Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

explorcr.exe !


  • This topic is locked This topic is locked
11 replies to this topic

#1 encyclogames

encyclogames

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Qatar
  • Local time:08:55 AM

Posted 16 January 2009 - 01:55 PM

SOMEONE HELP PLEASE!!!!!!!!!!!!!!
I am infected with some worm shown in the process as explorcr.exe and although i disable it everytime i start my pc i need it to get it out of my pc ASAP before 21st of this month according to the information on the virus i researched for on the internet.

link 1:http://www.prevx.com/filenames/X1649097514790568870-0/EXPLORCR2EEXE.html

link 2:http://www.iamatechie.com/remove-happy-birthday-virus/

link 3:http://www.f-secure.com/v-descs/worm_w32_autorun_cns.shtml

here is the hijack this log:
note:i disable the explorcr process everytime the pc starts so i dont know wether the log will show it or not.If you want i'll run my next hjt log instantly the pc starts and then have the process disabled.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:51:51 PM, on 1/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Utilities\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\new\Desktop\utorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Utilities\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1561552
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Utilities\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [explorcr] C:\WINDOWS\system32\explorcr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Avro Keyboard] E:\antor\Avro Keyboard\Avro Keyboard.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Utilities\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - E:\antor\Ares\chatServer.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Diskeeper - Diskeeper® Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8314 bytes

Hope my problem is solved before 21st !!!!!!!!!

-encyclogames aka E.G

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 17 January 2009 - 07:12 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 encyclogames

encyclogames
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Qatar
  • Local time:08:55 AM

Posted 19 January 2009 - 12:39 AM

Here are all the logs u asked for:

1.MBAM log:

Malwarebytes' Anti-Malware 1.33
Database version: 1666
Windows 5.1.2600 Service Pack 3

1/19/2009 8:19:02 AM
mbam-log-2009-01-19 (08-19-02).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 141671
Time elapsed: 55 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by encyclogames, 19 January 2009 - 12:45 AM.


#4 encyclogames

encyclogames
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Qatar
  • Local time:08:55 AM

Posted 19 January 2009 - 12:44 AM

2.The other log of RSIT:

Logfile of random's system information tool 1.05 (written by random/random)
Run by new at 2009-01-19 08:22:31
Microsoft Windows XP Professional Service Pack 3
System drive C: has 9 GB (23%) free of 38 GB
Total RAM: 1013 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:47 AM, on 1/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Utilities\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\new\Desktop\RSIT.exe
C:\Utilities\Trend Micro\HijackThis\new.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1561552
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Utilities\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [explorcr] C:\WINDOWS\system32\explorcr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Avro Keyboard] E:\antor\Avro Keyboard\Avro Keyboard.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Utilities\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - E:\antor\Ares\chatServer.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Diskeeper - Diskeeper® Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8303 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-01-08 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-03 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVGTOOLBAR - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-08 1968920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
Hotspot Shield Toolbar - C:\Program Files\Hotspot_Shield\tbHot1.dll [2008-12-25 1784856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-03 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-03 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
Hotspot Shield Class - C:\Program Files\Hotspot Shield\hssie\HssIE.dll [2008-12-25 204248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVGTOOLBAR - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-08 1968920]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]
{c95a4e8e-816d-4655-8c79-d736da1adb6d} - Hotspot Shield Toolbar - C:\Program Files\Hotspot_Shield\tbHot1.dll [2008-12-25 1784856]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2002-12-31 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2002-12-31 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2002-12-31 455168]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-11 16132608]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-07-11 131072]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-07-11 155648]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-07-11 131072]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-08 1601304]
"DiskeeperSystray"=C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe [2006-02-24 196709]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2008-10-08 111928]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-03 136600]
"QuickTime Task"=C:\Utilities\QuickTime\QTTask.exe [2008-09-06 413696]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"explorcr"=C:\WINDOWS\system32\explorcr.exe [2008-03-22 258605]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-01 153136]
"Avro Keyboard"=E:\antor\Avro Keyboard\Avro Keyboard.exe [2007-07-02 1658880]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-01-08 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-07-11 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\New Folder\flashget.exe"="C:\New Folder\flashget.exe:*:Enabled:Flashget"
"C:\New Folder\Messenger\YahooMessenger.exe"="C:\New Folder\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\New Folder\Messenger\YServer.exe"="C:\New Folder\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\InternationalVoiz\intlfone.exe"="C:\Program Files\InternationalVoiz\intlfone.exe:*:Enabled:mrpcfone Module"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe"="C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe:*:Enabled:JustVoip"
"C:\Grisoft\AVG7\avginet.exe"="C:\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Grisoft\AVG7\avgamsvr.exe"="C:\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Grisoft\AVG7\avgcc.exe"="C:\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Documents and Settings\new\Desktop\utorrent.exe"="C:\Documents and Settings\new\Desktop\utorrent.exe:*:Enabled:utorrent"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Documents and Settings\new\temp\TeamViewer3\TeamViewer.exe"="C:\Documents and Settings\new\temp\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"
"C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"E:\antor\Final Fighter\FinalFighter\FinalFighter.exe"="E:\antor\Final Fighter\FinalFighter\FinalFighter.exe:*:Enabled:FinalFighter"
"E:\antor\EA GAMES\Need for Speed Underground 2\speed2.exe"="E:\antor\EA GAMES\Need for Speed Underground 2\speed2.exe:*:Enabled:speed2"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"E:\antor\Ares\Ares.exe"="E:\antor\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Utilities\Lavasoft\Ad-Aware\Ad-Aware.exe"="C:\Utilities\Lavasoft\Ad-Aware\Ad-Aware.exe:*:Enabled:Ad-Aware"
"C:\Utilities\Trend Micro\HijackThis\HijackThis.exe"="C:\Utilities\Trend Micro\HijackThis\HijackThis.exe:*:Enabled:HijackThis"
"C:\Utilities\Malwarebytes' Anti-Malware\mbam.exe"="C:\Utilities\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"
"C:\Utilities\Lavasoft\Ad-Aware\lsupdatemanager.exe"="C:\Utilities\Lavasoft\Ad-Aware\lsupdatemanager.exe:*:Enabled:Software update"
"C:\Utilities\Spybot - Search & Destroy\SpybotSD.exe"="C:\Utilities\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:Spybot - Search & Destroy"
"C:\Utilities\Spybot - Search & Destroy\SDUpdate.exe"="C:\Utilities\Spybot - Search & Destroy\SDUpdate.exe:*:Enabled:Update Spybot-S&D"
"C:\Utilities\SpywareBlaster\spywareblaster.exe"="C:\Utilities\SpywareBlaster\spywareblaster.exe:*:Enabled:SpywareBlaster"
"E:\antor\Valve\hlds.exe"="E:\antor\Valve\hlds.exe:*:Enabled:HLDS Launcher"
"E:\antor\America's Army\System\ArmyOps.exe"="E:\antor\America's Army\System\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\Valve\Condition Zero\czero.exe"="C:\Valve\Condition Zero\czero.exe:*:Enabled:Condition Zero Launcher"
"E:\antor\Halo\halo.exe"="E:\antor\Halo\halo.exe:*:Disabled:Halo"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"E:\antor\Microsoft Games\Halo\halo.exe"="E:\antor\Microsoft Games\Halo\halo.exe:*:Enabled:Halo"
"E:\antor\NFSHP2\NFSHP2.exe"="E:\antor\NFSHP2\NFSHP2.exe:*:Enabled:NFSHP2"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======File associations======

.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 3 months======

2009-01-19 08:22:31 ----D---- C:\rsit
2009-01-14 12:36:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-13 14:31:25 ----RASH---- C:\WINDOWS\system32\explorcr.exe
2009-01-05 14:14:56 ----D---- C:\Program Files\Common Files\xing shared
2009-01-03 14:10:51 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-03 14:10:51 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-03 14:10:51 ----A---- C:\WINDOWS\system32\java.exe
2009-01-03 14:10:51 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-25 07:14:19 ----D---- C:\Program Files\Conduit
2008-12-25 07:14:18 ----D---- C:\Program Files\Hotspot_Shield
2008-12-25 07:13:58 ----D---- C:\Program Files\Hotspot Shield
2008-12-19 21:17:06 ----A---- C:\WINDOWS\system32\lfgif13n.dll
2008-12-19 21:17:01 ----A---- C:\WINDOWS\system32\ltkrn13n.dll
2008-12-19 21:17:01 ----A---- C:\WINDOWS\system32\ltimg13n.dll
2008-12-19 21:17:01 ----A---- C:\WINDOWS\system32\ltfil13n.dll
2008-12-19 21:17:01 ----A---- C:\WINDOWS\system32\ltefx13n.dll
2008-12-19 21:17:01 ----A---- C:\WINDOWS\system32\ltdis13n.dll
2008-12-19 21:17:01 ----A---- C:\WINDOWS\system32\lfcmp13n.dll
2008-12-19 21:17:01 ----A---- C:\WINDOWS\system32\lfbmp13n.dll
2008-12-10 12:37:01 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 12:36:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 12:35:56 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 12:33:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-06 09:58:20 ----D---- C:\Valve
2008-12-06 07:55:09 ----D---- C:\Program Files\GameSpy Arcade
2008-12-03 10:24:55 ----A---- C:\WINDOWS\SETUP32.INI
2008-11-22 09:36:13 ----D---- C:\Documents and Settings\new\Application Data\Juce VST Host
2008-11-21 12:50:18 ----A---- C:\WINDOWS\system32\rewire.dll
2008-11-21 12:49:51 ----D---- C:\Program Files\Image-Line
2008-11-21 12:49:50 ----D---- C:\Program Files\Outsim
2008-11-12 01:02:33 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 01:02:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 01:02:08 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-03 15:44:07 ----A---- C:\WINDOWS\system32\WING32.DLL
2008-11-03 15:43:41 ----RA---- C:\WINDOWS\QTW16DEL.EXE
2008-11-03 15:43:39 ----RA---- C:\WINDOWS\QTINSTAL.EXE
2008-11-03 15:43:13 ----A---- C:\WINDOWS\qtw.ini
2008-11-01 11:17:21 ----D---- C:\Program Files\SweetIM
2008-11-01 11:17:21 ----D---- C:\Documents and Settings\All Users\Application Data\SweetIM
2008-10-31 11:26:54 ----D---- C:\Program Files\Common Files\Apple
2008-10-23 23:39:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

======List of files/folders modified in the last 3 months======

2009-01-19 08:22:20 ----D---- C:\WINDOWS\Prefetch
2009-01-19 08:20:54 ----D---- C:\WINDOWS\Temp
2009-01-19 08:20:16 ----D---- C:\Program Files\Mozilla Firefox
2009-01-19 07:20:40 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-19 07:20:32 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-18 23:32:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-18 23:32:09 ----SHD---- C:\Config.Msi
2009-01-18 23:32:09 ----RSD---- C:\WINDOWS\assembly
2009-01-18 23:31:59 ----SHD---- C:\WINDOWS\Installer
2009-01-18 22:55:41 ----D---- C:\WINDOWS
2009-01-18 15:13:30 ----D---- C:\Documents and Settings\new\Application Data\uTorrent
2009-01-16 21:30:10 ----D---- C:\WINDOWS\system32\drivers
2009-01-16 14:22:59 ----HD---- C:\$AVG8.VAULT$
2009-01-16 11:46:48 ----A---- C:\WINDOWS\NeroDigital.ini
2009-01-15 20:50:30 ----D---- C:\WINDOWS\Minidump
2009-01-15 19:07:50 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-15 12:46:18 ----D---- C:\WINDOWS\Debug
2009-01-14 12:36:13 ----HD---- C:\WINDOWS\inf
2009-01-14 12:36:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-14 12:36:08 ----D---- C:\WINDOWS\system32

2009-01-14 12:35:45 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-11 12:47:22 ----SH---- C:\boot.ini
2009-01-11 12:47:22 ----A---- C:\WINDOWS\win.ini
2009-01-11 12:47:22 ----A---- C:\WINDOWS\system.ini
2009-01-11 12:45:35 ----D---- C:\WINDOWS\Help
2009-01-10 13:39:29 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-01-09 17:35:30 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-08 18:49:52 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-01-07 20:20:43 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2009-01-05 14:14:56 ----D---- C:\Program Files\Common Files
2009-01-05 14:14:50 ----D---- C:\Program Files\Common Files\Real
2009-01-05 14:14:44 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-01-05 14:14:34 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-01-05 14:14:34 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-01-05 14:14:31 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-01-05 14:14:31 ----A---- C:\WINDOWS\system32\msvcr71.dll
2009-01-05 14:14:31 ----A---- C:\WINDOWS\system32\msvcp71.dll
2009-01-03 14:10:30 ----D---- C:\Program Files\Java
2008-12-27 13:42:01 ----D---- C:\Installers
2008-12-25 07:14:19 ----RD---- C:\Program Files
2008-12-19 21:55:26 ----SD---- C:\WINDOWS\Tasks
2008-12-19 21:14:17 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-13 09:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 19:57:49 ----A---- C:\WINDOWS\cdplayer.ini
2008-12-10 22:32:33 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-12-10 22:32:26 ----D---- C:\Program Files\Adobe
2008-12-10 12:36:45 ----D---- C:\Program Files\Internet Explorer
2008-12-06 07:29:34 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-12 01:01:47 ----D---- C:\WINDOWS\WinSxS
2008-11-07 12:51:55 ----D---- C:\Documents and Settings
2008-11-04 21:11:51 ----D---- C:\WINDOWS\system
2008-11-02 22:52:54 ----D---- C:\Program Files\Diskeeper Corporation
2008-10-31 11:26:50 ----D---- C:\Utilities
2008-10-31 11:26:47 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-29 23:05:16 ----D---- C:\WINDOWS\network diagnostic
2008-10-28 15:22:10 ----D---- C:\Documents and Settings\new\Application Data\Apple Computer
2008-10-23 22:34:25 ----D---- C:\Documents and Settings\new\Application Data\Nokia
2008-10-23 15:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 13:06:59 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-21 14:26:01 ----D---- C:\Program Files\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-01-16 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-01-08 27656]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-01-08 107272]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-03-14 46652]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-07-11 5700096]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-11 4424192]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-07-11 90880]
R3 tapvpn;TAP VPN Adapter; C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-24 27136]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 a6r4tqd4;a6r4tqd4; C:\WINDOWS\system32\drivers\a6r4tqd4.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S3 YapLoad;Y@pPhone; C:\WINDOWS\system32\DRIVERS\YapLoad.sys [2000-09-26 19656]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Utilities\Lavasoft\Ad-Aware\aawservice.exe [2008-07-09 611664]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-01-08 298264]
R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2006-03-09 630905]
R2 HotspotShieldService;Hotspot Shield Service; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2008-11-25 88024]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-03 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 AresChatServer;Ares Chatroom server; E:\antor\Ares\chatServer.exe [2007-03-20 263168]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-05-03 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]

-----------------EOF-----------------

Edited by encyclogames, 19 January 2009 - 12:48 AM.


#5 encyclogames

encyclogames
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Qatar
  • Local time:08:55 AM

Posted 19 January 2009 - 12:45 AM

3.The info log of RSIT:

info.txt logfile of random's system information tool 1.05 2009-01-19 08:22:49

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57-->"C:\Utilities\7-Zip\Uninstall.exe"
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Ares 2.0.9-->"E:\antor\Ares\uninstall.exe"
Audacity 1.3.4 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
AutoCAD 2006 - English-->MsiExec.exe /I{5783F2D7-4001-0409-0002-0060B0CE6BBA}
AutoCAD 2007 - English-->MsiExec.exe /I{5783F2D7-5001-0409-0002-0060B0CE6BBA}
AutoCAD 2008 - English-->C:\Program Files\AutoCAD 2008\Setup\Setup.exe /P {5783F2D7-6001-0409-0002-0060B0CE6BBA} /M ACAD
AutoCAD 2009 - English-->C:\Program Files\AutoCAD 2009\Setup\Setup.exe /P {5783F2D7-7001-0409-0002-0060B0CE6BBA} /M ACAD
Autodesk DWF Viewer 7-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
AVG 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Avro Keyboard 4.5.1-->"E:\antor\Avro Keyboard\unins000.exe"
AVS Video Converter 4.3.1.371-->"E:\antor\AVSMedia\VideoConverter4\unins000.exe"
CCleaner (remove only)-->"C:\Utilities\CCleaner\uninst.exe"
Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe
Counter-Strike 1.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13B792AA-C078-43A4-8A3A-8B12D629940D}\Setup.exe" -l0x19
Diskeeper Home Edition-->MsiExec.exe /X{0C38EB05-3259-4DD3-9663-74A60C80BA4E}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
FL Studio 8-->E:\antor\Image-Line\FL Studio 8\uninstall.exe
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Utilities\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotspot Shield 1.10-->C:\Program Files\Hotspot Shield\Uninstall.exe
Hotspot_Shield Toolbar-->C:\PROGRA~1\HOTSPO~2\UNWISE.EXE C:\PROGRA~1\HOTSPO~2\INSTALL.LOG
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
InternationalVoiz-->"C:\Program Files\InternationalVoiz\Uninstall.exe" "C:\Program Files\InternationalVoiz\install.log"
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JustVoip-->"C:\Program Files\JustVoip.com\JustVoip\unins000.exe"
Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Malwarebytes' Anti-Malware-->"C:\Utilities\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Halo-->"E:\antor\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Essentials-->MsiExec.exe /X{66EBD70F-A42C-475F-AEDF-277378151033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}
Nokia Flashing Cable Driver-->MsiExec.exe /X{2A0A6470-FD0F-4F45-9B11-85F3167DB943}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\Nokia_PC_Suite_rel_7_0_8_2_eng_web.exe
Nokia PC Suite-->MsiExec.exe /I{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}
Nokia Software Updater-->MsiExec.exe /X{48110A46-A3A4-481E-8230-7873B7F4C696}
Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F}
PC Connectivity Solution-->MsiExec.exe /I{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}
PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Recuva (remove only)-->"C:\Program Files\Recuva\uninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy-->"C:\Utilities\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1-->"C:\Utilities\SpywareBlaster\unins000.exe"
SuperTux 0.1.3-->E:\antor\SuperTux\unins000.exe
SweetIM for Messenger 2.6-->MsiExec.exe /X{5549C19D-46FE-4975-AD54-5B37E87FF6E2}
SweetIM Toolbar for Internet Explorer 3.3-->MsiExec.exe /X{266C7330-C0F4-49E5-8F20-A56F9F822875}
Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Driver Package - Nokia Modem (05/22/2008 3.8)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_6F90B0F4A73A2F780A1010B5D6CB5DDFB098181E\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_E68D50F7E25BFE399D47C864C3B52557346242A9\nokbtmdm.inf
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

=====HijackThis Backups=====

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

======Hosts File======

66.98.148.65 auto.search.msn.com
66.98.148.65 auto.search.msn.es
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com

======Security center information======

AV: AVG Anti-Virus

System event log

Computer Name: HOME-01CB56172A
Event Code: 7036
Message: The Remote Access Connection Manager service entered the running state.

Record Number: 1428
Source Name: Service Control Manager
Time Written: 20081229085255.000000+180
Event Type: information
User:

Computer Name: HOME-01CB56172A
Event Code: 7036
Message: The Application Layer Gateway Service service entered the running state.

Record Number: 1427
Source Name: Service Control Manager
Time Written: 20081229085251.000000+180
Event Type: information
User:

Computer Name: HOME-01CB56172A
Event Code: 7035
Message: The Application Layer Gateway Service service was successfully sent a start control.

Record Number: 1426
Source Name: Service Control Manager
Time Written: 20081229085251.000000+180
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: HOME-01CB56172A
Event Code: 7036
Message: The SSDP Discovery Service service entered the running state.

Record Number: 1425
Source Name: Service Control Manager
Time Written: 20081229085250.000000+180
Event Type: information
User:

Computer Name: HOME-01CB56172A
Event Code: 7036
Message: The Network Location Awareness (NLA) service entered the running state.

Record Number: 1424
Source Name: Service Control Manager
Time Written: 20081229085250.000000+180
Event Type: information
User:

Application event log

Computer Name: HOME-01CB56172A
Event Code: 1000
Message: Faulting application recordingmanager.exe, version 1.0.1.45, faulting module user32.dll, version 5.1.2600.3099, fault address 0x0001463f.

Record Number: 796
Source Name: Application Error
Time Written: 20080410220924.000000+180
Event Type: error
User:

Computer Name: HOME-01CB56172A
Event Code: 28
Message: The Diskeeper analysis has stopped for drive
Entertainment (E:)

Record Number: 795
Source Name: Diskeeper
Time Written: 20090310220155.000000+180
Event Type: information
User:

Computer Name: HOME-01CB56172A
Event Code: 7
Message: The Diskeeper Engine has started for drive: Entertainment (E:)

Record Number: 794
Source Name: Diskeeper
Time Written: 20090310220155.000000+180
Event Type: information
User:

Computer Name: HOME-01CB56172A
Event Code: 28
Message: The Diskeeper analysis has stopped for drive
System (C:)

Record Number: 793
Source Name: Diskeeper
Time Written: 20090310220155.000000+180
Event Type: information
User:

Computer Name: HOME-01CB56172A
Event Code: 7
Message: The Diskeeper Engine has started for drive: System (C:)

Record Number: 792
Source Name: Diskeeper
Time Written: 20090310220153.000000+180
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Autodesk Shared\;C:\Utilities\QuickTime\QTSystem\;C:\Program Files\Diskeeper Corporation\Diskeeper\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

Edited by encyclogames, 19 January 2009 - 12:47 AM.


#6 encyclogames

encyclogames
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Qatar
  • Local time:08:55 AM

Posted 19 January 2009 - 12:47 AM

4.The gmer log is attached here

Attached Files



#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 20 January 2009 - 07:07 AM

IMPORTANT!! Uninstall these programs first (if present..) so that they won't interfere with our fixes..

1. Ask Toolbar
2. Lavasoft Ad-Aware
3. Spybot - Search & Destroy
4. Viewpoint (all of them..)




Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1561552
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [explorcr] C:\WINDOWS\system32\explorcr.exe


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.




NEXT


Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :files
    C:\WINDOWS\system32\explorcr.exe
    
    :reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "explorcr"=-
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT again... Post these logs in your next reply..

1. OTMoveIt3
2. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 encyclogames

encyclogames
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Qatar
  • Local time:08:55 AM

Posted 21 January 2009 - 11:29 PM

Everything done as u told and i do feel the worm has been removed from my pc.By the way here are the logs:

1.RSIT log:
Logfile of random's system information tool 1.05 (written by random/random)
Run by new at 2009-01-12 07:25:44
Microsoft Windows XP Professional Service Pack 3
System drive C: has 9 GB (24%) free of 38 GB
Total RAM: 1013 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:59 AM, on 1/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\new\Desktop\utorrent.exe
C:\Utilities\RSIT.exe
C:\Utilities\Trend Micro\HijackThis\new.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Utilities\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Avro Keyboard] E:\antor\Avro Keyboard\Avro Keyboard.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - E:\antor\Ares\chatServer.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Diskeeper - Diskeeper® Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7815 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-01-08 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-03 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVGTOOLBAR - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-08 1968920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
Hotspot Shield Toolbar - C:\Program Files\Hotspot_Shield\tbHot1.dll [2008-12-25 1784856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-03 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-03 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
Hotspot Shield Class - C:\Program Files\Hotspot Shield\hssie\HssIE.dll [2008-12-25 204248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVGTOOLBAR - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-08 1968920]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]
{c95a4e8e-816d-4655-8c79-d736da1adb6d} - Hotspot Shield Toolbar - C:\Program Files\Hotspot_Shield\tbHot1.dll [2008-12-25 1784856]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2002-12-31 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2002-12-31 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2002-12-31 455168]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-11 16132608]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-07-11 131072]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-07-11 155648]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-07-11 131072]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-08 1601304]
"DiskeeperSystray"=C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe [2006-02-24 196709]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2008-10-08 111928]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-03 136600]
"QuickTime Task"=C:\Utilities\QuickTime\QTTask.exe [2008-09-06 413696]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-02 3739648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-01 153136]
"Avro Keyboard"=E:\antor\Avro Keyboard\Avro Keyboard.exe [2007-07-02 1658880]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-01-08 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-07-11 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\New Folder\flashget.exe"="C:\New Folder\flashget.exe:*:Enabled:Flashget"
"C:\New Folder\Messenger\YahooMessenger.exe"="C:\New Folder\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\New Folder\Messenger\YServer.exe"="C:\New Folder\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\InternationalVoiz\intlfone.exe"="C:\Program Files\InternationalVoiz\intlfone.exe:*:Enabled:mrpcfone Module"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe"="C:\Program Files\JustVoip.com\JustVoip\JustVoip.exe:*:Enabled:JustVoip"
"C:\Grisoft\AVG7\avginet.exe"="C:\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Grisoft\AVG7\avgamsvr.exe"="C:\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Grisoft\AVG7\avgcc.exe"="C:\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Documents and Settings\new\Desktop\utorrent.exe"="C:\Documents and Settings\new\Desktop\utorrent.exe:*:Enabled:utorrent"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Documents and Settings\new\temp\TeamViewer3\TeamViewer.exe"="C:\Documents and Settings\new\temp\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"
"C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"E:\antor\Final Fighter\FinalFighter\FinalFighter.exe"="E:\antor\Final Fighter\FinalFighter\FinalFighter.exe:*:Enabled:FinalFighter"
"E:\antor\EA GAMES\Need for Speed Underground 2\speed2.exe"="E:\antor\EA GAMES\Need for Speed Underground 2\speed2.exe:*:Enabled:speed2"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"E:\antor\Ares\Ares.exe"="E:\antor\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Utilities\Lavasoft\Ad-Aware\Ad-Aware.exe"="C:\Utilities\Lavasoft\Ad-Aware\Ad-Aware.exe:*:Enabled:Ad-Aware"
"C:\Utilities\Trend Micro\HijackThis\HijackThis.exe"="C:\Utilities\Trend Micro\HijackThis\HijackThis.exe:*:Enabled:HijackThis"
"C:\Utilities\Malwarebytes' Anti-Malware\mbam.exe"="C:\Utilities\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"
"C:\Utilities\Lavasoft\Ad-Aware\lsupdatemanager.exe"="C:\Utilities\Lavasoft\Ad-Aware\lsupdatemanager.exe:*:Enabled:Software update"
"C:\Utilities\Spybot - Search & Destroy\SpybotSD.exe"="C:\Utilities\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:Spybot - Search & Destroy"
"C:\Utilities\Spybot - Search & Destroy\SDUpdate.exe"="C:\Utilities\Spybot - Search & Destroy\SDUpdate.exe:*:Enabled:Update Spybot-S&D"
"C:\Utilities\SpywareBlaster\spywareblaster.exe"="C:\Utilities\SpywareBlaster\spywareblaster.exe:*:Enabled:SpywareBlaster"
"E:\antor\Valve\hlds.exe"="E:\antor\Valve\hlds.exe:*:Enabled:HLDS Launcher"
"E:\antor\America's Army\System\ArmyOps.exe"="E:\antor\America's Army\System\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\Valve\Condition Zero\czero.exe"="C:\Valve\Condition Zero\czero.exe:*:Enabled:Condition Zero Launcher"
"E:\antor\Halo\halo.exe"="E:\antor\Halo\halo.exe:*:Disabled:Halo"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"E:\antor\Microsoft Games\Halo\halo.exe"="E:\antor\Microsoft Games\Halo\halo.exe:*:Enabled:Halo"
"E:\antor\NFSHP2\NFSHP2.exe"="E:\antor\NFSHP2\NFSHP2.exe:*:Enabled:NFSHP2"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======File associations======

.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 3 months======

2009-01-19 08:24:27 ----A---- C:\WINDOWS\gmer.ini
2009-01-19 08:24:25 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-01-19 08:24:25 ----A---- C:\WINDOWS\gmer.exe
2009-01-19 08:24:25 ----A---- C:\WINDOWS\gmer.dll
2009-01-19 08:22:31 ----D---- C:\rsit
2009-01-14 12:36:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-12 07:20:19 ----D---- C:\_OTMoveIt
2009-01-05 14:14:56 ----D---- C:\Program Files\Common Files\xing shared
2009-01-03 14:10:51 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-03 14:10:51 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-03 14:10:51 ----A---- C:\WINDOWS\system32\java.exe
2009-01-03 14:10:51 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-25 07:14:19 ----D---- C:\Program Files\Conduit
2008-12-25 07:14:18 ----D---- C:\Program Files\Hotspot_Shield
2008-12-25 07:13:58 ----D---- C:\Program Files\Hotspot Shield
2008-12-19 21:17:06 ----A---- C:\WINDOWS\system32\lfgif13n.dll
2008-12-19 21:17:01 ----A---- C:\WINDOWS\system32\ltkrn13n.dll
2008-12-19 21:17:01 ----A---- C:\WINDOWS\system32\ltimg13n.dll
2008-12-19 21:17:01 ----A---- C:\WINDOWS\system32\ltfil13n.dll
2008-12-19 21:17:01 ----A---- C:\WINDOWS\system32\ltefx13n.dll
2008-12-19 21:17:01 ----A---- C:\WINDOWS\system32\ltdis13n.dll
2008-12-19 21:17:01 ----A---- C:\WINDOWS\system32\lfcmp13n.dll
2008-12-19 21:17:01 ----A---- C:\WINDOWS\system32\lfbmp13n.dll
2008-12-10 12:37:01 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 12:36:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 12:35:56 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 12:33:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-06 09:58:20 ----D---- C:\Valve
2008-12-06 07:55:09 ----D---- C:\Program Files\GameSpy Arcade
2008-12-03 10:24:55 ----A---- C:\WINDOWS\SETUP32.INI
2008-11-22 09:36:13 ----D---- C:\Documents and Settings\new\Application Data\Juce VST Host
2008-11-21 12:50:18 ----A---- C:\WINDOWS\system32\rewire.dll
2008-11-21 12:49:51 ----D---- C:\Program Files\Image-Line
2008-11-21 12:49:50 ----D---- C:\Program Files\Outsim
2008-11-12 01:02:33 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 01:02:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 01:02:08 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-03 15:44:07 ----A---- C:\WINDOWS\system32\WING32.DLL
2008-11-03 15:43:41 ----RA---- C:\WINDOWS\QTW16DEL.EXE
2008-11-03 15:43:39 ----RA---- C:\WINDOWS\QTINSTAL.EXE
2008-11-03 15:43:13 ----A---- C:\WINDOWS\qtw.ini
2008-11-01 11:17:21 ----D---- C:\Program Files\SweetIM
2008-11-01 11:17:21 ----D---- C:\Documents and Settings\All Users\Application Data\SweetIM
2008-10-31 11:26:54 ----D---- C:\Program Files\Common Files\Apple
2008-10-23 23:39:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-16 16:10:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 16:10:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 16:10:48 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 16:10:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 16:10:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

======List of files/folders modified in the last 3 months======

2009-01-19 07:20:32 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-16 14:22:59 ----HD---- C:\$AVG8.VAULT$
2009-01-15 20:50:30 ----D---- C:\WINDOWS\Minidump
2009-01-15 19:07:50 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-15 12:46:18 ----D---- C:\WINDOWS\Debug
2009-01-14 12:36:13 ----HD---- C:\WINDOWS\inf
2009-01-14 12:36:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-14 12:35:45 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-12 07:25:29 ----D---- C:\WINDOWS\Prefetch
2009-01-12 07:25:13 ----D---- C:\Utilities
2009-01-12 07:24:33 ----D---- C:\WINDOWS\Temp
2009-01-12 07:24:23 ----D---- C:\Documents and Settings\new\Application Data\uTorrent
2009-01-12 07:23:58 ----D---- C:\Program Files\Mozilla Firefox
2009-01-12 07:20:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-12 07:20:19 ----D---- C:\WINDOWS\system32
2009-01-12 07:14:08 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-12 07:13:47 ----SHD---- C:\WINDOWS\Installer
2009-01-12 07:13:47 ----D---- C:\WINDOWS
2009-01-12 07:13:47 ----D---- C:\Program Files\Common Files
2009-01-12 07:13:46 ----SHD---- C:\Config.Msi
2009-01-12 07:13:43 ----D---- C:\WINDOWS\system32\drivers
2009-01-11 23:26:14 ----RSD---- C:\WINDOWS\assembly
2009-01-11 21:40:01 ----SD---- C:\Documents and Settings\new\Application Data\Microsoft
2009-01-11 12:47:22 ----SH---- C:\boot.ini
2009-01-11 12:47:22 ----A---- C:\WINDOWS\win.ini
2009-01-11 12:47:22 ----A---- C:\WINDOWS\system.ini
2009-01-11 12:45:35 ----D---- C:\WINDOWS\Help
2009-01-10 23:09:20 ----D---- C:\Program Files\DivX
2009-01-10 23:07:32 ----D---- C:\Program Files\Common Files\Autodesk Shared
2009-01-10 23:07:32 ----D---- C:\Program Files\AutoCAD 2009
2009-01-10 23:07:23 ----RSD---- C:\WINDOWS\Fonts
2009-01-10 13:39:29 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-01-10 11:29:09 ----A---- C:\WINDOWS\NeroDigital.ini
2009-01-09 17:35:30 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-08 18:49:52 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-01-07 20:20:43 ----D---- C:\Documents and Settings\All Users\Application Data\Avg8
2009-01-05 14:14:50 ----D---- C:\Program Files\Common Files\Real
2009-01-05 14:14:44 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-01-05 14:14:34 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-01-05 14:14:34 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-01-05 14:14:31 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-01-05 14:14:31 ----A---- C:\WINDOWS\system32\msvcr71.dll
2009-01-05 14:14:31 ----A---- C:\WINDOWS\system32\msvcp71.dll
2009-01-03 14:10:30 ----D---- C:\Program Files\Java
2008-12-27 13:42:01 ----D---- C:\Installers
2008-12-25 07:14:19 ----RD---- C:\Program Files
2008-12-19 21:55:26 ----SD---- C:\WINDOWS\Tasks
2008-12-19 21:14:17 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-13 09:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 19:57:49 ----A---- C:\WINDOWS\cdplayer.ini
2008-12-10 22:32:33 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-12-10 22:32:26 ----D---- C:\Program Files\Adobe
2008-12-10 12:36:45 ----D---- C:\Program Files\Internet Explorer
2008-12-06 07:29:34 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-12 01:01:47 ----D---- C:\WINDOWS\WinSxS
2008-11-07 12:51:55 ----D---- C:\Documents and Settings
2008-11-04 21:11:51 ----D---- C:\WINDOWS\system
2008-11-02 22:52:54 ----D---- C:\Program Files\Diskeeper Corporation
2008-10-31 11:26:47 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-29 23:05:16 ----D---- C:\WINDOWS\network diagnostic
2008-10-28 15:22:10 ----D---- C:\Documents and Settings\new\Application Data\Apple Computer
2008-10-23 22:34:25 ----D---- C:\Documents and Settings\new\Application Data\Nokia
2008-10-23 15:36:14 ----A---- C:\WINDOWS\system32\gdi32.dll
2008-10-23 13:06:59 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-21 14:26:01 ----D---- C:\Program Files\Microsoft Silverlight
2008-10-18 08:21:15 ----D---- C:\Documents and Settings\new\Application Data\Audacity
2008-10-16 23:38:40 ----A---- C:\WINDOWS\system32\wininet.dll
2008-10-16 23:38:39 ----N---- C:\WINDOWS\system32\pngfilt.dll
2008-10-16 23:38:39 ----N---- C:\WINDOWS\system32\occache.dll
2008-10-16 23:38:39 ----N---- C:\WINDOWS\system32\mstime.dll
2008-10-16 23:38:39 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-10-16 23:38:39 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-10-16 23:38:39 ----A---- C:\WINDOWS\system32\url.dll
2008-10-16 23:38:38 ----N---- C:\WINDOWS\system32\msrating.dll
2008-10-16 23:38:38 ----N---- C:\WINDOWS\system32\mshtmled.dll
2008-10-16 23:38:37 ----N---- C:\WINDOWS\system32\jsproxy.dll
2008-10-16 23:38:37 ----N---- C:\WINDOWS\system32\iernonce.dll
2008-10-16 23:38:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-10-16 23:38:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-10-16 23:38:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-10-16 23:38:37 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-10-16 23:38:35 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2008-10-16 23:38:35 ----N---- C:\WINDOWS\system32\ieaksie.dll
2008-10-16 23:38:35 ----N---- C:\WINDOWS\system32\ieakeng.dll
2008-10-16 23:38:35 ----N---- C:\WINDOWS\system32\extmgr.dll
2008-10-16 23:38:35 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-10-16 23:38:35 ----A---- C:\WINDOWS\system32\icardie.dll
2008-10-16 23:38:34 ----N---- C:\WINDOWS\system32\dxtrans.dll
2008-10-16 23:38:34 ----N---- C:\WINDOWS\system32\dxtmsft.dll
2008-10-16 23:38:34 ----A---- C:\WINDOWS\system32\advpack.dll
2008-10-16 16:11:09 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2008-10-16 16:11:09 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-10-15 19:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 10:04:53 ----N---- C:\WINDOWS\system32\ieakui.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-01-16 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-01-08 27656]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-01-08 107272]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-03-14 46652]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-07-11 5700096]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-11 4424192]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-07-11 90880]
R3 tapvpn;TAP VPN Adapter; C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-24 27136]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 aby02m4m;aby02m4m; C:\WINDOWS\system32\drivers\aby02m4m.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-19 85969]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S3 YapLoad;Y@pPhone; C:\WINDOWS\system32\DRIVERS\YapLoad.sys [2000-09-26 19656]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-01-08 298264]
R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2006-03-09 630905]
R2 HotspotShieldService;Hotspot Shield Service; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2008-11-25 88024]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-03 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 AresChatServer;Ares Chatroom server; E:\antor\Ares\chatServer.exe [2007-03-20 263168]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-05-03 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]

-----------------EOF-----------------

OTMove it log:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\WINDOWS\system32\explorcr.exe moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\explorcr not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\new\LOCALS~1\Temp\etilqs_Jg3ins84pPa7eqWfKZbb scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\new\LOCALS~1\Temp\Perflib_Perfdata_7a4.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\02bb705f-5c3a-4d84-bee0-7b57a8386ade.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\07978da9-8ea0-48d9-8c3f-f5d26b824ab6.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\1b5c03bc-b2dd-4233-932d-9b4c79a8aae5.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\1f52319f-e265-4383-8745-9f042ba78e32.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\2344f5d1-e36b-4d28-816c-f4f1b00152bf.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\2cea9f64-5dc7-47d1-b798-ea0188bd2b6c.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\31305fb7-b4a1-4a22-a284-ea058099e2b8.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\50b87454-ab32-4624-886f-f07ed730a6b4.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\6990b98e-90ba-40f1-9f9f-32af083fc8d0.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\83b9a527-00c6-4594-a073-ca45813495f3.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\aa034a73-2bd8-48c0-aae9-25b4716d93c6.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\b457cff0-dd58-4fa4-a981-31a7a6b3e201.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\dce72f0f-72b1-43a2-a51a-2cd47439aa07.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\e914cf5b-2c48-4db5-b52a-1b477ca500dc.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ebfefeca-af0e-4b8d-b9bd-066066044895.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\f63aff2e-9923-44c1-afb6-1ca648564074.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\fb72ccac-b165-456f-af55-67954f032f04.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_264.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_f8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\new\Local Settings\Application Data\Mozilla\Firefox\Profiles\j0u9ua05.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\new\Local Settings\Application Data\Mozilla\Firefox\Profiles\j0u9ua05.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\new\Local Settings\Application Data\Mozilla\Firefox\Profiles\j0u9ua05.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\new\Local Settings\Application Data\Mozilla\Firefox\Profiles\j0u9ua05.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\new\Local Settings\Application Data\Mozilla\Firefox\Profiles\j0u9ua05.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\new\Local Settings\Application Data\Mozilla\Firefox\Profiles\j0u9ua05.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01122009_072019

Files moved on Reboot...
File C:\DOCUME~1\new\LOCALS~1\Temp\etilqs_Jg3ins84pPa7eqWfKZbb not found!
File C:\DOCUME~1\new\LOCALS~1\Temp\Perflib_Perfdata_7a4.dat not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
C:\WINDOWS\temp\02bb705f-5c3a-4d84-bee0-7b57a8386ade.tmp moved successfully.
C:\WINDOWS\temp\07978da9-8ea0-48d9-8c3f-f5d26b824ab6.tmp moved successfully.
C:\WINDOWS\temp\1b5c03bc-b2dd-4233-932d-9b4c79a8aae5.tmp moved successfully.
C:\WINDOWS\temp\1f52319f-e265-4383-8745-9f042ba78e32.tmp moved successfully.
C:\WINDOWS\temp\2344f5d1-e36b-4d28-816c-f4f1b00152bf.tmp moved successfully.
C:\WINDOWS\temp\2cea9f64-5dc7-47d1-b798-ea0188bd2b6c.tmp moved successfully.
C:\WINDOWS\temp\31305fb7-b4a1-4a22-a284-ea058099e2b8.tmp moved successfully.
C:\WINDOWS\temp\50b87454-ab32-4624-886f-f07ed730a6b4.tmp moved successfully.
C:\WINDOWS\temp\6990b98e-90ba-40f1-9f9f-32af083fc8d0.tmp moved successfully.
C:\WINDOWS\temp\83b9a527-00c6-4594-a073-ca45813495f3.tmp moved successfully.
C:\WINDOWS\temp\aa034a73-2bd8-48c0-aae9-25b4716d93c6.tmp moved successfully.
C:\WINDOWS\temp\b457cff0-dd58-4fa4-a981-31a7a6b3e201.tmp moved successfully.
C:\WINDOWS\temp\dce72f0f-72b1-43a2-a51a-2cd47439aa07.tmp moved successfully.
C:\WINDOWS\temp\e914cf5b-2c48-4db5-b52a-1b477ca500dc.tmp moved successfully.
C:\WINDOWS\temp\ebfefeca-af0e-4b8d-b9bd-066066044895.tmp moved successfully.
C:\WINDOWS\temp\f63aff2e-9923-44c1-afb6-1ca648564074.tmp moved successfully.
C:\WINDOWS\temp\fb72ccac-b165-456f-af55-67954f032f04.tmp moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_264.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_f8.dat moved successfully.
C:\Documents and Settings\new\Local Settings\Application Data\Mozilla\Firefox\Profiles\j0u9ua05.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\new\Local Settings\Application Data\Mozilla\Firefox\Profiles\j0u9ua05.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\new\Local Settings\Application Data\Mozilla\Firefox\Profiles\j0u9ua05.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\new\Local Settings\Application Data\Mozilla\Firefox\Profiles\j0u9ua05.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\new\Local Settings\Application Data\Mozilla\Firefox\Profiles\j0u9ua05.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\new\Local Settings\Application Data\Mozilla\Firefox\Profiles\j0u9ua05.default\XUL.mfl moved successfully.

Edited by encyclogames, 21 January 2009 - 11:31 PM.


#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 22 January 2009 - 04:02 AM

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 encyclogames

encyclogames
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Qatar
  • Local time:08:55 AM

Posted 22 January 2009 - 03:16 PM

Thanx alot . My pc seems a lot better and heres the Eset log:

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3790 (20090122)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=aee6842cae4c984790b73658b30b233b
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-01-12 08:11:38
# local_time=2009-01-12 11:11:38 (+0300, Arab Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=373705
# found=3
# scan_time=2667
C:\Documents and Settings\new\My Documents\CyberLink\Installers.exe Win32/Autoit.CA worm (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\autorun.inf Win32/Autoit.CA worm (unable to clean - deleted) 00000000000000000000000000000000
C:\_OTMoveIt\MovedFiles\01122009_072019\WINDOWS\system32\explorcr.exe Win32/Autoit.CA worm (unable to clean - deleted) 00000000000000000000000000000000

P.S-i do hope u ask me to reinstall ad-aware and spybot or maybe any other program of your recommendation
Thnx a lot again

-Encyclogames aka E.G

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:55 PM

Posted 23 January 2009 - 06:11 AM

P.S-i do hope u ask me to reinstall ad-aware and spybot or maybe any other program of your recommendation


Yup.. you can re-install both programs now.. The sole reason I asked you to uninstall it was just to make sure they won't interfere with the fixes.. That's all :thumbup2:


And I do recommend you to keep Malwarebytes'...


Lets do some cleanup...


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 encyclogames

encyclogames
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Qatar
  • Local time:08:55 AM

Posted 23 January 2009 - 12:09 PM

yup everythings all back to normal and i have reinstalled adaware and spybot.
the computer is back to normal. no strange activities and i'll always have process explorer for checking out any inside processes.
I thank the whole bleeping team(and u too) for helping me out. :thumbup2: :)

Thnx again

-Encyclogames aka E.G




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users