSG"=LTMSG.exe 7 []
"PS2"=C:\WINDOWS\system32\ps2.exe [2002-10-16 81920]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-08-12 335872]
"Sunkist2k"=C:\Program Files\Multimedia Card Reader\shwicon2k.exe [2003-08-14 139264]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"LXCCCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll []
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2008-04-13 50176]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\point32.exe [2004-06-03 204800]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-23 136600]
"D-Link RangeBooster G WUA-2340"=C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe [2008-09-23 1667072]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2007-01-19 49152]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-28 1261336]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-02-28 570664]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WeatherEye"=C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe [2008-05-30 4501912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe [2002-10-07 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Manager]
C:\Program Files\Rogers\Update Manager\UpdateManager.exe [2004-09-10 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Ubisoft register.lnk]
C:\PROGRA~1\Ubisoft\Register\schedule.exe [2004-10-13 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TotalMedia Backup Monitor.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TypeAgent.lnk]
[]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-02-21 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-10-03 319488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=4B000000
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\Yserver.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe"="C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Microsoft Plus! Digital Media Edition\PhotoStory\PhotoStory.exe"="C:\Program Files\Microsoft Plus! Digital Media Edition\PhotoStory\PhotoStory.exe:*:Enabled:Plus! Photo Story"
"C:\kav\kav7\setup.exe"="C:\kav\kav7\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======File associations======

.reg - edit -
.reg - open -

======List of files/folders created in the last 3 months======

65535-65535-31889 379:31889:443 ----ASH---- C:\WINDOWS\system32\vuvisabe.dll
2009-01-15 07:23:28 ----D---- C:\_OTMoveIt
2009-01-14 20:27:53 ----A---- C:\WINDOWS\gmer.ini
2009-01-14 20:27:51 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-01-14 20:27:51 ----A---- C:\WINDOWS\gmer.exe
2009-01-14 20:27:51 ----A---- C:\WINDOWS\gmer.dll
2009-01-14 10:21:25 ----A---- C:\WINDOWS\system32\muweb.dll
2009-01-13 08:08:30 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-13 07:27:59 ----D---- C:\VundoFix Backups
2009-01-13 07:27:59 ----A---- C:\VundoFix.txt
2009-01-05 18:42:52 ----D---- C:\Program Files\LeeGTs Games
2008-12-29 18:04:49 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-12-29 17:49:02 ----A---- C:\WINDOWS\system32\TweakUI.exe
2008-12-29 17:10:44 ----HDC---- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-12-29 14:06:07 ----HD---- C:\$AVG8.VAULT$
2008-12-29 14:00:52 ----A---- C:\WINDOWS\Setup1.exe
2008-12-29 14:00:51 ----A---- C:\WINDOWS\ST6UNST.EXE
2008-12-28 21:37:13 ----D---- C:\Documents and Settings\Administrator\Application Data\ImgBurn
2008-12-28 21:32:33 ----D---- C:\Program Files\ImgBurn
2008-12-28 19:19:14 ----D---- C:\rsit
2008-12-28 15:07:57 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-12-28 15:07:38 ----D---- C:\Program Files\AVG
2008-12-28 15:07:37 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-12-28 15:01:20 ----D---- C:\WINDOWS\E80F62FF5D3C4A1984099721F2928206.TMP
2008-12-28 09:32:53 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-28 09:32:44 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-28 09:32:25 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-27 20:51:00 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-27 10:58:44 ----D---- C:\ComboFix
2008-12-23 19:17:18 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-23 19:17:09 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-23 19:17:09 ----D---- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-12-23 18:34:22 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-23 18:34:22 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-23 18:34:22 ----A---- C:\WINDOWS\system32\java.exe
2008-12-23 18:34:22 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-23 18:12:11 ----D---- C:\Program Files\CCleaner
2008-12-21 19:10:19 ----SHD---- C:\RECYCLER
2008-12-21 15:35:51 ----A---- C:\ComboFix.txt
2008-12-21 15:02:21 ----D---- C:\WINDOWS\ERDNT
2008-12-21 10:27:45 ----A---- C:\WINDOWS\system32\wnicapi.dll
2008-12-21 10:27:45 ----A---- C:\WINDOWS\system32\wlanapp.dll
2008-12-21 10:27:45 ----A---- C:\WINDOWS\system32\odSupp_M.dll
2008-12-21 10:27:45 ----A---- C:\WINDOWS\system32\JJAKEn.dll
2008-12-21 10:27:45 ----A---- C:\WINDOWS\system32\AQCKGen.dll
2008-12-21 10:27:45 ----A---- C:\WINDOWS\system32\ANIWZCS2.dll
2008-12-21 10:27:45 ----A---- C:\WINDOWS\system32\ANICtl.dll
2008-12-21 10:27:45 ----A---- C:\WINDOWS\system32\aIPH.dll
2008-12-21 10:27:26 ----D---- C:\Program Files\ANI
2008-12-21 10:27:26 ----A---- C:\WINDOWS\system32\ANIOApi.dll
2008-12-21 10:27:16 ----D---- C:\Program Files\D-Link
2008-12-21 10:27:16 ----A---- C:\WINDOWS\system32\jswscsup.dll
2008-12-20 10:31:19 ----D---- C:\Program Files\Trend Micro
2008-12-19 06:39:44 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-12-19 06:39:38 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-19 06:39:38 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-18 21:08:34 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-16 18:05:30 ----D---- C:\Program Files\Common Files\INCA Shared
2008-12-16 18:01:39 ----D---- C:\Program Files\Softnyx
2008-12-14 23:06:53 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-14 23:05:43 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-14 23:02:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-14 23:01:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-14 23:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-06 11:07:55 ----A---- C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-11-29 14:53:38 ----D---- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-11-29 14:09:16 ----D---- C:\Program Files\XP Codec Pack
2008-11-24 07:27:56 ----D---- C:\WINDOWS\system32\appmgmt
2008-11-22 15:58:30 ----D---- C:\Program Files\Photo Viewer
2008-11-22 08:00:26 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2008-11-22 08:00:26 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-22 08:00:25 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2008-11-15 13:47:59 ----D---- C:\Documents and Settings\All Users\Application Data\Corel
2008-11-13 13:40:35 ----D---- C:\WINDOWS\system32\NtmsData
2008-11-10 20:01:45 ----D---- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
2008-11-10 19:40:01 ----D---- C:\Program Files\Windows Media Components
2008-11-10 19:38:26 ----D---- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-11-09 20:30:33 ----D---- C:\Documents and Settings\Administrator\Application Data\BitZipper
2008-11-04 20:46:40 ----D---- C:\Documents and Settings\Administrator\Application Data\Template
2008-10-31 11:45:10 ----D---- C:\WINDOWS\system32\CTF
2008-10-26 22:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-23 22:34:55 ----D---- C:\Program Files\Incomplete
2008-10-19 22:06:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-19 22:06:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-19 22:06:10 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-19 22:04:54 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-19 22:04:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-19 22:01:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-19 20:03:54 ----D---- C:\Program Files\MSN Chat Monitor

======List of files/folders modified in the last 3 months======

2009-01-15 07:27:15 ----D---- C:\Program Files\Mozilla Firefox
2009-01-15 07:26:31 ----D---- C:\WINDOWS\Temp
2009-01-15 07:25:43 ----D---- C:\WINDOWS
2009-01-15 07:24:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-15 07:23:28 ----D---- C:\WINDOWS\system32
2009-01-15 07:15:53 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-01-15 07:15:52 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-15 07:15:25 ----SD---- C:\WINDOWS\Tasks
2009-01-15 07:15:25 ----D---- C:\Program Files\XoftSpySE
2009-01-14 20:27:58 ----D---- C:\WINDOWS\Prefetch
2009-01-14 20:27:51 ----D---- C:\WINDOWS\system32\drivers
2009-01-14 12:41:02 ----RD---- C:\Program Files
2009-01-14 10:21:24 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-13 08:08:59 ----SHD---- C:\WINDOWS\Installer
2009-01-13 08:08:58 ----D---- C:\Config.Msi
2009-01-13 08:08:30 ----D---- C:\Program Files\Common Files
2009-01-12 12:53:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-12 12:53:13 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-11 10:43:11 ----A---- C:\WINDOWS\dssar.ini
2009-01-11 00:59:40 ----D---- C:\Program Files\Lx_cats
2009-01-10 09:56:42 ----A---- C:\WINDOWS\wininit.ini
2009-01-07 16:13:12 ----D---- C:\WINDOWS\system32\Restore
2009-01-07 12:43:59 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2009-01-07 10:50:26 ----D---- C:\Program Files\The Palace
2008-12-29 17:11:15 ----D---- C:\Program Files\Uniblue
2008-12-29 17:00:54 ----D---- C:\Program Files\Microsoft IntelliPoint
2008-12-29 16:47:46 ----HD---- C:\WINDOWS\inf
2008-12-29 16:47:46 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-28 20:24:50 ----A---- C:\WINDOWS\system32\MsiExec.exe.log
2008-12-28 20:21:18 ----D---- C:\Program Files\Common Files\Nero
2008-12-28 20:20:05 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2008-12-28 19:06:46 ----D---- C:\Program Files\TrojanHunter 5.0
2008-12-28 18:59:49 ----RASH---- C:\boot.ini
2008-12-28 18:59:49 ----A---- C:\WINDOWS\win.ini
2008-12-28 18:59:49 ----A---- C:\WINDOWS\system.ini
2008-12-28 17:45:26 ----A---- C:\WINDOWS\system32\thxcfg.ini
2008-12-28 16:59:54 ----D---- C:\WINDOWS\pss
2008-12-28 16:57:16 ----RSD---- C:\WINDOWS\assembly
2008-12-28 16:56:43 ----RSD---- C:\WINDOWS\Fonts
2008-12-28 16:39:01 ----D---- C:\Program Files\Rogers
2008-12-28 16:37:50 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-28 16:37:46 ----D---- C:\Program Files\Corel
2008-12-28 15:04:04 ----D---- C:\Program Files\Three Rings Design
2008-12-28 15:02:52 ----D---- C:\Program Files\PartyGaming
2008-12-28 15:02:05 ----D---- C:\Program Files\PCPitstop
2008-12-28 15:01:34 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-12-28 09:32:51 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-28 09:32:39 ----D---- C:\WINDOWS\WinSxS
2008-12-28 09:17:45 ----D---- C:\WINDOWS\Registration
2008-12-27 10:59:05 ----SHD---- C:\System Volume Information
2008-12-27 09:10:01 ----D---- C:\Program Files\ArcSoft
2008-12-23 18:52:45 ----D---- C:\Program Files\Adobe
2008-12-23 18:34:02 ----D---- C:\Program Files\Java
2008-12-23 18:14:06 ----D---- C:\WINDOWS\Debug
2008-12-23 18:14:02 ----D---- C:\WINDOWS\Minidump
2008-12-23 18:09:07 ----D---- C:\downloaded programs
2008-12-21 19:41:29 ----D---- C:\Program Files\Common Files\Scanner
2008-12-21 15:32:08 ----D---- C:\WINDOWS\AppPatch
2008-12-21 15:12:38 ----D---- C:\WINDOWS\system32\config
2008-12-21 14:33:10 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-21 14:33:01 ----D---- C:\WINDOWS\Help
2008-12-21 10:29:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-21 10:28:21 ----D---- C:\WINDOWS\security
2008-12-21 10:28:09 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-19 16:43:47 ----D---- C:\Program Files\LimeWire
2008-12-18 22:02:48 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-18 21:04:01 ----D---- C:\Program Files\Internet Explorer
2008-12-18 13:45:34 ----D---- C:\Documents and Settings\All Users\Application Data\PCPitstop
2008-12-15 12:33:00 ----D---- C:\WINDOWS\system32\wbem
2008-12-12 12:01:00 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-11-24 07:26:39 ----D---- C:\Program Files\DivX
2008-11-23 09:08:40 ----D---- C:\WINDOWS\repair
2008-11-19 21:18:33 ----D---- C:\Program Files\Bonjour
2008-11-15 13:57:34 ----D---- C:\WINDOWS\system32\spool
2008-11-15 13:48:34 ----D---- C:\Documents and Settings\Administrator\Application Data\Corel
2008-11-15 13:43:59 ----D---- C:\Program Files\Common Files\Corel
2008-11-13 14:17:41 ----D---- C:\WINDOWS\system32\oobe
2008-11-13 14:17:40 ----D---- C:\WINDOWS\system32\mui
2008-11-13 14:17:40 ----D---- C:\WINDOWS\system32\Macromed
2008-11-13 14:17:37 ----D---- C:\WINDOWS\system32\Adobe
2008-11-10 20:50:33 ----D---- C:\WINDOWS\Downloaded Installations
2008-11-09 21:18:21 ----A---- C:\WINDOWS\DUMP831b.tmp
2008-11-09 21:16:42 ----A---- C:\WINDOWS\DUMP831a.tmp
2008-11-09 21:15:07 ----A---- C:\WINDOWS\DUMP82eb.tmp
2008-11-09 21:13:29 ----A---- C:\WINDOWS\DUMP827e.tmp
2008-11-09 21:12:00 ----A---- C:\WINDOWS\DUMP86d3.tmp
2008-11-09 21:10:31 ----A---- C:\WINDOWS\DUMP8424.tmp
2008-11-09 21:07:49 ----A---- C:\WINDOWS\DUMP850e.tmp
2008-11-09 21:02:26 ----A---- C:\WINDOWS\DUMP81c2.tmp
2008-11-09 21:00:53 ----A---- C:\WINDOWS\DUMP87ae.tmp
2008-11-09 20:49:06 ----A---- C:\WINDOWS\DUMP880c.tmp
2008-11-09 20:46:50 ----A---- C:\WINDOWS\DUMP8201.tmp
2008-11-09 20:45:13 ----A---- C:\WINDOWS\DUMP8210.tmp
2008-11-09 20:42:28 ----A---- C:\WINDOWS\DUMP8184.tmp
2008-11-09 20:40:59 ----A---- C:\WINDOWS\DUMP84fe.tmp
2008-11-09 20:39:21 ----A---- C:\WINDOWS\DUMP91c0.tmp
2008-10-31 11:39:48 ----HD---- C:\hp
2008-10-23 07:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 05:06:59 ----A---- C:\WINDOWS\system32\tzchange.exe
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2006-02-01 43672]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-12-28 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-12-28 26824]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-07-30 12032]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys []
R3 A5AGU;D-Link USB Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2008-06-13 386784]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-02-21 1505792]
R3 EvcapMaui;Emuzed EvcapMaui Device; C:\WINDOWS\System32\DRIVERS\EvcapMau.sys [2003-10-02 177664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 JSWSCIMD;jswscimd Service; C:\WINDOWS\system32\DRIVERS\jswscimd.sys [2008-02-12 57440]
R3 ltmodem5;Agere Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-07-02 652497]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2004-06-03 20352]
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2001-06-04 14112]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-02-25 105088]
R3 SunkFilt;Alcor Micro Corp - 9360; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-28 31280]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS []
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-10-08 120830]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-10-08 98842]
S3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-14 85969]
S3 HidIr;Microsoft Infrared HID Driver; C:\WINDOWS\System32\DRIVERS\hidir.sys [2008-04-13 19200]
S3 HNBCP;Intel® AnyPoint™ PCI 10 Mbps Network Adapter Driver; C:\WINDOWS\System32\DRIVERS\HNBCP_5.sys [2001-04-02 58034]
S3 HNBCU;Intel® AnyPoint™ USB 10 Mbps Network Adapter Driver; C:\WINDOWS\System32\DRIVERS\HNBCU_5.SYS [2001-08-01 71227]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-10-08 93979]
S3 IrBus;Infrared bus filter driver for eHome remote controls; C:\WINDOWS\System32\DRIVERS\IrBus.sys [2008-04-13 46592]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2003-12-17 28276]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 naecd;naecd; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\naecd.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS []
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS []
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 Sunkfiltp;HP && Alcor Micro Corp for Phison; \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-28 31280]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 XDva008;XDva008; \??\C:\WINDOWS\System32\XDva008.sys []
S3 XTrapD12;XTrapD12; \??\C:\Program Files\Legend Of Ares\\XTrap\XTrapD12.sys []
S3 YMIDUSB;YAMAHA Corporation USB MIDI Driver; C:\WINDOWS\System32\Drivers\ymidusb.sys [2003-01-22 169088]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-21 405504]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-28 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\ehome\ehSched.exe [2008-04-13 84992]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-23 152984]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-02-25 303104]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2007-01-19 49152]
S2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe []
S2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2005-02-24 73728]
S3 jswpsapi;Jumpstart Wifi Protected Setup; C:\Program Files\D-Link\RangeBooster G WUA-2340\JSWUtil\jswpsapi.exe [2008-05-19 356434]
S3 License Management Service ESD;License Management Service ESD; C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe [2005-10-02 69120]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]
S4 lxcc_device;lxcc_device; C:\WINDOWS\system32\lxcccoms.exe [2005-02-25 466944]
S4 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-09-04 1251720]

-----------------EOF-----------------

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 15 January 2009 - 07:52 AM

I can see you already have ComboFix.. Delete that one and download a fresh one from below.. Run it and post the log here..

Link 1
Link 2
Link 3


Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 jackie2929

jackie2929
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 15 January 2009 - 08:10 AM

here is the log..

ComboFix 09-01-13.04 - Administrator 2009-01-15 8:01:02.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1007 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
AV: Norton Security Online *On-access scanning disabled* (Updated)
FW: Norton Security Online *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\vuvisabe.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-15 to 2009-01-15 )))))))))))))))))))))))))))))))
.

2009-01-15 07:23 . 2009-01-15 07:23 <DIR> d-------- C:\_OTMoveIt
2009-01-14 20:27 . 2009-01-14 20:45 250 --a------ c:\windows\gmer.ini
2009-01-14 10:21 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-01-13 08:08 . 2009-01-13 08:08 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-13 07:27 . 2009-01-13 07:27 <DIR> d-------- C:\VundoFix Backups
2009-01-07 21:40 . 2009-01-07 21:40 <DIR> d-------- c:\documents and settings\Administrator\DoctorWeb
2009-01-05 18:42 . 2009-01-05 18:42 <DIR> d-------- c:\program files\LeeGTs Games
2008-12-29 18:04 . 2008-12-29 18:04 <DIR> d--h----- c:\windows\system32\GroupPolicy
2008-12-29 17:49 . 2003-06-25 16:05 266,360 --a------ c:\windows\system32\TweakUI.exe
2008-12-29 17:49 . 2002-06-21 15:09 160,217 --a------ c:\windows\system32\PowerToysLicense.rtf
2008-12-29 17:10 . 2008-12-29 17:11 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-12-29 14:06 . 2009-01-12 00:38 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-29 14:00 . 2008-12-29 14:09 249,856 --a------ c:\windows\Setup1.exe
2008-12-29 14:00 . 2008-12-29 14:09 73,216 --a------ c:\windows\ST6UNST.EXE
2008-12-29 10:57 . 2008-12-29 10:57 23,600 --a------ c:\windows\system32\drivers\TVICHW32.SYS
2008-12-28 21:37 . 2008-12-28 21:37 <DIR> d-------- c:\documents and settings\Administrator\Application Data\ImgBurn
2008-12-28 21:32 . 2008-12-28 21:32 <DIR> d-------- c:\program files\ImgBurn
2008-12-28 19:19 . 2008-12-28 19:19 <DIR> d-------- C:\rsit
2008-12-28 18:09 . 2008-04-13 20:12 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll
2008-12-28 18:09 . 2003-07-30 14:00 28,288 --a--c--- c:\windows\system32\dllcache\xjis.nls
2008-12-28 18:09 . 2004-08-04 01:29 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys
2008-12-28 18:09 . 2008-04-13 20:12 18,944 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll
2008-12-28 18:09 . 2004-08-04 01:29 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys
2008-12-28 18:09 . 2008-04-13 20:12 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
2008-12-28 18:08 . 2004-08-04 01:29 33,599 --a--c--- c:\windows\system32\dllcache\watv04nt.sys
2008-12-28 18:08 . 2008-04-13 14:45 31,744 --a--c--- c:\windows\system32\dllcache\wceusbsh.sys
2008-12-28 18:08 . 2004-08-04 01:29 29,311 --a--c--- c:\windows\system32\dllcache\watv01nt.sys
2008-12-28 18:08 . 2008-04-13 14:45 26,112 --a--c--- c:\windows\system32\dllcache\usbser.sys
2008-12-28 18:08 . 2004-08-04 01:29 23,615 --a--c--- c:\windows\system32\dllcache\wch7xxnt.sys
2008-12-28 18:08 . 2004-08-04 01:29 19,551 --a--c--- c:\windows\system32\dllcache\watv02nt.sys
2008-12-28 18:08 . 2004-08-04 01:29 12,415 --a--c--- c:\windows\system32\dllcache\wadv01nt.sys
2008-12-28 18:08 . 2004-08-04 01:29 12,127 --a--c--- c:\windows\system32\dllcache\wadv02nt.sys
2008-12-28 18:08 . 2004-08-04 01:29 11,775 --a--c--- c:\windows\system32\dllcache\wadv05nt.sys
2008-12-28 18:08 . 2008-04-13 14:36 8,832 --a--c--- c:\windows\system32\dllcache\wmiacpi.sys
2008-12-28 18:07 . 2008-04-13 14:40 149,376 --a--c--- c:\windows\system32\dllcache\tffsport.sys
2008-12-28 18:07 . 2008-04-13 20:12 82,944 --a--c--- c:\windows\system32\dllcache\tp4mon.exe
2008-12-28 18:07 . 2008-04-13 14:45 60,032 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2008-12-28 18:07 . 2008-04-13 14:45 17,152 --a--c--- c:\windows\system32\dllcache\usbohci.sys
2008-12-28 18:06 . 2008-04-13 14:40 43,904 --a--c--- c:\windows\system32\dllcache\sbp2port.sys
2008-12-28 18:06 . 2004-08-04 01:31 32,768 --a--c--- c:\windows\system32\dllcache\sisnic.sys
2008-12-28 18:06 . 2008-04-13 14:36 16,000 --a--c--- c:\windows\system32\dllcache\smbbatt.sys
2008-12-28 18:06 . 2008-04-13 14:45 11,520 --a--c--- c:\windows\system32\dllcache\scsiscan.sys
2008-12-28 18:06 . 2008-04-13 14:40 7,552 --a--c--- c:\windows\system32\dllcache\sonyait.sys
2008-12-28 18:06 . 2008-04-13 14:36 6,912 --a--c--- c:\windows\system32\dllcache\smbclass.sys
2008-12-28 18:05 . 2008-04-13 20:12 159,232 --a--c--- c:\windows\system32\dllcache\ptpusd.dll
2008-12-28 18:05 . 2003-07-30 14:00 83,748 --a--c--- c:\windows\system32\dllcache\prcp.nls
2008-12-28 18:05 . 2003-07-30 14:00 83,748 --a--c--- c:\windows\system32\dllcache\prc.nls
2008-12-28 18:05 . 2008-04-13 14:40 79,104 --a--c--- c:\windows\system32\dllcache\rocket.sys
2008-12-28 18:05 . 2008-04-13 20:12 29,696 --a--c--- c:\windows\system32\dllcache\rw450ext.dll
2008-12-28 18:05 . 2008-04-13 20:12 27,648 --a--c--- c:\windows\system32\dllcache\rw430ext.dll
2008-12-28 18:05 . 2008-04-13 14:41 17,664 --a--c--- c:\windows\system32\dllcache\ppa3.sys
2008-12-28 18:05 . 2008-04-13 14:40 8,832 --a--c--- c:\windows\system32\dllcache\powerfil.sys
2008-12-28 18:05 . 2008-04-13 14:40 6,016 --a--c--- c:\windows\system32\dllcache\qic157.sys
2008-12-28 18:04 . 2008-04-13 20:10 259,328 --a--c--- c:\windows\system32\dllcache\perm3dd.dll
2008-12-28 18:04 . 2008-04-13 20:10 211,584 --a--c--- c:\windows\system32\dllcache\perm2dll.dll
2008-12-28 18:04 . 2004-08-04 01:31 29,502 --a--c--- c:\windows\system32\dllcache\pca200e.sys
2008-12-28 18:04 . 2008-04-13 14:54 28,672 --a--c--- c:\windows\system32\dllcache\nscirda.sys
2008-12-28 18:04 . 2008-04-13 14:44 28,032 --a--c--- c:\windows\system32\dllcache\perm3.sys
2008-12-28 18:04 . 2008-04-13 14:44 27,904 --a--c--- c:\windows\system32\dllcache\perm2.sys
2008-12-28 18:03 . 2008-04-13 14:46 49,024 --a--c--- c:\windows\system32\dllcache\mstape.sys
2008-12-28 18:03 . 2008-04-13 14:41 26,112 --a--c--- c:\windows\system32\dllcache\memstpci.sys
2008-12-28 18:03 . 2008-04-13 14:54 22,016 --a--c--- c:\windows\system32\dllcache\msircomm.sys
2008-12-28 18:03 . 2008-04-13 14:40 7,040 --a--c--- c:\windows\system32\dllcache\ltotape.sys
2008-12-28 18:02 . 2008-04-13 20:11 253,952 --a--c--- c:\windows\system32\dllcache\kdsusd.dll
2008-12-28 18:02 . 2008-04-13 20:12 151,552 --a--c--- c:\windows\system32\dllcache\irftp.exe
2008-12-28 18:02 . 2008-04-13 14:54 88,192 --a--c--- c:\windows\system32\dllcache\irda.sys
2008-12-28 18:02 . 2008-04-13 20:11 48,640 --a--c--- c:\windows\system32\dllcache\kdsui.dll
2008-12-28 18:02 . 2003-07-30 14:00 47,066 --a--c--- c:\windows\system32\dllcache\ksc.nls
2008-12-28 18:02 . 2008-04-13 14:40 34,688 --a--c--- c:\windows\system32\dllcache\lbrtfdc.sys
2008-12-28 18:02 . 2008-04-13 20:11 28,160 --a--c--- c:\windows\system32\dllcache\irmon.dll
2008-12-28 18:01 . 2008-04-13 20:11 702,845 --a--c--- c:\windows\system32\dllcache\i81xdnt5.dll
2008-12-28 18:01 . 2004-08-04 01:29 161,020 --a--c--- c:\windows\system32\dllcache\i81xnt5.sys
2008-12-28 18:01 . 2008-04-13 14:41 18,560 --a--c--- c:\windows\system32\dllcache\i2omp.sys
2008-12-28 18:01 . 2008-04-13 14:41 8,576 --a--c--- c:\windows\system32\dllcache\i2omgmt.sys
2008-12-28 18:00 . 2008-04-13 14:45 59,136 --a--c--- c:\windows\system32\dllcache\gckernel.sys
2008-12-28 18:00 . 2004-08-04 01:31 34,173 --a--c--- c:\windows\system32\dllcache\forehe.sys
2008-12-28 18:00 . 2008-04-13 14:40 28,288 --a--c--- c:\windows\system32\dllcache\grserial.sys
2008-12-28 18:00 . 2008-04-13 14:36 20,352 --a--c--- c:\windows\system32\dllcache\hidbatt.sys
2008-12-28 18:00 . 2008-04-13 14:45 10,624 --a--c--- c:\windows\system32\dllcache\gameenum.sys
2008-12-28 17:59 . 2008-04-13 20:11 249,856 --a--c--- c:\windows\system32\dllcache\ctmasetp.dll
2008-12-28 17:59 . 2008-04-13 14:39 206,976 --a--c--- c:\windows\system32\dllcache\dot4.sys
2008-12-28 17:59 . 2004-08-04 01:32 48,640 --a--c--- c:\windows\system32\dllcache\cwrwdm.sys
2008-12-28 17:59 . 2008-04-13 20:12 20,992 --a--c--- c:\windows\system32\dllcache\dshowext.ax
2008-12-28 17:59 . 2008-04-13 14:36 13,952 --a--c--- c:\windows\system32\dllcache\cmbatt.sys
2008-12-28 17:59 . 2008-04-13 14:36 10,240 --a--c--- c:\windows\system32\dllcache\compbatt.sys
2008-12-28 17:59 . 2008-04-13 14:40 8,320 --a--c--- c:\windows\system32\dllcache\dlttape.sys
2008-12-28 17:57 . 2001-08-17 22:36 462,848 --a--c--- c:\windows\system32\dllcache\a3dapi.dll
2008-12-28 17:57 . 2008-04-13 14:46 48,128 --a--c--- c:\windows\system32\dllcache\61883.sys
2008-12-28 17:57 . 2008-04-13 14:46 38,912 --a--c--- c:\windows\system32\dllcache\avc.sys
2008-12-28 17:57 . 2008-04-13 14:36 14,208 --a--c--- c:\windows\system32\dllcache\battc.sys
2008-12-28 17:57 . 2008-04-13 14:46 13,696 --a--c--- c:\windows\system32\dllcache\avcstrm.sys
2008-12-28 17:57 . 2008-04-13 14:40 12,288 --a--c--- c:\windows\system32\dllcache\4mmdat.sys
2008-12-28 15:07 . 2009-01-06 21:17 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-28 15:07 . 2008-12-28 15:07 <DIR> d-------- c:\program files\AVG
2008-12-28 15:07 . 2008-12-28 15:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-28 15:07 . 2008-12-28 15:07 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-28 15:07 . 2008-12-28 15:07 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-28 15:01 . 2008-12-28 15:01 <DIR> d-------- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2008-12-28 15:01 . 2008-12-28 15:01 0 --a------ C:\lxccUNST.csv
2008-12-27 20:51 . 2009-01-11 22:06 69 --a------ c:\windows\NeroDigital.ini
2008-12-23 19:17 . 2009-01-13 08:08 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-23 19:17 . 2008-12-23 19:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-23 19:17 . 2009-01-13 08:08 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-12-23 18:34 . 2008-12-23 18:34 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-23 18:34 . 2008-12-23 18:34 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-23 18:12 . 2008-12-23 18:12 <DIR> d-------- c:\program files\CCleaner
2008-12-21 10:28 . 2009-01-15 07:26 14 --a------ c:\windows\system32\ANIWZCSUSERNAME{6B599847-5FD0-4299-BD1E-C08D3585176E}
2008-12-21 10:27 . 2008-12-21 10:27 <DIR> d-------- c:\program files\D-Link
2008-12-21 10:27 . 2008-12-21 10:27 <DIR> d-------- c:\program files\ANI
2008-12-20 10:31 . 2008-12-20 10:31 <DIR> d-------- c:\program files\Trend Micro
2008-12-19 06:39 . 2009-01-14 10:30 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-19 06:39 . 2008-12-19 06:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-19 06:39 . 2008-12-19 06:39 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-12-19 06:39 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-19 06:39 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-16 18:05 . 2008-12-16 18:05 <DIR> d-------- c:\program files\Common Files\INCA Shared
2008-12-16 18:05 . 2003-07-19 10:17 5,174 --a------ c:\windows\system32\nppt9x.vxd
2008-12-16 18:05 . 2005-01-03 01:43 4,682 --a------ c:\windows\system32\npptNT2.sys
2008-12-16 18:01 . 2008-12-16 18:01 <DIR> d-------- c:\program files\Softnyx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-15 12:15 --------- d-----w c:\program files\XoftSpySE
2009-01-15 12:15 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-15 12:15 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-11 05:59 --------- d-----w c:\program files\Lx_cats
2009-01-07 15:50 --------- d-----w c:\program files\The Palace
2008-12-29 22:11 --------- d-----w c:\program files\Uniblue
2008-12-29 22:00 --------- d-----w c:\program files\Microsoft IntelliPoint
2008-12-29 01:21 --------- d-----w c:\program files\Common Files\Nero
2008-12-29 01:20 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-12-29 00:06 --------- d-----w c:\program files\TrojanHunter 5.0
2008-12-28 21:39 --------- d-----w c:\program files\Rogers
2008-12-28 21:37 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-28 21:37 --------- d-----w c:\program files\Corel
2008-12-28 21:37 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2008-12-28 20:04 --------- d-----w c:\program files\Three Rings Design
2008-12-28 20:02 --------- d-----w c:\program files\PCPitstop
2008-12-28 20:02 --------- d-----w c:\program files\PartyGaming
2008-12-28 20:01 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-12-27 14:10 --------- d-----w c:\program files\ArcSoft
2008-12-23 23:34 --------- d-----w c:\program files\Java
2008-12-22 00:41 --------- d-----w c:\program files\Common Files\Scanner
2008-12-21 19:33 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-19 21:43 --------- d-----w c:\program files\LimeWire
2008-12-19 21:43 --------- d-----w c:\program files\Incomplete
2008-12-18 18:45 --------- d-----w c:\documents and settings\All Users\Application Data\PCPitstop
2008-11-29 22:08 --------- d-----w c:\documents and settings\Administrator\Application Data\Media Player Classic
2008-11-29 19:09 --------- d-----w c:\program files\XP Codec Pack
2008-11-24 13:10 --------- d-----w c:\documents and settings\Administrator\Application Data\Ulead Systems
2008-11-24 12:26 --------- d-----w c:\program files\DivX
2008-11-22 20:58 --------- d-----w c:\program files\Photo Viewer
2008-11-22 13:00 --------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2008-11-22 13:00 --------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-22 13:00 --------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-11-20 02:18 --------- d-----w c:\program files\Bonjour
2008-11-15 18:49 3,766 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-11-15 18:48 --------- d-----w c:\documents and settings\Administrator\Application Data\Corel
2008-11-15 18:47 --------- d-----w c:\documents and settings\All Users\Application Data\Corel
2008-11-15 18:43 --------- d-----w c:\program files\Common Files\Corel
2008-11-15 18:12 88 --sha-r c:\documents and settings\All Users\Application Data\581B3DD1C8.sys
2008-11-15 18:12 88 --sha-r c:\documents and settings\All Users\Application Data\25BBF34A62.sys
2008-11-15 18:12 2,672 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2008-11-15 16:11 88 --sha-r c:\documents and settings\All Users\Application Data\C1F9E22D59.sys
2008-11-10 02:18 90,112 ----a-w c:\windows\DUMP831b.tmp
2008-11-10 02:16 90,112 ----a-w c:\windows\DUMP831a.tmp
2008-11-10 02:15 90,112 ----a-w c:\windows\DUMP82eb.tmp
2008-11-10 02:13 90,112 ----a-w c:\windows\DUMP827e.tmp
2008-11-10 02:12 90,112 ----a-w c:\windows\DUMP86d3.tmp
2008-11-10 02:10 90,112 ----a-w c:\windows\DUMP8424.tmp
2008-11-10 02:07 90,112 ----a-w c:\windows\DUMP850e.tmp
2008-11-10 02:02 90,112 ----a-w c:\windows\DUMP81c2.tmp
2008-11-10 02:00 90,112 ----a-w c:\windows\DUMP87ae.tmp
2008-11-10 01:49 90,112 ----a-w c:\windows\DUMP880c.tmp
2008-11-10 01:46 90,112 ----a-w c:\windows\DUMP8201.tmp
2008-11-10 01:45 90,112 ----a-w c:\windows\DUMP8210.tmp
2008-11-10 01:42 90,112 ----a-w c:\windows\DUMP8184.tmp
2008-11-10 01:40 90,112 ----a-w c:\windows\DUMP84fe.tmp
2008-11-10 01:39 90,112 ----a-w c:\windows\DUMP91c0.tmp
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 01:00 666,112 ----a-w c:\windows\system32\wininet.dll
2006-02-15 01:25 622 ----a-w c:\documents and settings\Administrator\palaces.dat
2005-05-26 18:35 1,422 ----a-w c:\program files\ReadMe.txt
2002-07-03 22:32 51,518 ----a-w c:\program files\Cyborg.ipt
2008-04-10 00:44 253,984 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-04-10 00:44 20,768 --sha-w c:\windows\system32\drivers\fidbox2.dat
2005-08-04 01:57 276 -csha-w c:\windows\system32\tgusehdl\csrss.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherEye"="c:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe" [2008-05-30 4501912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-10-03 118784]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-12 335872]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-14 139264]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-01-10 69632]
"ehTray"="c:\windows\ehome\ehtray.exe" [2008-04-13 50176]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-23 136600]
"D-Link RangeBooster G WUA-2340"="c:\program files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe" [2008-09-23 1667072]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-28 1261336]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"LTMSG"="LTMSG.exe" [2003-07-14 c:\windows\ltmsg.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 c:\windows\ALCXMNTR.EXE]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"= xgusb.cpl
"midi2"= xgusb.cpl
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Ubisoft register.lnk]
backup=c:\windows\pss\Ubisoft register.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TotalMedia Backup Monitor.lnk]
backup=c:\windows\pss\TotalMedia Backup Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TypeAgent.lnk]
backup=c:\windows\pss\TypeAgent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
--a------ 2002-10-07 10:23 90112 c:\program files\HP\Digital Imaging\Unload\HpqCmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Manager]
--a--c--- 2004-09-10 11:41 131072 c:\program files\Rogers\Update Manager\UpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\Yserver.exe"= c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Plus! Digital Media Edition\\PhotoStory\\PhotoStory.exe"=
"c:\\kav\\kav7\\setup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-28 97928]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2006-05-08 386784]
R3 EvcapMaui;Emuzed EvcapMaui Device;c:\windows\system32\drivers\EvcapMau.sys [2003-12-17 177664]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-12-21 57440]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-28 231704]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-08-28 23888]
S3 HNBCP;Intel® AnyPoint™ PCI 10 Mbps Network Adapter Driver;c:\windows\system32\drivers\HNBCP_5.SYS [2001-04-02 58034]
S3 HNBCU;Intel® AnyPoint™ USB 10 Mbps Network Adapter Driver;c:\windows\system32\drivers\HNBCU_5.SYS [2001-08-01 71227]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\D-Link\RangeBooster G WUA-2340\JSWUtil\jswpsapi.exe [2008-12-21 356434]
S3 naecd;naecd;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\naecd.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\naecd.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
S3 XDva008;XDva008;\??\c:\windows\System32\XDva008.sys --> c:\windows\System32\XDva008.sys [?]
S4 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon --> c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2009-01-13 c:\windows\Tasks\Norton Security Online - Run Full System Scan - Administrator.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []

2009-01-09 c:\windows\Tasks\Uniblue SpyEraser Nag.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []

2007-11-26 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://rogers.yahoo.com/
mStart Page = hxxp://rogers.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
Trusted Zone: free.aol.com

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\ThereInstallHelper.dll - O16 -: {88D8E8B7-A33B-4417-A385-8373484D43ED}

c:\windows\Downloaded Program Files\ThereLauncher.dll - O16 -: {AAF421E6-7914-430A-9981-72B31AFF3BF4}
file://c:\program files\There\ThereClient\ThereLauncher.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lk0lrbnl.default\
FF - prefs.js: browser.startup.homepage - hxxp://rogers.my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=66010&qkw=
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-15 08:06:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1868)
c:\windows\system32\avgrsstx.dll
c:\windows\system32\xgusb.cpl
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1932)
c:\windows\system32\avgrsstx.dll
c:\windows\system32\xgusb.cpl
.
Completion time: 2009-01-15 8:08:40
ComboFix-quarantined-files.txt 2009-01-15 13:08:14
ComboFix2.txt 2008-12-21 20:35:51

Pre-Run: 61,998,178,304 bytes free
Post-Run: 61,979,652,096 bytes free

365 --- E O F --- 2008-12-19 02:08:42

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 15 January 2009 - 09:53 AM

1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
naecd

File::
C:\Documents and Settings\Administrator\Local Settings\temp\naecd.sys

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.




Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Post me these logs in your next reply..

1. ComboFix
2, ESET Online Scanner
3. Tell me, how's the computer now?

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 jackie2929

jackie2929
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 15 January 2009 - 12:20 PM

here is the combo fix log...i think it is the right one

the computer seems to be ok :thumbsup: it is acting like a computer again ..so far anyhow!
I could not get a log of the virus scan... it found one threat..

ComboFix 08-12-20.05 - Administrator 2008-12-21 15:28:48.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1142 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\INSTALL.LOG
C:\temp.htm
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\ban_list.txt
c:\windows\system32\RunOnce1.t__
c:\windows\system32\RunOnce1.tm_
c:\windows\system32\utstv.bak1
c:\windows\system32\utstv.bak2
c:\windows\system32\utstv.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2008-11-21 to 2008-12-21 )))))))))))))))))))))))))))))))
.

2008-12-21 10:28 . 2008-12-21 15:24 14 --a------ c:\windows\system32\ANIWZCSUSERNAME{6B599847-5FD0-4299-BD1E-C08D3585176E}
2008-12-21 10:27 . 2008-12-21 10:27 <DIR> d-------- c:\program files\D-Link
2008-12-21 10:27 . 2008-12-21 10:27 <DIR> d-------- c:\program files\ANI
2008-12-20 10:31 . 2008-12-20 10:31 <DIR> d-------- c:\program files\Trend Micro
2008-12-19 06:39 . 2008-12-19 06:39 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-19 06:39 . 2008-12-19 06:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-19 06:39 . 2008-12-19 06:39 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-12-19 06:39 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-19 06:39 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-16 18:05 . 2008-12-16 18:05 <DIR> d-------- c:\program files\Common Files\INCA Shared
2008-12-16 18:05 . 2003-07-19 10:17 5,174 --a------ c:\windows\system32\nppt9x.vxd
2008-12-16 18:05 . 2005-01-03 01:43 4,682 --a------ c:\windows\system32\npptNT2.sys
2008-12-16 18:01 . 2008-12-16 18:01 <DIR> d-------- c:\program files\Softnyx
2008-12-06 11:20 . 2005-02-08 07:12 2,670,592 --------- c:\windows\UNNMP.exe
2008-12-06 11:20 . 2005-06-07 04:40 49,655 --------- c:\windows\UNNMP.cfg
2008-12-06 11:18 . 2001-07-09 11:50 155,648 --a------ c:\windows\system32\NeroCheck.exe
2008-12-06 11:17 . 2005-04-20 06:32 2,916,352 --------- c:\windows\UNNeroVision.exe
2008-12-06 11:17 . 2005-06-07 04:40 154,855 --------- c:\windows\UNNeroVision.cfg
2008-12-06 11:07 . 2008-02-28 12:26 1,414,440 --a------ c:\windows\system32\ShellManager310E2D762.dll
2008-12-06 11:07 . 2008-02-28 12:01 774,144 --a------ c:\windows\system32\NEROINSTAEC43759.DB
2008-11-29 14:53 . 2008-11-29 17:08 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Media Player Classic
2008-11-29 14:09 . 2008-11-29 14:09 <DIR> d-------- c:\program files\XP Codec Pack
2008-11-29 14:09 . 2008-07-09 03:05 421,888 --a------ c:\windows\system32\ac3filter.acm
2008-11-23 09:36 . 2008-11-23 09:36 <DIR> d-------- c:\program files\Belarc
2008-11-23 09:36 . 2008-02-27 12:49 3,840 --a------ c:\windows\system32\drivers\BANTExt.sys
2008-11-22 15:58 . 2008-11-22 15:58 <DIR> d-------- c:\program files\Photo Viewer
2008-11-22 15:57 . 2003-04-07 02:37 22,756 -ra------ c:\windows\system32\drivers\UStorage.sys
2008-11-22 08:00 . 2008-11-22 08:00 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-11-22 08:00 . 2008-11-22 08:00 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-11-22 08:00 . 2008-11-22 08:00 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-22 08:00 . 2008-11-22 08:00 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-21 19:33 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-21 18:52 --------- d-----w c:\program files\Lx_cats
2008-12-21 15:27 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-19 21:43 --------- d-----w c:\program files\LimeWire
2008-12-19 21:43 --------- d-----w c:\program files\Incomplete
2008-12-18 18:45 --------- d-----w c:\program files\PCPitstop
2008-12-18 18:45 --------- d-----w c:\documents and settings\All Users\Application Data\PCPitstop
2008-12-09 01:22 --------- d-----w c:\program files\The Palace
2008-12-06 16:20 --------- d-----w c:\program files\Ahead
2008-12-06 16:18 --------- d-----w c:\program files\Common Files\Nero
2008-12-06 16:08 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-11-26 22:02 --------- d-----w c:\program files\XoftSpySE
2008-11-24 13:10 --------- d-----w c:\documents and settings\Administrator\Application Data\Ulead Systems
2008-11-24 12:33 --------- d-----w c:\program files\Common Files\Ulead Systems
2008-11-24 12:29 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2008-11-24 12:26 --------- d-----w c:\program files\DivX
2008-11-22 13:36 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-22 13:04 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-20 02:18 --------- d-----w c:\program files\Bonjour
2008-11-15 18:49 3,766 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-11-15 18:48 --------- d-----w c:\documents and settings\Administrator\Application Data\Corel
2008-11-15 18:47 --------- d-----w c:\documents and settings\All Users\Application Data\Corel
2008-11-15 18:43 --------- d-----w c:\program files\Common Files\Corel
2008-11-15 18:41 --------- d-----w c:\program files\Corel
2008-11-15 18:12 88 --sh--r c:\documents and settings\All Users\Application Data\581B3DD1C8.sys
2008-11-15 18:12 88 --sh--r c:\documents and settings\All Users\Application Data\25BBF34A62.sys
2008-11-15 18:12 2,672 --sh--w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2008-11-15 16:11 88 --sh--r c:\documents and settings\All Users\Application Data\C1F9E22D59.sys
2008-11-11 00:40 --------- d-----w c:\program files\Windows Media Components
2008-11-11 00:40 --------- d-----w c:\documents and settings\All Users\Application Data\InterVideo
2008-11-10 03:14 --------- d-----w c:\program files\iTunes
2008-11-10 03:14 --------- d-----w c:\program files\iPod
2008-11-10 03:14 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-10 02:18 90,112 ----a-w c:\windows\DUMP831b.tmp
2008-11-10 02:16 90,112 ----a-w c:\windows\DUMP831a.tmp
2008-11-10 02:15 90,112 ----a-w c:\windows\DUMP82eb.tmp
2008-11-10 02:13 90,112 ----a-w c:\windows\DUMP827e.tmp
2008-11-10 02:12 90,112 ----a-w c:\windows\DUMP86d3.tmp
2008-11-10 02:10 90,112 ----a-w c:\windows\DUMP8424.tmp
2008-11-10 02:07 90,112 ----a-w c:\windows\DUMP850e.tmp
2008-11-10 02:02 90,112 ----a-w c:\windows\DUMP81c2.tmp
2008-11-10 02:00 90,112 ----a-w c:\windows\DUMP87ae.tmp
2008-11-10 01:56 --------- d-----w c:\documents and settings\Administrator\Application Data\BitZipper
2008-11-10 01:49 90,112 ----a-w c:\windows\DUMP880c.tmp
2008-11-10 01:46 90,112 ----a-w c:\windows\DUMP8201.tmp
2008-11-10 01:45 90,112 ----a-w c:\windows\DUMP8210.tmp
2008-11-10 01:42 90,112 ----a-w c:\windows\DUMP8184.tmp
2008-11-10 01:40 90,112 ----a-w c:\windows\DUMP84fe.tmp
2008-11-10 01:39 90,112 ----a-w c:\windows\DUMP91c0.tmp
2008-11-05 01:46 --------- d-----w c:\documents and settings\Administrator\Application Data\Template
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 01:00 666,112 ----a-w c:\windows\system32\wininet.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2006-02-15 01:25 622 ------w c:\documents and settings\Administrator\palaces.dat
2005-05-26 18:35 1,422 ----a-w c:\program files\ReadMe.txt
2002-07-03 22:32 51,518 ----a-w c:\program files\Cyborg.ipt
2008-04-10 00:44 253,984 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-04-10 00:44 20,768 --sha-w c:\windows\system32\drivers\fidbox2.dat
2005-08-04 01:57 276 -csha-w c:\windows\system32\tgusehdl\csrss.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherEye"="c:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe" [2008-05-30 4501912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-10-03 118784]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-12 335872]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-14 139264]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-01-10 69632]
"ehTray"="c:\windows\ehome\ehtray.exe" [2008-04-13 50176]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"D-Link RangeBooster G WUA-2340"="c:\program files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe" [2008-09-23 1667072]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 169984]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 c:\windows\system32\Ati2mdxx.exe]
"LTMSG"="LTMSG.exe" [2003-07-14 c:\windows\ltmsg.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 c:\windows\ALCXMNTR.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"= xgusb.cpl
"midi2"= xgusb.cpl
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Ubisoft register.lnk]
backup=c:\windows\pss\Ubisoft register.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TotalMedia Backup Monitor.lnk]
backup=c:\windows\pss\TotalMedia Backup Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TypeAgent.lnk]
backup=c:\windows\pss\TypeAgent.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Services

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--------- 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
-ra------ 2007-03-01 09:37 2321600 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
--a------ 2007-01-19 11:49 49152 c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify]
--a------ 2003-06-23 00:25 24576 c:\program files\HP\Digital Imaging\bin\BackupNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
--a------ 2002-10-07 10:23 90112 c:\program files\HP\Digital Imaging\Unload\HpqCmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
--a------ 2007-08-28 12:00 531272 c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\csrss]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link RangeBooster G WUA-2340]
--a------ 2008-09-23 22:45 1667072 c:\program files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 16:30 249856 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 16:30 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--------- 2008-10-01 18:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe]
--------- 2005-07-20 23:16 192512 c:\program files\Lexmark 3300 Series\lxccmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
--a------ 2005-12-01 00:45 77892 c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RHSI SHS]
--a------ 2006-11-06 14:17 5158512 c:\program files\Rogers\SelfHealing\SHS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RogersAgent]
--a------ 2006-11-06 11:41 477440 c:\program files\Rogers\SelfHealing\RogersAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SHS]
--a------ 2006-11-06 14:17 5158512 c:\program files\Rogers\SelfHealing\SHS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-r-hs---- 2008-07-30 14:45 1829712 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Manager]
--a--c--- 2004-09-10 11:41 131072 c:\program files\Rogers\Update Manager\UpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS12 Preload]
--------- 2008-06-09 11:03 397456 c:\program files\Corel\Corel VideoStudio 12\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2005-08-17 13:28 3092480 c:\program files\Yahoo!\Messenger\YPager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
--a------ 2008-06-03 16:49 509224 c:\progra~1\Yahoo!\YOP\yop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ProtexisLicensing"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"LiveUpdate Notice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\Yserver.exe"= c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Plus! Digital Media Edition\\PhotoStory\\PhotoStory.exe"=
"c:\\kav\\kav7\\setup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\DRIVERS\A5AGU.sys [2006-05-08 386784]
R3 EvcapMaui;Emuzed EvcapMaui Device;c:\windows\system32\DRIVERS\EvcapMau.sys [2003-12-17 177664]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\DRIVERS\jswscimd.sys [2008-12-21 57440]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2007-08-28 23888]
S3 HNBCP;Intel® AnyPoint™ PCI 10 Mbps Network Adapter Driver;c:\windows\system32\DRIVERS\HNBCP_5.sys [2001-04-02 58034]
S3 HNBCU;Intel® AnyPoint™ USB 10 Mbps Network Adapter Driver;c:\windows\system32\DRIVERS\HNBCU_5.SYS [2001-08-01 71227]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\D-Link\RangeBooster G WUA-2340\JSWUtil\jswpsapi.exe [2008-12-21 356434]
S3 naecd;naecd;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\naecd.sys []
S3 XDva008;XDva008;\??\c:\windows\System32\XDva008.sys []
S4 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [2008-12-18 77312]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c7c7ffa-bde5-11dc-8b73-001b11bdcecc}]
\Shell\AutoRun\command - F:\xfk2m3xs.bat
\Shell\explore\Command - F:\xfk2m3xs.bat
\Shell\open\Command - F:\xfk2m3xs.bat
.
Contents of the 'Scheduled Tasks' folder

2008-12-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-16 c:\windows\Tasks\Norton Security Online - Run Full System Scan - Administrator.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []

2008-12-20 c:\windows\Tasks\Uniblue SpyEraser Nag.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []

2007-11-26 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
.
- - - - ORPHANS REMOVED - - - -

Notify-vtstu - (no file)
MSConfigStartUp-AutoTKit - c:\hp\bin\AUTOTKIT.EXE
MSConfigStartUp-Corel File Shell Monitor - c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-osCheck - c:\program files\Norton Internet Security\osCheck.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://rogers.yahoo.com/
mStart Page = hxxp://rogers.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\pcpitstopAntiVirus.dll - O16 -: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD}
hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll

c:\windows\Downloaded Program Files\ThereInstallHelper.dll - O16 -: {88D8E8B7-A33B-4417-A385-8373484D43ED}

c:\windows\Downloaded Program Files\ThereLauncher.dll - O16 -: {AAF421E6-7914-430A-9981-72B31AFF3BF4}
file://c:\program files\There\ThereClient\ThereLauncher.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lk0lrbnl.default\
FF - prefs.js: browser.startup.homepage - hxxp://rogers.my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=66010&qkw=
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("general.useragent.vendorComment", "ax");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("security.xpconnect.activex.global.hosting_flags", 9);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("security.classID.allowByDefault", false);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6BF52A52-394A-11D3-B153-00C04F79FAA6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID22D6F312-B0F6-11D0-94AB-0080C74C7E95", "AllAccess");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-21 15:33:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1632)
c:\windows\system32\xgusb.cpl

- - - - - - - > 'lsass.exe'(1688)
c:\windows\system32\xgusb.cpl
.
Completion time: 2008-12-21 15:35:50
ComboFix-quarantined-files.txt 2008-12-21 20:34:32

Pre-Run: 47,913,189,376 bytes free
Post-Run: 47,894,646,784 bytes free

347 --- E O F --- 2008-12-19 02:08:42

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 16 January 2009 - 12:19 AM

Hello.. I believe you did the CFScript step wrongly..


Please copy/paste below code into Notepad >> Save it in Desktop as CFScript >> Drag CFScript onto ComboFix icon like below..

Posted Image


KillAll::

Driver::
naecd

File::
C:\Documents and Settings\Administrator\Local Settings\temp\naecd.sys

Folder::
c:\windows\system32\tgusehdl

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c7c7ffa-bde5-11dc-8b73-001b11bdcecc}]


Then, after it finishes the scan, post the log here.. :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 jackie2929

jackie2929
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 16 January 2009 - 09:12 AM

here is the new log....hope I did it right..
thanks for the help..more then you can ever know.


ComboFix 09-01-13.04 - Administrator 2009-01-16 8:54:25.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.959 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
AV: Norton Security Online *On-access scanning disabled* (Updated)
FW: Norton Security Online *enabled*
* Created a new restore point

FILE ::
c:\documents and settings\Administrator\Local Settings\temp\naecd.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\tgusehdl
c:\windows\system32\tgusehdl\csrss.dat
c:\windows\system32\tgusehdl\csrss.ini

.
((((((((((((((((((((((((( Files Created from 2008-12-16 to 2009-01-16 )))))))))))))))))))))))))))))))
.

2009-01-16 08:06 . 2009-01-16 08:44 <DIR> d-------- c:\windows\LastGood.Tmp
2009-01-15 10:23 . 2009-01-15 12:26 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-01-15 07:23 . 2009-01-15 07:23 <DIR> d-------- C:\_OTMoveIt
2009-01-14 20:27 . 2009-01-14 20:45 250 --a------ c:\windows\gmer.ini
2009-01-14 10:21 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-01-13 08:08 . 2009-01-13 08:08 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-13 07:27 . 2009-01-13 07:27 <DIR> d-------- C:\VundoFix Backups
2009-01-07 21:40 . 2009-01-07 21:40 <DIR> d-------- c:\documents and settings\Administrator\DoctorWeb
2009-01-05 18:42 . 2009-01-05 18:42 <DIR> d-------- c:\program files\LeeGTs Games
2008-12-29 18:04 . 2008-12-29 18:04 <DIR> d--h----- c:\windows\system32\GroupPolicy
2008-12-29 17:49 . 2003-06-25 16:05 266,360 --a------ c:\windows\system32\TweakUI.exe
2008-12-29 17:49 . 2002-06-21 15:09 160,217 --a------ c:\windows\system32\PowerToysLicense.rtf
2008-12-29 17:10 . 2008-12-29 17:11 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2008-12-29 14:06 . 2009-01-12 00:38 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-29 14:00 . 2008-12-29 14:09 249,856 --a------ c:\windows\Setup1.exe
2008-12-29 14:00 . 2008-12-29 14:09 73,216 --a------ c:\windows\ST6UNST.EXE
2008-12-29 10:57 . 2008-12-29 10:57 23,600 --a------ c:\windows\system32\drivers\TVICHW32.SYS
2008-12-28 21:37 . 2008-12-28 21:37 <DIR> d-------- c:\documents and settings\Administrator\Application Data\ImgBurn
2008-12-28 21:32 . 2008-12-28 21:32 <DIR> d-------- c:\program files\ImgBurn
2008-12-28 19:19 . 2008-12-28 19:19 <DIR> d-------- C:\rsit
2008-12-28 18:09 . 2008-04-13 20:12 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll
2008-12-28 18:09 . 2003-07-30 14:00 28,288 --a--c--- c:\windows\system32\dllcache\xjis.nls
2008-12-28 18:09 . 2004-08-04 01:29 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys
2008-12-28 18:09 . 2008-04-13 20:12 18,944 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll
2008-12-28 18:09 . 2004-08-04 01:29 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys
2008-12-28 18:09 . 2008-04-13 20:12 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
2008-12-28 18:08 . 2004-08-04 01:29 33,599 --a--c--- c:\windows\system32\dllcache\watv04nt.sys
2008-12-28 18:08 . 2008-04-13 14:45 31,744 --a--c--- c:\windows\system32\dllcache\wceusbsh.sys
2008-12-28 18:08 . 2004-08-04 01:29 29,311 --a--c--- c:\windows\system32\dllcache\watv01nt.sys
2008-12-28 18:08 . 2008-04-13 14:45 26,112 --a--c--- c:\windows\system32\dllcache\usbser.sys
2008-12-28 18:08 . 2004-08-04 01:29 23,615 --a--c--- c:\windows\system32\dllcache\wch7xxnt.sys
2008-12-28 18:08 . 2004-08-04 01:29 19,551 --a--c--- c:\windows\system32\dllcache\watv02nt.sys
2008-12-28 18:08 . 2004-08-04 01:29 12,415 --a--c--- c:\windows\system32\dllcache\wadv01nt.sys
2008-12-28 18:08 . 2004-08-04 01:29 12,127 --a--c--- c:\windows\system32\dllcache\wadv02nt.sys
2008-12-28 18:08 . 2004-08-04 01:29 11,775 --a--c--- c:\windows\system32\dllcache\wadv05nt.sys
2008-12-28 18:08 . 2008-04-13 14:36 8,832 --a--c--- c:\windows\system32\dllcache\wmiacpi.sys
2008-12-28 18:07 . 2008-04-13 14:40 149,376 --a--c--- c:\windows\system32\dllcache\tffsport.sys
2008-12-28 18:07 . 2008-04-13 20:12 82,944 --a--c--- c:\windows\system32\dllcache\tp4mon.exe
2008-12-28 18:07 . 2008-04-13 14:45 60,032 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2008-12-28 18:07 . 2008-04-13 14:45 17,152 --a--c--- c:\windows\system32\dllcache\usbohci.sys
2008-12-28 18:06 . 2008-04-13 14:40 43,904 --a--c--- c:\windows\system32\dllcache\sbp2port.sys
2008-12-28 18:06 . 2004-08-04 01:31 32,768 --a--c--- c:\windows\system32\dllcache\sisnic.sys
2008-12-28 18:06 . 2008-04-13 14:36 16,000 --a--c--- c:\windows\system32\dllcache\smbbatt.sys
2008-12-28 18:06 . 2008-04-13 14:45 11,520 --a--c--- c:\windows\system32\dllcache\scsiscan.sys
2008-12-28 18:06 . 2008-04-13 14:40 7,552 --a--c--- c:\windows\system32\dllcache\sonyait.sys
2008-12-28 18:06 . 2008-04-13 14:36 6,912 --a--c--- c:\windows\system32\dllcache\smbclass.sys
2008-12-28 18:05 . 2008-04-13 20:12 159,232 --a--c--- c:\windows\system32\dllcache\ptpusd.dll
2008-12-28 18:05 . 2003-07-30 14:00 83,748 --a--c--- c:\windows\system32\dllcache\prcp.nls
2008-12-28 18:05 . 2003-07-30 14:00 83,748 --a--c--- c:\windows\system32\dllcache\prc.nls
2008-12-28 18:05 . 2008-04-13 14:40 79,104 --a--c--- c:\windows\system32\dllcache\rocket.sys
2008-12-28 18:05 . 2008-04-13 20:12 29,696 --a--c--- c:\windows\system32\dllcache\rw450ext.dll
2008-12-28 18:05 . 2008-04-13 20:12 27,648 --a--c--- c:\windows\system32\dllcache\rw430ext.dll
2008-12-28 18:05 . 2008-04-13 14:41 17,664 --a--c--- c:\windows\system32\dllcache\ppa3.sys
2008-12-28 18:05 . 2008-04-13 14:40 8,832 --a--c--- c:\windows\system32\dllcache\powerfil.sys
2008-12-28 18:05 . 2008-04-13 14:40 6,016 --a--c--- c:\windows\system32\dllcache\qic157.sys
2008-12-28 18:04 . 2008-04-13 20:10 259,328 --a--c--- c:\windows\system32\dllcache\perm3dd.dll
2008-12-28 18:04 . 2008-04-13 20:10 211,584 --a--c--- c:\windows\system32\dllcache\perm2dll.dll
2008-12-28 18:04 . 2004-08-04 01:31 29,502 --a--c--- c:\windows\system32\dllcache\pca200e.sys
2008-12-28 18:04 . 2008-04-13 14:54 28,672 --a--c--- c:\windows\system32\dllcache\nscirda.sys
2008-12-28 18:04 . 2008-04-13 14:44 28,032 --a--c--- c:\windows\system32\dllcache\perm3.sys
2008-12-28 18:04 . 2008-04-13 14:44 27,904 --a--c--- c:\windows\system32\dllcache\perm2.sys
2008-12-28 18:03 . 2008-04-13 14:46 49,024 --a--c--- c:\windows\system32\dllcache\mstape.sys
2008-12-28 18:03 . 2008-04-13 14:41 26,112 --a--c--- c:\windows\system32\dllcache\memstpci.sys
2008-12-28 18:03 . 2008-04-13 14:54 22,016 --a--c--- c:\windows\system32\dllcache\msircomm.sys
2008-12-28 18:03 . 2008-04-13 14:40 7,040 --a--c--- c:\windows\system32\dllcache\ltotape.sys
2008-12-28 18:02 . 2008-04-13 20:11 253,952 --a--c--- c:\windows\system32\dllcache\kdsusd.dll
2008-12-28 18:02 . 2008-04-13 20:12 151,552 --a--c--- c:\windows\system32\dllcache\irftp.exe
2008-12-28 18:02 . 2008-04-13 14:54 88,192 --a--c--- c:\windows\system32\dllcache\irda.sys
2008-12-28 18:02 . 2008-04-13 20:11 48,640 --a--c--- c:\windows\system32\dllcache\kdsui.dll
2008-12-28 18:02 . 2003-07-30 14:00 47,066 --a--c--- c:\windows\system32\dllcache\ksc.nls
2008-12-28 18:02 . 2008-04-13 14:40 34,688 --a--c--- c:\windows\system32\dllcache\lbrtfdc.sys
2008-12-28 18:02 . 2008-04-13 20:11 28,160 --a--c--- c:\windows\system32\dllcache\irmon.dll
2008-12-28 18:01 . 2008-04-13 20:11 702,845 --a--c--- c:\windows\system32\dllcache\i81xdnt5.dll
2008-12-28 18:01 . 2004-08-04 01:29 161,020 --a--c--- c:\windows\system32\dllcache\i81xnt5.sys
2008-12-28 18:01 . 2008-04-13 14:41 18,560 --a--c--- c:\windows\system32\dllcache\i2omp.sys
2008-12-28 18:01 . 2008-04-13 14:41 8,576 --a--c--- c:\windows\system32\dllcache\i2omgmt.sys
2008-12-28 18:00 . 2008-04-13 14:45 59,136 --a--c--- c:\windows\system32\dllcache\gckernel.sys
2008-12-28 18:00 . 2004-08-04 01:31 34,173 --a--c--- c:\windows\system32\dllcache\forehe.sys
2008-12-28 18:00 . 2008-04-13 14:40 28,288 --a--c--- c:\windows\system32\dllcache\grserial.sys
2008-12-28 18:00 . 2008-04-13 14:36 20,352 --a--c--- c:\windows\system32\dllcache\hidbatt.sys
2008-12-28 18:00 . 2008-04-13 14:45 10,624 --a--c--- c:\windows\system32\dllcache\gameenum.sys
2008-12-28 17:59 . 2008-04-13 20:11 249,856 --a--c--- c:\windows\system32\dllcache\ctmasetp.dll
2008-12-28 17:59 . 2008-04-13 14:39 206,976 --a--c--- c:\windows\system32\dllcache\dot4.sys
2008-12-28 17:59 . 2004-08-04 01:32 48,640 --a--c--- c:\windows\system32\dllcache\cwrwdm.sys
2008-12-28 17:59 . 2008-04-13 20:12 20,992 --a--c--- c:\windows\system32\dllcache\dshowext.ax
2008-12-28 17:59 . 2008-04-13 14:36 13,952 --a--c--- c:\windows\system32\dllcache\cmbatt.sys
2008-12-28 17:59 . 2008-04-13 14:36 10,240 --a--c--- c:\windows\system32\dllcache\compbatt.sys
2008-12-28 17:59 . 2008-04-13 14:40 8,320 --a--c--- c:\windows\system32\dllcache\dlttape.sys
2008-12-28 17:57 . 2001-08-17 22:36 462,848 --a--c--- c:\windows\system32\dllcache\a3dapi.dll
2008-12-28 17:57 . 2008-04-13 14:46 48,128 --a--c--- c:\windows\system32\dllcache\61883.sys
2008-12-28 17:57 . 2008-04-13 14:46 38,912 --a--c--- c:\windows\system32\dllcache\avc.sys
2008-12-28 17:57 . 2008-04-13 14:36 14,208 --a--c--- c:\windows\system32\dllcache\battc.sys
2008-12-28 17:57 . 2008-04-13 14:46 13,696 --a--c--- c:\windows\system32\dllcache\avcstrm.sys
2008-12-28 17:57 . 2008-04-13 14:40 12,288 --a--c--- c:\windows\system32\dllcache\4mmdat.sys
2008-12-28 15:07 . 2009-01-15 09:35 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-28 15:07 . 2008-12-28 15:07 <DIR> d-------- c:\program files\AVG
2008-12-28 15:07 . 2008-12-28 15:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-28 15:07 . 2008-12-28 15:07 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-28 15:07 . 2008-12-28 15:07 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-28 15:01 . 2008-12-28 15:01 <DIR> d-------- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2008-12-28 15:01 . 2008-12-28 15:01 0 --a------ C:\lxccUNST.csv
2008-12-27 20:51 . 2009-01-11 22:06 69 --a------ c:\windows\NeroDigital.ini
2008-12-23 19:17 . 2009-01-13 08:08 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-23 19:17 . 2008-12-23 19:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-23 19:17 . 2009-01-13 08:08 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-12-23 18:34 . 2008-12-23 18:34 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-23 18:34 . 2008-12-23 18:34 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-23 18:12 . 2008-12-23 18:12 <DIR> d-------- c:\program files\CCleaner
2008-12-21 10:28 . 2009-01-16 09:00 14 --a------ c:\windows\system32\ANIWZCSUSERNAME{6B599847-5FD0-4299-BD1E-C08D3585176E}
2008-12-21 10:27 . 2008-12-21 10:27 <DIR> d-------- c:\program files\D-Link
2008-12-21 10:27 . 2008-12-21 10:27 <DIR> d-------- c:\program files\ANI
2008-12-20 10:31 . 2008-12-20 10:31 <DIR> d-------- c:\program files\Trend Micro
2008-12-19 06:39 . 2009-01-14 10:30 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-19 06:39 . 2008-12-19 06:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-19 06:39 . 2008-12-19 06:39 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-12-19 06:39 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-19 06:39 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-16 18:05 . 2008-12-16 18:05 <DIR> d-------- c:\program files\Common Files\INCA Shared
2008-12-16 18:05 . 2003-07-19 10:17 5,174 --a------ c:\windows\system32\nppt9x.vxd
2008-12-16 18:05 . 2005-01-03 01:43 4,682 --a------ c:\windows\system32\npptNT2.sys
2008-12-16 18:01 . 2008-12-16 18:01 <DIR> d-------- c:\program files\Softnyx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-16 13:41 --------- d-----w c:\program files\Lx_cats
2009-01-15 12:15 --------- d-----w c:\program files\XoftSpySE
2009-01-15 12:15 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-15 12:15 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-07 15:50 --------- d-----w c:\program files\The Palace
2008-12-29 22:11 --------- d-----w c:\program files\Uniblue
2008-12-29 22:00 --------- d-----w c:\program files\Microsoft IntelliPoint
2008-12-29 01:21 --------- d-----w c:\program files\Common Files\Nero
2008-12-29 01:20 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-12-29 00:06 --------- d-----w c:\program files\TrojanHunter 5.0
2008-12-28 21:39 --------- d-----w c:\program files\Rogers
2008-12-28 21:37 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-28 21:37 --------- d-----w c:\program files\Corel
2008-12-28 21:37 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2008-12-28 20:04 --------- d-----w c:\program files\Three Rings Design
2008-12-28 20:02 --------- d-----w c:\program files\PCPitstop
2008-12-28 20:02 --------- d-----w c:\program files\PartyGaming
2008-12-28 20:01 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-12-27 14:10 --------- d-----w c:\program files\ArcSoft
2008-12-23 23:34 --------- d-----w c:\program files\Java
2008-12-22 00:41 --------- d-----w c:\program files\Common Files\Scanner
2008-12-21 19:33 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-19 21:43 --------- d-----w c:\program files\LimeWire
2008-12-19 21:43 --------- d-----w c:\program files\Incomplete
2008-12-18 18:45 --------- d-----w c:\documents and settings\All Users\Application Data\PCPitstop
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-11-29 22:08 --------- d-----w c:\documents and settings\Administrator\Application Data\Media Player Classic
2008-11-29 19:09 --------- d-----w c:\program files\XP Codec Pack
2008-11-24 13:10 --------- d-----w c:\documents and settings\Administrator\Application Data\Ulead Systems
2008-11-24 12:26 --------- d-----w c:\program files\DivX
2008-11-22 20:58 --------- d-----w c:\program files\Photo Viewer
2008-11-22 13:00 --------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2008-11-22 13:00 --------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-11-22 13:00 --------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-11-20 02:18 --------- d-----w c:\program files\Bonjour
2008-11-15 18:12 88 --sha-r c:\documents and settings\All Users\Application Data\581B3DD1C8.sys
2008-11-15 18:12 88 --sha-r c:\documents and settings\All Users\Application Data\25BBF34A62.sys
2008-11-15 18:12 2,672 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2008-11-15 16:11 88 --sha-r c:\documents and settings\All Users\Application Data\C1F9E22D59.sys
2008-11-10 02:18 90,112 ----a-w c:\windows\DUMP831b.tmp
2008-11-10 02:16 90,112 ----a-w c:\windows\DUMP831a.tmp
2008-11-10 02:15 90,112 ----a-w c:\windows\DUMP82eb.tmp
2008-11-10 02:13 90,112 ----a-w c:\windows\DUMP827e.tmp
2008-11-10 02:12 90,112 ----a-w c:\windows\DUMP86d3.tmp
2008-11-10 02:10 90,112 ----a-w c:\windows\DUMP8424.tmp
2008-11-10 02:07 90,112 ----a-w c:\windows\DUMP850e.tmp
2008-11-10 02:02 90,112 ----a-w c:\windows\DUMP81c2.tmp
2008-11-10 02:00 90,112 ----a-w c:\windows\DUMP87ae.tmp
2008-11-10 01:49 90,112 ----a-w c:\windows\DUMP880c.tmp
2008-11-10 01:46 90,112 ----a-w c:\windows\DUMP8201.tmp
2008-11-10 01:45 90,112 ----a-w c:\windows\DUMP8210.tmp
2008-11-10 01:42 90,112 ----a-w c:\windows\DUMP8184.tmp
2008-11-10 01:40 90,112 ----a-w c:\windows\DUMP84fe.tmp
2008-11-10 01:39 90,112 ----a-w c:\windows\DUMP91c0.tmp
2006-02-15 01:25 622 ----a-w c:\documents and settings\Administrator\palaces.dat
2005-05-26 18:35 1,422 ----a-w c:\program files\ReadMe.txt
2002-07-03 22:32 51,518 ----a-w c:\program files\Cyborg.ipt
2008-04-10 00:44 253,984 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-04-10 00:44 20,768 --sha-w c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-15_ 8.06.50.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2008-12-28 14:31:44 12,288 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-01-16 13:46:13 12,288 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-12-28 14:31:44 135,168 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-01-16 13:46:13 135,168 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-12-28 14:31:44 11,264 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-01-16 13:46:13 11,264 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-12-28 14:31:44 27,136 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-01-16 13:46:13 27,136 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-12-28 14:31:44 4,096 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-01-16 13:46:13 4,096 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-12-28 14:31:44 794,624 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-01-16 13:46:13 794,624 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-12-28 14:31:44 249,856 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-01-16 13:46:13 249,856 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-12-28 14:31:44 23,040 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-01-16 13:46:13 23,040 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-12-28 14:31:44 286,720 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-01-16 13:46:13 286,720 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-12-28 14:31:44 409,600 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-01-16 13:46:13 409,600 ----a-r c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2001-08-17 18:28:26 687,999 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\usrwdxjs.sys
+ 2001-08-17 18:49:04 24,576 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\viairda.sys
+ 2001-08-17 17:14:12 249,402 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\vinwm.sys
+ 2001-08-17 18:28:14 604,253 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\vmodem.sys
+ 2008-04-14 00:11:04 426,041 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\voicepad.dll
+ 2008-04-14 00:11:04 86,073 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\voicesub.dll
+ 2001-08-17 18:28:16 397,502 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\vpctcom.sys
+ 2001-08-17 18:28:16 64,605 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\vvoice.sys
+ 2003-07-30 19:00:00 48,256 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\w32.dll
+ 2003-07-30 19:00:00 4,608 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\w3ctrs51.dll
+ 2003-07-30 19:00:00 73,728 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\w3ext.dll
+ 2003-07-30 19:00:00 5,632 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\w3svapi.dll
+ 2008-04-14 00:12:08 364,032 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\w3svc.dll
+ 2001-08-17 17:13:08 19,528 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\w840nd.sys
+ 2001-08-17 17:13:08 19,016 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\w926nd.sys
+ 2001-08-17 17:13:12 16,925 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\w940nd.sys
+ 2004-08-04 06:29:38 12,415 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\wadv01nt.sys
+ 2004-08-04 06:29:38 12,127 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\wadv02nt.sys
+ 2004-08-04 06:29:38 11,775 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\wadv05nt.sys
+ 2008-04-14 00:12:08 76,800 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\wam51.dll
+ 2003-07-30 19:00:00 9,216 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\wamps51.dll
+ 2008-04-14 00:12:08 53,248 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\wamreg51.dll
+ 2003-07-30 19:00:00 7,168 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\wamregps.dll
+ 2004-08-04 06:29:42 29,311 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\watv01nt.sys
+ 2004-08-04 06:29:42 19,551 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\watv02nt.sys
+ 2004-08-04 06:29:44 33,599 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\watv04nt.sys
+ 2001-08-17 17:10:30 35,871 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\wbfirdma.sys
+ 2008-04-13 19:45:38 31,744 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\wceusbsh.sys
+ 2004-08-04 06:29:46 23,615 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\wch7xxnt.sys
+ 2001-08-17 18:28:02 701,386 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\wdhaalba.sys
+ 2003-07-30 19:00:00 41,600 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\weitekp9.dll
+ 2003-07-30 19:00:00 31,232 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\weitekp9.sys
+ 2001-08-18 03:36:34 53,760 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\wiamsmud.dll
+ 2001-08-17 18:28:14 771,581 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\winacisa.sys
+ 2001-08-17 17:12:38 34,890 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\wlandrv2.sys
+ 2002-08-29 03:59:26 154,624 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\wlluc48.sys
+ 2008-04-13 19:36:38 8,832 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\wmiacpi.sys
+ 2008-04-14 01:12:10 8,192 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\wshirda.dll
+ 2004-08-04 06:29:48 12,063 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\wsiintxx.sys
+ 2004-08-04 06:29:50 19,455 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\wvchntxx.sys
+ 2001-08-17 17:11:14 16,970 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\xem336n5.sys
+ 2001-08-18 03:37:02 99,865 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\xlog.exe
+ 2001-08-18 03:37:02 4,608 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\xrxflnch.exe
+ 2001-08-18 03:37:02 27,648 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\xrxftplt.exe
+ 2008-04-14 01:12:12 18,944 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\xrxscnui.dll
+ 2001-08-18 03:36:36 23,040 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\xrxwbtmp.dll
+ 2008-04-14 01:12:12 116,224 ----a-w c:\windows\LastGood.Tmp\system32\dllcache\xrxwiadr.dll
- 2003-08-13 14:34:00 369,152 -c--a-w c:\windows\system32\dllcache\ati2dvag.dll
+ 2006-02-22 01:46:48 256,512 -c--a-w c:\windows\system32\dllcache\ati2dvag.dll
- 2008-09-08 10:41:42 333,824 -c--a-w c:\windows\system32\dllcache\srv.sys
+ 2008-12-11 10:57:09 333,952 -c--a-w c:\windows\system32\dllcache\srv.sys
- 2008-12-28 22:06:07 200,936 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-01-15 15:07:25 200,936 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2007-07-27 20:49:02 196,683 ----a-w c:\windows\system32\lnod32apiA.dll
+ 2007-07-27 20:49:02 225,355 ----a-w c:\windows\system32\lnod32apiW.dll
+ 2005-12-06 01:25:22 139,264 ----a-w c:\windows\system32\lnod32umc.dll
+ 2005-12-05 18:37:10 106,496 ----a-w c:\windows\system32\lnod32upd.dll
- 2004-12-21 10:20:34 65,536 ----a-w c:\windows\system32\lxcccfg.dll
+ 2004-12-21 11:20:34 65,536 ----a-w c:\windows\system32\lxcccfg.dll
+ 2009-01-09 22:35:30 20,853,704 ----a-w c:\windows\system32\MRT.exe
+ 2007-08-02 23:11:28 253,952 ----a-w c:\windows\system32\OnlineScannerDLLA.dll
+ 2007-08-02 23:11:14 241,664 ----a-w c:\windows\system32\OnlineScannerDLLW.dll
+ 2007-08-06 18:17:40 19,456 ----a-w c:\windows\system32\OnlineScannerLang.dll
+ 2007-06-13 16:10:34 77,824 ----a-w c:\windows\system32\OnlineScannerUninstaller.exe
- 2008-07-08 13:02:01 17,272 ----a-w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
- 2009-01-15 12:25:42 32,768 -c----w c:\windows\Temp\Cookies\index.dat
+ 2009-01-16 13:58:26 32,768 -c----w c:\windows\Temp\Cookies\index.dat
- 2009-01-15 12:25:42 32,768 -c----w c:\windows\Temp\History\History.IE5\index.dat
+ 2009-01-16 13:58:26 32,768 -c----w c:\windows\Temp\History\History.IE5\index.dat
+ 2009-01-16 13:58:29 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_6b0.dat
- 2009-01-15 12:25:42 65,536 -c----w c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-16 13:58:26 65,536 -c----w c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherEye"="c:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe" [2008-05-30 4501912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-10-03 118784]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-05-23 483328]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-12 335872]
"Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-14 139264]
"ehTray"="c:\windows\ehome\ehtray.exe" [2008-04-13 50176]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-23 136600]
"D-Link RangeBooster G WUA-2340"="c:\program files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe" [2008-09-23 1667072]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-28 1261336]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"LXCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-01-10 69632]
"lxccmon.exe"="c:\program files\Lexmark 3300 Series\lxccmon.exe" [2005-07-20 192512]
"LTMSG"="LTMSG.exe" [2003-07-14 c:\windows\ltmsg.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 c:\windows\ALCXMNTR.EXE]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"= xgusb.cpl
"midi2"= xgusb.cpl
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Ubisoft register.lnk]
backup=c:\windows\pss\Ubisoft register.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TotalMedia Backup Monitor.lnk]
backup=c:\windows\pss\TotalMedia Backup Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TypeAgent.lnk]
backup=c:\windows\pss\TypeAgent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
--a------ 2002-10-07 10:23 90112 c:\program files\HP\Digital Imaging\Unload\HpqCmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Manager]
--a--c--- 2004-09-10 11:41 131072 c:\program files\Rogers\Update Manager\UpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\Yserver.exe"= c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Plus! Digital Media Edition\\PhotoStory\\PhotoStory.exe"=
"c:\\kav\\kav7\\setup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-28 97928]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2006-05-08 386784]
R3 EvcapMaui;Emuzed EvcapMaui Device;c:\windows\system32\drivers\EvcapMau.sys [2003-12-17 177664]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-12-21 57440]
R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-28 231704]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-08-28 23888]
S3 HNBCP;Intel® AnyPoint™ PCI 10 Mbps Network Adapter Driver;c:\windows\system32\drivers\HNBCP_5.SYS [2001-04-02 58034]
S3 HNBCU;Intel® AnyPoint™ USB 10 Mbps Network Adapter Driver;c:\windows\system32\drivers\HNBCU_5.SYS [2001-08-01 71227]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\D-Link\RangeBooster G WUA-2340\JSWUtil\jswpsapi.exe [2008-12-21 356434]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
S3 XDva008;XDva008;\??\c:\windows\System32\XDva008.sys --> c:\windows\System32\XDva008.sys [?]
S4 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon --> c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2009-01-13 c:\windows\Tasks\Norton Security Online - Run Full System Scan - Administrator.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []

2009-01-09 c:\windows\Tasks\Uniblue SpyEraser Nag.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []

2007-11-26 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://rogers.yahoo.com/
mStart Page = hxxp://rogers.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
Trusted Zone: free.aol.com

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

c:\windows\Downloaded Program Files\ThereInstallHelper.dll - O16 -: {88D8E8B7-A33B-4417-A385-8373484D43ED}

c:\windows\Downloaded Program Files\ThereLauncher.dll - O16 -: {AAF421E6-7914-430A-9981-72B31AFF3BF4}
file://c:\program files\There\ThereClient\ThereLauncher.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lk0lrbnl.default\
FF - prefs.js: browser.startup.homepage - hxxp://rogers.my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=66010&qkw=
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-16 09:00:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1872)
c:\windows\system32\xgusb.cpl
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(1928)
c:\windows\system32\xgusb.cpl
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\scardsvr.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehsched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\lxcccoms.exe
.
**************************************************************************
.
Completion time: 2009-01-16 9:09:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-16 14:08:57
ComboFix2.txt 2009-01-15 15:17:23
ComboFix3.txt 2009-01-15 13:08:41
ComboFix4.txt 2008-12-21 20:35:51

Pre-Run: 73,883,766,784 bytes free
Post-Run: 74,024,177,664 bytes free

476 --- E O F --- 2009-01-16 13:46:16

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 16 January 2009 - 09:42 AM

Log looks good to me.. Lets do an online scan to make sure we don't miss any...


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

How's the computer now? :thumbsup:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 jackie2929

jackie2929
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 17 January 2009 - 05:05 PM

the scan was clean, here is the log..
I think things are good... i hope so :thumbsup:
jac



# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3773 (20090117)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=6823284e91f73343bed8a6393f2e983b
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-17 07:51:14
# local_time=2009-01-17 02:51:14 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=579192
# found=0
# scan_time=5354




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users