Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need to get rid of this Trojan


  • This topic is locked This topic is locked
14 replies to this topic

#1 Sirenafairy

Sirenafairy

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 24 January 2009 - 07:22 PM

I really need some help on how to get rid of a trojan on my desktop. I've never had to deal with this before and have NO idea what to do. I have AVG and it randomly popped up and told me I have a trojan. I did a scan and the main file that came up was a cogad.exe file. I immediately did a google search and everywhere said this is bad. I tried to delete it but can't. AVG asked if i would like to remove the threat. I clicked 'yes'....nothing. I also tried moving it to the vault. nothing seems to be working. I read around a little and am scared to download anything that will make it worse. I did download Hijack This. I just need some guidance on how to get rid of this now.

Thanks to anyone that can help!! I really dont want to have to reformat my computer and have no idea if that would fix the problem anyways.

anyone? I really don't know what this is. It might not be as bad as some viruses, but I have NO idea what the potential of viruses are in the first place. I just need to get rid of those few files.

It is now 8:26pm and I restarted my comp. I ran AVG to scan the comp again and AVG prompted me saying i have a VUNDO trojan. Also when i looked for the cogad.exe file, it wasn't there anymore. AVG actually did move it to the vault. Does that mean it's fixed? And like i said, it now says I actually have a vundo trojan.... when AVG originally found the cogad file it's description was a trojan installer.

if you need the hijackthis file, here ya go:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:50:54 PM, on 1/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesIntelIntelDHCCUAlertService.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:WINDOWSarservice.exe
C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
C:PROGRA~1AVGAVG8avgwdsvc.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSeHomeehRecvr.exe
C:WINDOWSeHomeehSched.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesIntelIntel Matrix Storage ManagerIaantmon.exe
C:Program FilesAutodesk3ds Max 2009mentalraysatelliteraysat_3dsMax2009_32server.exe
C:Program FilesAutodesk3ds Max 9mentalraysatelliteraysat_3dsmax9_32server.exe
C:PROGRA~1AVGAVG8avgrsx.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesCommon FilesNew BoundaryPrismXLPRISMXL.SYS
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32Tablet.exe
C:Program FilesCompact Wireless-G USB Network Adapter with SpeedBoosterWLService.exe
C:Program FilesCompact Wireless-G USB Network Adapter with SpeedBoosterWUSB54GSC.exe
C:Program FilesIntelIntelDHIntel® Quick Resume Technology DriversElservice.exe
C:Program FilesIntelIntelDHIntel Media ServerMedia ServerbinISSM.exe
C:Program FilesIntelIntelDHIntel Media ServerShellsMCLServiceATL.exe
C:PROGRA~1AVGAVG8avgemc.exe
C:WINDOWSsystem32dllhost.exe
C:WINDOWSsystem32rsvp.exe
C:WINDOWSExplorer.EXE
C:WINDOWSehomeehtray.exe
C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
C:Program FilesDigital Media Readerreadericon45G.exe
C:WINDOWSeHomeehmsas.exe
C:WINDOWSzHotkey.exe
C:Program FilesGoogleGoogle Desktop SearchGoogleDesktopIndex.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesGoogleGoogle Desktop SearchGoogleDesktopDisplay.exe
C:Program FilesIntel Audio StudioIntelAudioStudio.exe
C:Program FilesIntelIntel Matrix Storage ManagerIaanotif.exe
C:Program FilesIntelIntelDHCCUCCU_TrayIcon.exe
C:Program FilesCommon FilesIntelIntelDHNMSSupportIntelHCTAgent.exe
C:WINDOWSARPWRMSG.EXE
C:Program FilesCanonMyPrinterBJMyPrt.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesAdobeAcrobat 8.0AcrobatAcrotray.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.EXE
C:PROGRA~1AVGAVG8avgtray.exe
C:Program FilesIntelIntelDHCCUCCU_Engine.exe
C:Program FilesQuickTimeQTTask.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FilesHPDigital Imagingbinhpqtra08.exe
C:WINDOWSsystem32WtabletTabUserW.exe
C:Program FilesiPodbiniPodService.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesHPDigital ImagingbinhpqSTE08.exe
C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
C:Program FilesATI TechnologiesATI.ACECore-Staticccc.exe
C:Program FilesAdobeAcrobat 8.0AcrobatAcrobat.exe
C:DOCUME~1OWNER~1.ASHLOCALS~1Tempstf1BB.tmp
C:Program FilesAVGAVG8avgui.exe
C:Program FilesAVGAVG8avgscanx.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.gateway.com/g/startpage.html?Ch...P&M=GT5238E
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...P&M=GT5238E
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.gateway.com/g/startpage.html?Ch...P&M=GT5238E
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:Program FilesAdobe/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG8avgssie.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:Program FilesCanonEasy-WebPrintEWPBrowseLoader.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:PROGRA~1AVGAVG8AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:Program FilesHPSmart Web PrintingSmartWebPrinting.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier3.1.807.1746swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:windowssystem32BAE.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:Program FilesCanonEasy-WebPrintToolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:Program FilesAdobe/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:PROGRA~1AVGAVG8AVGTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [Google Desktop Search] "C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe" /startup
O4 - HKLM..Run: [readericon] C:Program FilesDigital Media Readerreadericon45G.exe
O4 - HKLM..Run: [CHotkey] zHotkey.exe
O4 - HKLM..Run: [IgfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [Persistence] C:WINDOWSsystem32igfxpers.exe
O4 - HKLM..Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM..Run: [IntelAudioStudio] "C:Program FilesIntel Audio StudioIntelAudioStudio.exe" TRAY
O4 - HKLM..Run: [Reminder] %WINDIR%CreatorRemind_XP.exe
O4 - HKLM..Run: [Recguard] %WINDIR%SMINSTRECGUARD.EXE
O4 - HKLM..Run: [IAAnotif] C:Program FilesIntelIntel Matrix Storage ManagerIaanotif.exe
O4 - HKLM..Run: [CCUTRAYICON] C:Program FilesIntelIntelDHCCUCCU_TrayIcon.exe
O4 - HKLM..Run: [NMSSupport] "C:Program FilesCommon FilesIntelIntelDHNMSSupportIntelHCTAgent.exe" /startup
O4 - HKLM..Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM..Run: [CanonMyPrinter] C:Program FilesCanonMyPrinterBJMyPrt.exe /logon
O4 - HKLM..Run: [msci] C:DOCUME~1OWNER~1.ASHLOCALS~1Temp200612415812_mcinfo.exe /insfin
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [Acrobat Assistant 8.0] "C:Program FilesAdobeAcrobat 8.0AcrobatAcrotray.exe"
O4 - HKLM..Run: [Adobe_ID0EYTHM] C:PROGRA~1COMMON~1AdobeADOBEV~1ServerbinVERSIO~2.EXE
O4 - HKLM..Run: [StartCCC] "C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe"
O4 - HKLM..Run: [AVG8_TRAY] C:PROGRA~1AVGAVG8avgtray.exe
O4 - HKLM..Run: [AppleSyncNotifier] C:Program FilesCommon FilesAppleMobile Device SupportbinAppleSyncNotifier.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [ATICustomerCare] "C:Program FilesATIATICustomerCareATICustomerCare.exe"
O4 - HKLM..Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKCU..Run: [Power2GoExpress] NA
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [GetModule35] "C:Program FilesGetModuleGetModule35.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe
O4 - Global Startup: TabUserW.exe.lnk = C:WINDOWSsystem32WtabletTabUserW.exe
O8 - Extra context menu item: Append to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:Program FilesCanonEasy-WebPrintToolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:Program FilesCanonEasy-WebPrintToolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:Program FilesCanonEasy-WebPrintToolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:Program FilesCanonEasy-WebPrintToolband.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - file://E:winsetupiaieplay.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG8avgpp.dll
O20 - AppInit_DLLs: C:PROGRA~1GoogleGOOGLE~1GOEC62~1.DLL,avgrsstx.dll C:PROGRA~1GoogleGOOGLE~1GOEC62~1.DLL
O20 - Winlogon Notify: mlJCULBt - C:WINDOWSSYSTEM32mlJCULBt.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:Program FilesCommon FilesAdobeAdobe Version Cue CS3ServerbinVersionCueCS3.exe
O23 - Service: Intel® Alert Service (AlertService) - Intel Corporation - C:Program FilesIntelIntelDHCCUAlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:PROGRA~1AVGAVG8avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:PROGRA~1AVGAVG8avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:Program FilesIntelIntelDHIntel® Quick Resume Technology DriversElservice.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:Program FilesWildTangentAppsGateway Game ConsoleGameConsoleService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:Program FilesIntelIntel Matrix Storage ManagerIaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel Corporation - C:Program FilesIntelIntelDHIntel Media ServerMedia ServerbinISSM.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:Program FilesIntelIntelDHIntel Media ServerMedia Serverbinmediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel Corporation - C:Program FilesIntelIntelDHIntel Media ServerShellsMCLServiceATL.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:Program FilesAutodesk3ds Max 2009mentalraysatelliteraysat_3dsMax2009_32server.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:Program FilesAutodesk3ds Max 9mentalraysatelliteraysat_3dsmax9_32server.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:Program FilesCommon FilesNew BoundaryPrismXLPRISMXL.SYS
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel Corporation - C:Program FilesIntelIntelDHIntel Media ServerShellsRemote UI Service.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:WINDOWSsystem32Tablet.exe
O23 - Service: WUSB54GSCSVC - GEMTEKS - C:Program FilesCompact Wireless-G USB Network Adapter with SpeedBoosterWLService.exe

--
End of file - 14916 bytes

Merge posts. ~ OB

Edited by Sirenafairy, 24 January 2009 - 08:30 PM.


BC AdBot (Login to Remove)

 


#2 Sirenafairy

Sirenafairy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 28 January 2009 - 05:23 PM

Today is the first day I have turned on my computer after my last post. Nothing popped up from AVG, but I did a scan and immediatley it located 2 trojan files (Trojan horse Generic12.BEOS) and a temporary internet file (Trojan horse Agent.AWDD). So my assumptions were correct in that it isn't gone. I'm going to attempt to move these files into the vault.


Sorry for the double post...There is no "edit" option on my first post...

Edited by Sirenafairy, 28 January 2009 - 05:24 PM.


#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:29 AM

Posted 31 January 2009 - 07:38 AM

Hi sirenafairy,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your malware issues.

Please give me a little time to go through your log and I will also let you know that I am a trainee so each stage of the fix will need to be checked by an expert before I post so there may be a slight delay. Don't worry I won't abandon you :thumbup2:
  • Please subscribe to this topic, if you haven't already, and wait for me to get back to you.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes. This can make helping you impossible.
  • Please reply to this post so I know you are there.
Thanks
Posted Image
m0le is a proud member of UNITE

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:29 AM

Posted 02 February 2009 - 07:12 AM

Hi Sirenafairy,

I have not had a reply from you for 2 days.Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#5 Sirenafairy

Sirenafairy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 02 February 2009 - 09:49 AM

I appologize for the delay. I haven't been near a working internet connection. I can send an updated log tonight if need be since some things may have changed over the past week and a half...

But yes, i DO still need help. As I have said, my Anti-virus software has been quarantining any infected files it finds but it keeps finding them so I know the trojan isn't gone.

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:29 AM

Posted 02 February 2009 - 10:12 AM

Hi Sirenafairy,

I need a bit more than a new log. Just follow the instructions below. :)

There are some things that require attention and I will go over these step by step. If you are unsure of anything I am saying then don't continue, just post a query and I will get you back on track.

Please avoid changing anything on your computer (ie, downloading software) or taking unsupervised steps to remove any malware as this can make helping you much more difficult.

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
Please also post a fresh Hijackthis log.

Thanks. :thumbup2:
Posted Image
m0le is a proud member of UNITE

#7 Sirenafairy

Sirenafairy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 02 February 2009 - 03:42 PM

I did everything listed and here's an updated HijackThis log.

Was i supposed to run a scan with the malware bites program? You didnt specify, if so, do i need a full scan or quick scan?

Attached Files



#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:29 AM

Posted 03 February 2009 - 03:04 AM

Hi Sirenafairy,

No, don't run MalwareBytes at the moment. We will be using it later though.

please download OTViewIt to your desktop.
  • Close all windows and double click OTViewIt
  • Place a tick in the Scan all Users box
  • In the File Age drop down box select 90 days
  • Click Run Scan and let the program run uninterrupted
  • On completion it will produce two logs on the Desktop, post the OTViewIt.txt and Extras.txt logs in your next post.
Next, please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


If you don't see this message then post back before you continue.

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Just to recap I need both OTViewIt logs and the Combofix.txt log pasted into your next post. Please do not attach these. Then we can start to fix your computer. :thumbup2:
Posted Image
m0le is a proud member of UNITE

#9 Sirenafairy

Sirenafairy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 04 February 2009 - 04:34 PM

Here are the OTViewIt Logs:

OTViewIt logfile created on: 2/4/2009 4:00:56 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Owner.ASHNICOLE\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.57 Gb Available in Paging File | 89.26% Paging File free
Paging file location(s): C:\pagefile.sys 1500 3000;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 227.51 Gb Total Space | 118.02 Gb Free Space | 51.88% Space Free | Partition Type: NTFS
Drive D: | 5.37 Gb Total Space | 3.40 Gb Free Space | 63.28% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ASHNICOLE
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 90 Days

========== Processes ==========

[2008/12/01 15:38:42 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/12/01 15:38:42 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2006/07/27 12:52:58 | 00,188,416 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2005/08/02 19:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
[2009/01/23 17:23:36 | 00,079,360 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
[2009/01/29 22:33:21 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2006/10/09 15:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe
[2005/08/05 22:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
[2006/07/06 10:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
[2008/03/10 00:04:52 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
[2006/09/29 12:48:06 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
[2006/11/01 12:12:38 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
[2009/01/29 22:33:25 | 00,484,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2005/01/26 15:37:04 | 00,729,088 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
[2005/07/04 15:46:04 | 00,053,307 | ---- | M] (GEMTEKS) -- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe
[2009/01/29 22:33:22 | 00,903,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
[2006/04/21 14:26:38 | 05,358,592 | ---- | M] (Linksys) -- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
[2006/07/27 11:39:04 | 00,196,608 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe
[2006/07/27 11:21:48 | 00,094,208 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
[2006/07/27 12:03:24 | 00,163,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
[2005/08/05 22:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
[2009/01/29 22:33:25 | 00,687,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
[2006/07/10 02:37:24 | 00,025,600 | ---- | M] () -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
[2006/07/27 12:06:42 | 00,425,984 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
[2004/08/10 14:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2005/08/05 22:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
[2006/11/01 12:00:02 | 00,169,984 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[2005/12/09 21:44:40 | 00,139,264 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\readericon45G.exe
[2004/12/08 20:57:36 | 00,550,912 | ---- | M] () -- C:\WINDOWS\zHotkey.exe
[2005/08/05 22:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe
[2006/11/01 12:00:03 | 00,555,008 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
[2006/11/01 12:00:03 | 00,415,744 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
[2006/07/13 16:34:04 | 09,134,080 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
[2006/07/06 10:15:00 | 00,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[2006/07/27 12:54:22 | 00,303,104 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
[2006/03/29 22:10:04 | 00,375,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
[2005/08/02 19:19:16 | 00,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
[2006/03/21 20:30:00 | 01,191,936 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
[2006/12/10 20:52:38 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[2008/01/11 18:54:31 | 00,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
[2006/07/27 12:53:24 | 00,401,408 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
[2007/07/17 10:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
[2009/01/29 22:33:18 | 01,601,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2008/11/04 10:30:50 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
[2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2004/10/13 18:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2008/11/16 14:09:07 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[2007/01/02 20:40:10 | 00,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2005/01/26 15:33:16 | 00,106,496 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wtablet\TabUserW.exe
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/02/03 15:27:43 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
[2009/01/29 22:33:25 | 00,592,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
[2009/01/29 22:33:25 | 00,687,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
[2007/07/17 10:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
[2006/12/10 20:51:08 | 00,271,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
[2009/01/29 22:33:20 | 00,756,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgscanx.exe
[2009/01/29 22:33:25 | 00,687,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
[2009/02/04 15:56:17 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.ASHNICOLE\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/03/20 16:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3 [On_Demand | Stopped])
[2006/07/27 12:52:58 | 00,188,416 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService [Auto | Running])
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2005/08/02 19:19:16 | 00,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe -- (ARSVC [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/12/01 15:38:42 | 00,598,016 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2008/12/01 14:35:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2009/01/23 17:23:36 | 00,079,360 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [Auto | Running])
[2009/01/29 22:33:22 | 00,903,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
[2009/01/29 22:33:21 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2006/10/09 15:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr [Auto | Running])
[2005/08/05 22:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched [Auto | Running])
[2006/07/27 11:39:04 | 00,196,608 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe -- (ELService [Auto | Running])
[2008/02/03 15:27:43 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])
[2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/05/05 17:25:46 | 00,165,416 | ---- | M] (WildTangent, Inc.) -- C:\Program Files\WildTangent\Apps\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
[2008/09/03 09:05:48 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
[2006/07/06 10:14:30 | 00,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON [Auto | Running])
[2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2006/07/27 11:21:48 | 00,094,208 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM [Auto | Running])
[2006/07/10 02:37:24 | 00,025,600 | ---- | M] () -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server [Auto | Running])
[2006/07/27 12:03:24 | 00,163,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL [Auto | Running])
[2005/08/05 22:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
[2008/03/10 00:04:52 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe -- (mi-raysat_3dsMax2009_32 [Auto | Running])
[2006/09/29 12:48:06 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -- (mi-raysat_3dsmax9_32 [Auto | Running])
[2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2003/07/28 15:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2006/11/01 12:12:38 | 00,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL [Auto | Running])
[2006/07/27 12:06:42 | 00,425,984 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service [Auto | Running])
[2005/01/26 15:37:04 | 00,729,088 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe -- (TabletService [Auto | Running])
[2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
File not found -- -- (WUSB54GSCSVC [Auto | Running])

========== Driver Services ==========

[2004/08/03 23:10:12 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\61883.sys -- (61883 [On_Demand | Stopped])
[2007/05/08 09:20:40 | 00,017,801 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2001/08/17 22:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Boot | Running])
[2004/08/04 08:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\AMDAGP.SYS -- (amdagp [Boot | Running])
[2001/08/17 22:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Boot | Running])
[2001/08/17 22:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Boot | Running])
[2006/11/01 12:07:28 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
[2008/12/01 17:13:40 | 03,452,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2004/08/03 23:10:12 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc [On_Demand | Stopped])
[2009/01/29 22:33:25 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2009/01/29 22:33:25 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2009/01/29 22:33:24 | 00,107,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [System | Running])
[2008/02/20 21:05:38 | 00,009,336 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
[2008/02/20 21:05:40 | 00,009,464 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
[2001/08/17 22:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Boot | Running])
[2001/08/17 22:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Boot | Running])
[2006/07/19 17:42:16 | 00,230,400 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express [On_Demand | Running])
[2006/07/13 21:23:54 | 00,009,728 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ELacpi.sys -- (ELacpi [On_Demand | Running])
[2006/07/13 21:23:28 | 00,010,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\Elhid.sys -- (ELhid [System | Running])
[2006/07/13 21:23:32 | 00,006,912 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\Elkbd.sys -- (ELkbd [System | Running])
[2006/07/13 21:23:52 | 00,007,040 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\Elmon.sys -- (ELmon [System | Running])
[2006/07/13 21:23:30 | 00,006,400 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\Elmou.sys -- (ELmou [System | Running])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2006/11/01 12:11:51 | 00,029,184 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\drivers\goprot51.sys -- (GoProto [On_Demand | Stopped])
[2006/12/28 11:44:44 | 00,084,992 | R--- | M] (ATI Research Inc.) -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService [On_Demand | Stopped])
[2005/01/07 20:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/06/19 17:18:56 | 00,043,264 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI [On_Demand | Running])
[2006/12/06 01:02:28 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
[2006/12/06 01:02:28 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
[2006/12/06 01:02:29 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
[2006/07/18 17:15:18 | 00,256,128 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
[2006/07/18 17:16:08 | 00,990,592 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2006/07/06 09:59:42 | 00,246,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2004/08/04 07:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2006/06/19 16:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2001/08/17 22:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Boot | Running])
[2004/08/03 23:10:00 | 00,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV [On_Demand | Stopped])
[2001/04/09 11:45:00 | 00,008,138 | ---- | M] (Wacom Technology Corporation) -- C:\WINDOWS\system32\drivers\PenClass.sys -- (PenClass [Boot | Running])
[2004/08/10 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/02/20 21:05:38 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 22:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Boot | Running])
[2001/08/17 22:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Boot | Running])
[2001/08/17 22:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Boot | Running])
[2005/06/01 01:46:29 | 00,043,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sbp2port.sys -- (sbp2port [Boot | Running])
[2004/08/10 14:00:00 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Stopped])
[2004/08/10 14:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2005/12/02 20:38:04 | 00,041,728 | ---- | M] (Sonic Focus, Inc) -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32 [On_Demand | Running])
[2004/08/04 08:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGP.SYS -- (sisagp [Boot | Running])
[2001/08/17 23:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Boot | Running])
[2006/06/15 18:28:04 | 01,179,784 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2001/08/17 23:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Boot | Running])
[2001/08/17 23:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Boot | Running])
[2001/08/17 23:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Boot | Running])
[2001/08/17 23:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Boot | Running])
[2006/07/27 13:14:16 | 00,004,608 | ---- | M] () -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP [On_Demand | Stopped])
[2001/08/17 22:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Boot | Running])
[2004/08/10 14:00:00 | 00,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS [On_Demand | Stopped])
[2003/01/10 16:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw [On_Demand | Stopped])
[2006/07/18 17:15:10 | 00,728,192 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2003/09/25 21:15:32 | 00,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5 [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5238E
"Default_Search_URL"=http://www.google.com/ie
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5238E

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"Start Page"=http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5238E

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_page_URL"=http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5238E
"Search Page"=http://www.google.com
"Start Page"=http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5238E

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=gogl

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_page_URL"=http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5238E
"Search Page"=http://www.google.com
"Start Page"=http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5238E

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=gogl

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1484991476-2762409622-602371918-1005\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_USERS\S-1-5-21-1484991476-2762409622-602371918-1005\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_USERS\S-1-5-21-1484991476-2762409622-602371918-1005\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1484991476-2762409622-602371918-1007\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.com
"Start Page"=http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5238E

[HKEY_USERS\S-1-5-21-1484991476-2762409622-602371918-1007\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-1484991476-2762409622-602371918-1007\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_USERS\S-1-5-21-1484991476-2762409622-602371918-1007\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1484991476-2762409622-602371918-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{074C1DC5-9320-4A9A-947D-C042949C6216} (HKLM) -- C:\Program Files\Adobe [2008/09/11 21:06:47 | 00,000,000 | ---D | M]
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{68F9551E-0411-48E4-9AAF-4BC42A6A46BE} (HKLM) -- C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} (HKLM) -- C:\WINDOWS\system32\mlJCULBt.dll File not found
{7fd66bef-6839-48a3-8ca3-8c65def74f3b} (HKLM) -- C:\WINDOWS\system32\uteblc.dll ()
{A057A204-BACC-4D26-9990-79A187E2698E} (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)
{AA58ED58-01DD-4d91-8333-CF10577473F7} (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
{AE84A6AA-A333-4B92-B276-C11E2212E4FE} (HKLM) -- C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll (Hewlett-Packard Co.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
{CA6319C0-31B7-401E-A518-A07C3DB8F777} (HKLM) -- c:\WINDOWS\system32\bae.dll (Gateway Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{327C2873-E90D-4c37-AA9D-10AC9BABA46C}" (HKLM) -- C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}" (HKLM) -- C:\Program Files\Adobe [2008/09/11 21:06:47 | 00,000,000 | ---D | M]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-1484991476-2762409622-602371918-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)

[HKEY_USERS\S-1-5-21-1484991476-2762409622-602371918-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-1484991476-2762409622-602371918-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"a8fefc60"=rundll32.exe "C:\WINDOWS\system32\cmonsugj.dll",b File not found
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
"AlwaysReady Power Message APP"=ARPWRMSG.EXE (Microsoft)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon (CANON INC.)
"CCUTRAYICON"=C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel Corporation)
"CHotkey"=zHotkey.exe ()
"ehTray"=C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup ()
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe File not found
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe File not found
"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY (Intel Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"msci"=C:\DOCUME~1\OWNER~1.ASH\LOCALS~1\Temp\200612415812_mcinfo.exe /insfin File not found
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup (Intel Corporation)
"Persistence"=C:\WINDOWS\system32\igfxpers.exe File not found
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"readericon"=C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
"Recguard"=%WINDIR%\SMINST\RECGUARD.EXE ()
"Reminder"=%WINDIR%\Creator\Remind_XP.exe (SoftThinks)
"SigmatelSysTrayApp"=sttray.exe File not found
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GetModule35"="C:\Program Files\GetModule\GetModule35.exe" File not found
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"Power2GoExpress"=NA File not found
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1484991476-2762409622-602371918-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GetModule35"="C:\Program Files\GetModule\GetModule35.exe" File not found
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"Power2GoExpress"=NA File not found
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

========== (O4) Startup Folders ==========

[2007/01/02 20:40:10 | 00,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[2005/01/26 15:33:16 | 00,106,496 | ---- | M] (Wacom Technology, Corp.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.mss -- File not found
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.the -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1484991476-2762409622-602371918-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1484991476-2762409622-602371918-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2005/05/27 04:06:54 | 10,095,808 | ---- | M] (Microsoft Corporation)
Easy-WebPrint Add To Print List: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 19:05:46 | 00,552,960 | ---- | M] ()
Easy-WebPrint High Speed Print: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 19:05:46 | 00,552,960 | ---- | M] ()
Easy-WebPrint Preview: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 19:05:46 | 00,552,960 | ---- | M] ()
Easy-WebPrint Print: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 19:05:46 | 00,552,960 | ---- | M] ()

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: C:\Program Files\Google\GoogleToolbar1.dll File not found
&Translate English Word: C:\Program Files\Google\GoogleToolbar1.dll File not found
Backward Links: C:\Program Files\Google\GoogleToolbar1.dll File not found
Cached Snapshot of Page: C:\Program Files\Google\GoogleToolbar1.dll File not found
Similar Pages: C:\Program Files\Google\GoogleToolbar1.dll File not found
Translate Page into English: C:\Program Files\Google\GoogleToolbar1.dll File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: C:\Program Files\Google\GoogleToolbar1.dll File not found
&Translate English Word: C:\Program Files\Google\GoogleToolbar1.dll File not found
Backward Links: C:\Program Files\Google\GoogleToolbar1.dll File not found
Cached Snapshot of Page: C:\Program Files\Google\GoogleToolbar1.dll File not found
Similar Pages: C:\Program Files\Google\GoogleToolbar1.dll File not found
Translate Page into English: C:\Program Files\Google\GoogleToolbar1.dll File not found

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: Reg Error: Key does not exist or could not be opened. File not found
&Translate English Word: Reg Error: Key does not exist or could not be opened. File not found
Backward Links: Reg Error: Key does not exist or could not be opened. File not found
Cached Snapshot of Page: Reg Error: Key does not exist or could not be opened. File not found
Similar Pages: Reg Error: Key does not exist or could not be opened. File not found
Translate Page into English: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: Reg Error: Key does not exist or could not be opened. File not found
&Translate English Word: Reg Error: Key does not exist or could not be opened. File not found
Backward Links: Reg Error: Key does not exist or could not be opened. File not found
Cached Snapshot of Page: Reg Error: Key does not exist or could not be opened. File not found
Similar Pages: Reg Error: Key does not exist or could not be opened. File not found
Translate Page into English: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1484991476-2762409622-602371918-1005\Software\Microsoft\Internet Explorer\MenuExt\]
&Google Search: Reg Error: Key does not exist or could not be opened. File not found
&Translate English Word: Reg Error: Key does not exist or could not be opened. File not found
Backward Links: Reg Error: Key does not exist or could not be opened. File not found
Cached Snapshot of Page: Reg Error: Key does not exist or could not be opened. File not found
Similar Pages: Reg Error: Key does not exist or could not be opened. File not found
Translate Page into English: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1484991476-2762409622-602371918-1007\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007/05/10 22:47:03 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2005/05/27 04:06:54 | 10,095,808 | ---- | M] (Microsoft Corporation)
Easy-WebPrint Add To Print List: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 19:05:46 | 00,552,960 | ---- | M] ()
Easy-WebPrint High Speed Print: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 19:05:46 | 00,552,960 | ---- | M] ()
Easy-WebPrint Preview: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 19:05:46 | 00,552,960 | ---- | M] ()
Easy-WebPrint Print: C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006/04/18 19:05:46 | 00,552,960 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/15 01:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 18:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 18:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 01:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 18:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 01:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 18:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 01:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 18:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1484991476-2762409622-602371918-1007\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/15 01:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 18:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{2042B57E-6336-459E-B7CE-2A0F6C9E6AF8}: file://E:\win\setup\iaieplay.dll -- IEPlayInterface Class
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{4C1AC70D-1940-4D22-97C8-B0A06CEFF3B4} (Servers: | Description: Intel® 82562V 10/100 Network Connection)
{58BDB748-548E-418F-8976-63C26A136955} (Servers: | Description: )
{5D86CA6E-74B6-428E-9127-1EC12DA6603F} (Servers: | Description: 1394 Net Adapter)
{6428D5E9-DF15-4EAB-8666-AB509E28C362} (Servers: | Description: Compact Wireless-G USB Network Adapter with SpeedBooster)
{664FC030-2F8D-4A76-9D33-6C5E58A5C798} (Servers: | Description: Compact Wireless-G USB Network Adapter with SpeedBooster)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL uteblc.dll
>[2006/11/01 12:00:03 | 00,111,616 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll
>[2009/01/29 22:33:25 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)
avgrsstarter: "DllName" = avgrsstx.dll -- C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
igfxcui: "DllName" = igfxdev.dll -- File not found
mlJCULBt: "DllName" = mlJCULBt.dll -- File not found

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}" (HKLM) -- C:\WINDOWS\system32\mlJCULBt.dll File not found

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
>File not found --

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,C:\WINDOWS\system32\fccAtTkJ,
>File not found --

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2006/06/17 04:41:16 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

Autorun.inf [[AUTORUN] | SHELLEXECUTE=Info.exe folder.htt 480 480 | ]
[2004/09/13 12:15:24 | 00,000,053 | -HS- | M] () -- D:\Autorun.inf -- [ FAT32 ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{010fc708-d2a3-11db-aac6-00038a000015}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{010fc708-d2a3-11db-aac6-00038a000015}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{010fc708-d2a3-11db-aac6-00038a000015}\Shell\AutoRun\command]
""=M:\LaunchU3.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10ae16d3-d9b7-11dd-ac13-001676e05b83}\Shell\Auto\command]
""=Start.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10ae16d3-d9b7-11dd-ac13-001676e05b83}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10ae16d3-d9b7-11dd-ac13-001676e05b83}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2006/03/17 06:03:54 | 08,452,096 | ---- | M] (Microsoft Corporation)

========== Files/Folders - Created Within 90 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[2009/02/04 15:56:17 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.ASHNICOLE\Desktop\OTViewIt.exe
[2009/02/04 15:38:34 | 00,072,704 | ---- | C] () -- C:\WINDOWS\System32\bvwbvcxb.dll
[2009/02/04 15:38:34 | 00,009,728 | ---- | C] () -- C:\WINDOWS\instsp1.exe
[2009/02/02 19:15:03 | 01,063,406 | ---- | C] () -- C:\Documents and Settings\Owner.ASHNICOLE\Desktop\ah logo.ai
[2009/02/02 15:38:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.ASHNICOLE\Application Data\Malwarebytes
[2009/02/02 15:38:44 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/02/02 15:38:43 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/02 15:38:41 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/02 15:38:40 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/02/02 15:38:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/02/02 15:37:22 | 02,737,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner.ASHNICOLE\Desktop\mbam-setup.exe
[2009/02/02 15:35:15 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\uteblc.dll
[2009/02/02 15:35:14 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\oluvnspy.dll
[2009/02/02 15:32:37 | 01,508,191 | -HS- | C] () -- C:\WINDOWS\System32\jgusnomc.ini
[2009/01/29 22:40:12 | 01,483,063 | -HS- | C] () -- C:\WINDOWS\System32\erjbpcqq.ini
[2009/01/29 22:31:07 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\hsqkma.dll
[2009/01/29 22:31:04 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\nchdaxbk.dll
[2009/01/29 21:39:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.ASHNICOLE\Desktop\Pics from Hilda
[2009/01/29 16:32:52 | 01,508,191 | -HS- | C] () -- C:\WINDOWS\System32\cdxnronx.ini
[2009/01/29 16:32:51 | 00,072,704 | ---- | C] () -- C:\WINDOWS\System32\xnornxdc.dll
[2009/01/29 16:29:52 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\xcddmw.dll
[2009/01/29 16:29:51 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\nbdsjpsi.dll
[2009/01/28 16:31:32 | 01,515,358 | -HS- | C] () -- C:\WINDOWS\System32\bxajrcey.ini
[2009/01/28 16:29:26 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\pgovsjjv.dll
[2009/01/28 16:28:28 | 00,407,566 | -HS- | C] () -- C:\WINDOWS\System32\JkTtAccf.ini2
[2009/01/28 16:28:28 | 00,407,566 | -HS- | C] () -- C:\WINDOWS\System32\JkTtAccf.ini
[2009/01/28 16:28:23 | 00,315,904 | ---- | C] () -- C:\WINDOWS\System32\fccAtTkJ.dll.vir
[2009/01/25 03:00:44 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2009/01/25 01:30:57 | 05,936,600 | ---- | C] (CNET TechTracker ) -- C:\Documents and Settings\Owner.ASHNICOLE\Desktop\VersionTracker_Pro_Windows_4_1_cn007x.exe
[2009/01/24 19:56:29 | 00,221,728 | ---- | C] () -- C:\Documents and Settings\Owner.ASHNICOLE\Desktop\avg overview.csv
[2009/01/24 19:10:25 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Owner.ASHNICOLE\Desktop\HijackThis.lnk
[2009/01/24 19:10:24 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/01/24 19:09:00 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner.ASHNICOLE\Desktop\HJTInstall.exe
[2009/01/24 18:22:05 | 00,000,000 | ---D | C] -- C:\Program Files\iCheck
[2009/01/24 18:22:05 | 00,000,000 | ---D | C] -- C:\Program Files\GetModule
[2009/01/24 17:55:04 | 00,001,064 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft FREE trial.lnk
[2009/01/24 17:54:43 | 00,000,000 | ---D | C] -- C:\Program Files\ATI
[2009/01/24 15:30:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.ASHNICOLE\Desktop\Senior I & II
[2009/01/23 17:42:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.ASHNICOLE\Desktop\Schoolwork
[2009/01/23 17:25:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.ASHNICOLE\Application Data\Autodesk
[2009/01/23 17:23:28 | 00,001,741 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Autodesk 3ds Max 2009 32-bit.lnk
[2009/01/23 17:22:03 | 01,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2009/01/23 17:22:03 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2009/01/23 17:22:01 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2009/01/23 17:22:01 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2009/01/23 17:22:00 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2009/01/23 17:20:55 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/01/23 17:19:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/01/23 17:19:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2009/01/23 17:18:43 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/01/23 17:18:01 | 00,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2009/01/20 15:38:09 | 05,422,182 | ---- | C] () -- C:\Documents and Settings\Owner.ASHNICOLE\Desktop\Clevelands_112.bmp
[2009/01/05 17:31:05 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/01/05 17:30:52 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/01/05 17:30:50 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/01/05 17:30:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/01/03 14:58:22 | 00,002,085 | ---- | C] () -- C:\Documents and Settings\Owner.ASHNICOLE\Desktop\The Sims™ 2 Body Shop.lnk
[2008/12/31 23:50:06 | 00,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2008/12/31 20:25:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.ASHNICOLE\My Documents\EA Games
[2008/12/31 20:25:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\EA Games
[2008/12/20 01:02:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.ASHNICOLE\Application Data\Media Player Classic
[2008/12/20 01:02:42 | 04,411,392 | ---- | C] (Gabest) -- C:\Documents and Settings\Owner.ASHNICOLE\Desktop\mplayerc.exe
[2008/12/20 00:58:26 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/12/20 00:58:25 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2008/12/17 06:31:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.ASHNICOLE\Desktop\100NIKON
[2008/12/13 13:47:04 | 00,247,326 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmdll.dll
[2008/12/01 15:11:21 | 00,069,112 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.cap
[2008/11/21 16:47:56 | 00,524,288 | ---- | C] (DivX Inc.) -- C:\WINDOWS\System32\DivXsm.exe
[2008/11/21 16:47:56 | 00,004,816 | ---- | C] () -- C:\WINDOWS\System32\divxsm.tlb
[2008/11/21 16:47:52 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/21 16:46:10 | 01,044,480 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libdivx.dll
[2008/11/21 16:46:10 | 00,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssldivx.dll
[2008/11/21 16:45:16 | 00,196,608 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dtu100.dll
[2008/11/21 16:45:16 | 00,081,920 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2008/11/21 16:45:12 | 00,593,920 | ---- | C] (DivXNetworks) -- C:\WINDOWS\System32\dpuGUI11.dll
[2008/11/21 16:45:12 | 00,344,064 | ---- | C] (DivXNetworks) -- C:\WINDOWS\System32\dpus11.dll
[2008/11/21 16:45:12 | 00,294,912 | ---- | C] (DivXNetworks) -- C:\WINDOWS\System32\dpu11.dll
[2008/11/21 16:45:12 | 00,294,912 | ---- | C] (DivXNetworks) -- C:\WINDOWS\System32\dpu10.dll
[2008/11/21 16:45:12 | 00,057,344 | ---- | C] (DivXNetworks) -- C:\WINDOWS\System32\dpv11.dll
[2008/11/21 16:45:12 | 00,053,248 | ---- | C] (DivXNetworks) -- C:\WINDOWS\System32\dpuGUI10.dll
[2008/11/21 16:45:08 | 00,823,296 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
[2008/11/21 16:45:08 | 00,823,296 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
[2008/11/21 16:45:08 | 00,815,104 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
[2008/11/21 16:45:08 | 00,802,816 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
[2008/11/21 16:45:06 | 00,684,032 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
[2008/11/21 16:45:00 | 00,729,088 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divxdec.ax
[2008/11/21 16:45:00 | 00,352,401 | ---- | C] (DivXNetworks) -- C:\WINDOWS\System32\DivXMedia.ax
[2008/11/21 16:44:38 | 00,161,096 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXCodecVersionChecker.exe
[2008/11/21 16:44:16 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/11/18 21:28:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.ASHNICOLE\Application Data\WinRAR
[2008/11/18 21:28:21 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2008/11/12 04:43:22 | 00,453,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/11/12 04:43:21 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2008/11/07 23:56:15 | 12,097,081 | ---- | C] () -- C:\Documents and Settings\Owner.ASHNICOLE\Desktop\emperor.psd
[2008/11/07 23:44:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.ASHNICOLE\My Documents\Downloads
[2008/11/07 23:42:31 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\Owner.ASHNICOLE\Desktop\µTorrent.lnk
[2008/11/07 23:42:28 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2008/11/07 23:42:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.ASHNICOLE\Application Data\uTorrent

========== Files - Modified Within 90 Days ==========

[34 C:\*.tmp files]
[3 C:\WINDOWS\System32\*.tmp files]
[2009/02/04 15:56:17 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.ASHNICOLE\Desktop\OTViewIt.exe
[2009/02/04 15:38:51 | 32,784,322 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/02/04 15:38:51 | 00,086,834 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/02/04 15:38:34 | 00,072,704 | ---- | M] () -- C:\WINDOWS\System32\bvwbvcxb.dll
[2009/02/04 15:38:34 | 00,009,728 | ---- | M] () -- C:\WINDOWS\instsp1.exe
[2009/02/04 15:38:10 | 00,407,566 | -HS- | M] () -- C:\WINDOWS\System32\JkTtAccf.ini2
[2009/02/04 15:38:10 | 00,407,566 | -HS- | M] () -- C:\WINDOWS\System32\JkTtAccf.ini
[2009/02/04 15:37:37 | 04,916,712 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/04 15:36:49 | 00,000,527 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2009/02/04 15:36:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/02/04 15:36:24 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/02/04 15:36:18 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/02/02 23:47:18 | 01,063,406 | ---- | M] () -- C:\Documents and Settings\Owner.ASHNICOLE\Desktop\ah logo.ai
[2009/02/02 17:47:41 | 00,008,192 | -HS- | M] () -- C:\WINDOWS\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\WINDOWS\Thumbs.db:encryptable
[2009/02/02 17:46:39 | 00,008,704 | -HS- | M] () -- C:\WINDOWS\System32\Thumbs.db
@Alternate Data Stream - 0 bytes -> C:\WINDOWS\System32\Thumbs.db:encryptable
[2009/02/02 15:38:44 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/02/02 15:37:22 | 02,737,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner.ASHNICOLE\Desktop\mbam-setup.exe
[2009/02/02 15:35:15 | 00,129,024 | ---- | M] () -- C:\WINDOWS\System32\uteblc.dll
[2009/02/02 15:35:15 | 00,129,024 | ---- | M] () -- C:\WINDOWS\System32\oluvnspy.dll
[2009/02/02 15:32:54 | 01,508,191 | -HS- | M] () -- C:\WINDOWS\System32\cdxnronx.ini
[2009/02/02 15:32:40 | 01,508,191 | -HS- | M] () -- C:\WINDOWS\System32\jgusnomc.ini
[2009/01/29 22:40:21 | 01,483,063 | -HS- | M] () -- C:\WINDOWS\System32\erjbpcqq.ini
[2009/01/29 22:33:25 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/01/29 22:33:25 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/01/29 22:33:25 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/01/29 22:33:24 | 00,107,272 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/01/29 22:31:06 | 00,129,024 | ---- | M] () -- C:\WINDOWS\System32\nchdaxbk.dll
[2009/01/29 22:31:06 | 00,129,024 | ---- | M] () -- C:\WINDOWS\System32\hsqkma.dll
[2009/01/29 16:32:52 | 00,072,704 | ---- | M] () -- C:\WINDOWS\System32\xnornxdc.dll
[2009/01/29 16:31:59 | 01,515,358 | -HS- | M] () -- C:\WINDOWS\System32\bxajrcey.ini
[2009/01/29 16:29:52 | 00,129,024 | ---- | M] () -- C:\WINDOWS\System32\xcddmw.dll
[2009/01/29 16:29:52 | 00,129,024 | ---- | M] () -- C:\WINDOWS\System32\nbdsjpsi.dll
[2009/01/28 16:29:27 | 00,129,024 | ---- | M] () -- C:\WINDOWS\System32\pgovsjjv.dll
[2009/01/28 16:28:28 | 00,315,904 | ---- | M] () -- C:\WINDOWS\System32\fccAtTkJ.dll.vir
[2009/01/25 01:32:18 | 05,936,600 | ---- | M] (CNET TechTracker ) -- C:\Documents and Settings\Owner.ASHNICOLE\Desktop\VersionTracker_Pro_Windows_4_1_cn007x.exe
[2009/01/24 19:56:29 | 00,221,728 | ---- | M] () -- C:\Documents and Settings\Owner.ASHNICOLE\Desktop\avg overview.csv
[2009/01/24 19:10:26 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Owner.ASHNICOLE\Desktop\HijackThis.lnk
[2009/01/24 19:09:02 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner.ASHNICOLE\Desktop\HJTInstall.exe
[2009/01/24 18:57:17 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Owner.ASHNICOLE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/24 18:14:02 | 00,001,064 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft FREE trial.lnk
[2009/01/23 17:23:28 | 00,001,741 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Autodesk 3ds Max 2009 32-bit.lnk
[2009/01/23 17:21:12 | 00,527,408 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/01/23 17:21:12 | 00,447,462 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/01/23 17:21:12 | 00,072,860 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/01/23 17:17:44 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/01/20 15:38:09 | 05,422,182 | ---- | M] () -- C:\Documents and Settings\Owner.ASHNICOLE\Desktop\Clevelands_112.bmp
[2009/01/19 10:06:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/01/14 16:11:32 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/14 16:11:28 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/06 20:59:57 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2008/12/31 23:50:06 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2008/12/31 23:28:18 | 00,002,085 | ---- | M] () -- C:\Documents and Settings\Owner.ASHNICOLE\Desktop\The Sims™ 2 Body Shop.lnk
[2008/12/29 16:07:00 | 00,368,010 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/12/12 12:27:54 | 03,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/12 12:27:54 | 03,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/11 06:57:21 | 00,333,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\srv.sys
[2008/12/11 06:57:21 | 00,333,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/12/10 16:14:40 | 04,411,392 | ---- | M] (Gabest) -- C:\Documents and Settings\Owner.ASHNICOLE\Desktop\mplayerc.exe
[2008/12/01 15:41:02 | 00,188,416 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2008/12/01 15:41:02 | 00,188,416 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx(2).dll
[2008/12/01 15:40:49 | 00,147,456 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2008/12/01 15:40:41 | 00,026,112 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2008/12/01 15:40:32 | 00,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2008/12/01 15:40:32 | 00,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx(2).dll
[2008/12/01 15:11:21 | 00,069,112 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2008/12/01 14:35:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/11/21 16:47:56 | 00,524,288 | ---- | M] (DivX Inc.) -- C:\WINDOWS\System32\DivXsm.exe
[2008/11/21 16:47:56 | 00,004,816 | ---- | M] () -- C:\WINDOWS\System32\divxsm.tlb
[2008/11/21 16:47:52 | 03,596,288 | ---- | M] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/21 16:46:10 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libdivx.dll
[2008/11/21 16:46:10 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssldivx.dll
[2008/11/21 16:45:16 | 00,196,608 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\dtu100.dll
[2008/11/21 16:45:16 | 00,081,920 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2008/11/21 16:45:12 | 00,593,920 | ---- | M] (DivXNetworks) -- C:\WINDOWS\System32\dpuGUI11.dll
[2008/11/21 16:45:12 | 00,344,064 | ---- | M] (DivXNetworks) -- C:\WINDOWS\System32\dpus11.dll
[2008/11/21 16:45:12 | 00,294,912 | ---- | M] (DivXNetworks) -- C:\WINDOWS\System32\dpu11.dll
[2008/11/21 16:45:12 | 00,294,912 | ---- | M] (DivXNetworks) -- C:\WINDOWS\System32\dpu10.dll
[2008/11/21 16:45:12 | 00,057,344 | ---- | M] (DivXNetworks) -- C:\WINDOWS\System32\dpv11.dll
[2008/11/21 16:45:12 | 00,053,248 | ---- | M] (DivXNetworks) -- C:\WINDOWS\System32\dpuGUI10.dll
[2008/11/21 16:45:08 | 00,823,296 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
[2008/11/21 16:45:08 | 00,823,296 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
[2008/11/21 16:45:08 | 00,815,104 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
[2008/11/21 16:45:08 | 00,802,816 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
[2008/11/21 16:45:06 | 00,684,032 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
[2008/11/21 16:45:00 | 00,729,088 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divxdec.ax
[2008/11/21 16:45:00 | 00,352,401 | ---- | M] (DivXNetworks) -- C:\WINDOWS\System32\DivXMedia.ax
[2008/11/21 16:44:38 | 00,161,096 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXCodecVersionChecker.exe
[2008/11/21 16:44:16 | 00,012,288 | ---- | M] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/11/08 12:59:57 | 12,097,081 | ---- | M] () -- C:\Documents and Settings\Owner.ASHNICOLE\Desktop\emperor.psd
[2008/11/07 23:42:31 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\Owner.ASHNICOLE\Desktop\µTorrent.lnk
< End of report >





Extras:


OTViewIt Extras logfile created on: 2/4/2009 4:00:56 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Owner.ASHNICOLE\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.57 Gb Available in Paging File | 89.26% Paging File free
Paging file location(s): C:\pagefile.sys 1500 3000;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 227.51 Gb Total Space | 118.02 Gb Free Space | 51.88% Space Free | Partition Type: NTFS
Drive D: | 5.37 Gb Total Space | 3.40 Gb Free Space | 63.28% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ASHNICOLE
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 90 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/10 14:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/10 14:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2004/10/14 17:33:08 | 00,012,888 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon
File not found -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed
File not found -- C:\Program Files\Common Files\AOL\1162400825\EE\AOLServiceHost.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
[2006/07/27 13:14:16 | 00,061,440 | ---- | M] () -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:LocalSubNet:Enabled:SPCM
[2006/07/10 02:37:24 | 00,025,600 | ---- | M] () -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:LocalSubNet:Enabled:Intel® Viiv™ Media Server
[2006/07/27 12:06:42 | 00,425,984 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:LocalSubNet:Enabled:Intel® Remoting Service
[2004/10/13 18:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2004/02/06 09:59:16 | 00,036,864 | ---- | M] () -- C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\InvokeSvc2.exe:*:Enabled:Wireless Network Monitor
File not found -- K:\Programs\LightWave\Programs\hub.exe:*:Enabled:hub
File not found -- K:\Programs\LightWave\Programs\lightwav.exe:*:Enabled:lightwav
File not found -- K:\Programs\LightWave\Programs\modeler.exe:*:Enabled:modeler
[2007/03/20 16:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server
[2006/09/29 14:30:46 | 05,946,368 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:*:Enabled:Autodesk 3ds Max 9 32-bit
[2009/01/29 22:33:22 | 00,903,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
[2009/01/29 22:29:14 | 01,032,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2008/11/07 23:42:28 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/02/20 15:26:00 | 00,425,984 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor
[2008/02/20 15:26:00 | 00,532,480 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager
[2008/02/20 15:26:00 | 00,110,592 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server
[2008/03/10 01:22:52 | 07,299,072 | ---- | M] (Autodesk, Inc.) -- C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2009 32-bit

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 05:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009/01/29 22:33:23 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 05:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2003/07/11 05:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2001/06/20 12:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2003/08/04 13:19:34 | 07,330,360 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/04/25 16:29:56 | 08,071,360 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2003/07/15 01:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004685F7-9FB6-4789-812F-59ABB34A55AF}"=Adobe Setup
"{0046FA01-C5B9-4985-BACB-398DC480FC05}"=Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}"=Adobe XMP DVA Panels CS3
"{02EBDBB9-4600-41D3-B566-40CB861511D2}"=World of Warcraft FREE Trial
"{0327FA9D-975C-448C-A086-577D57BB25B8}"=Adobe Soundbooth CS3 Codecs
"{055EE59D-217B-43A7-ABFF-507B966405D8}"=ATI Catalyst Control Center
"{07287123-B8AC-41CE-8346-3D777245C35B}"=Bonjour
"{072A1145-79D5-4BEB-4D8A-59CCB7CB31AE}"=Catalyst Control Center Graphics Full Existing
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{097CF8DE-C007-F3C5-2A80-C1AD2A9D7EFB}"=Catalyst Control Center Graphics Previews Common
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}"=WD Diagnostics
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}"=AIO_Scan
"{0E5E5B46-61B6-3FF3-5C7C-87F1AC00568E}"=CCC Help Czech
"{0F200FB1-B904-1820-0EEA-15C458B575B3}"=CCC Help Portuguese
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1700"=Canon iP1700
"{145C6099-E682-AFBB-4E4C-2FE72333E2FB}"=CCC Help Hungarian
"{15095BF3-A3D7-4DDF-B193-3A496881E003}"=Microsoft .NET Framework 3.0
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}"=Recovery Software Suite Gateway
"{15A0B9F3-DCE9-42D8-0F81-A03C0BF9BB3B}"=CCC Help Norwegian
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}"=Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}"=WebReg
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}"=Adobe After Effects CS3 Presets
"{19A84EB1-D85B-BB4F-0030-B7E2BC1ACB6F}"=Catalyst Control Center Localization Dutch
"{1A2A15C2-6780-49c1-B296-503230E9DE00}"=The Sims™ 2 Mansion and Garden Stuff
"{1BF4CB7A-85C6-0480-30D9-C8F711C9D99E}"=Catalyst Control Center Localization Chinese Traditional
"{1D58229F-C505-45CA-8223-F35F3A34B963}"=Adobe Version Cue CS3 Server {ko_KR}
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}"=DVD Solution
"{2034E9E2-60F5-A335-363F-9FA9B0864FBA}"=CCC Help Chinese Standard
"{2205E3A5-DCDC-461D-8ED6-D6F2341D3B64}"=Intel Audio Studio 2.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=Google Toolbar for Internet Explorer
"{233EE11F-A04C-B612-AEDF-16A312986113}"=Catalyst Control Center Graphics Light
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}"=Adobe ExtendScript Toolkit 2
"{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}"=MobileMe Control Panel
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}"=Adobe Flash Video Encoder
"{318AB667-3230-41B5-A617-CB3BF748D371}"=iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150020}"=J2SE Runtime Environment 5.0 Update 2
"{3405EF6E-6E68-AF1A-A165-4832ADA3221E}"=Catalyst Control Center Localization Finnish
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{354DC3BC-A17F-E931-E696-E57EF0BF39B1}"=CCC Help Japanese
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}"=ATI Parental Control & Encoder
"{38B39865-D988-4945-9A22-6107B8B40953}"=C4200
"{39BBA37B-E375-4977-6EC2-9FB182A18CD1}"=Catalyst Control Center Localization Russian
"{3CFC1E5C-52C5-F564-BBBD-A791A0ED2868}"=CCC Help Swedish
"{3D347E6D-5A03-4342-B5BA-6A771885F379}"=Autodesk Backburner 2008.1
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}"=ATI HYDRAVISION
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}"=Browser Address Error Redirector
"{40A77C5E-831D-53B7-6DD6-049390E99737}"=CCC Help Turkish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}"=Power2Go 4.0
"{43673268-252B-10C5-A96B-BD766CECF1BC}"=Catalyst Control Center Localization Korean
"{43B7C43F-406C-4DE5-DCC5-6712A09890D1}"=Catalyst Control Center Localization Danish
"{4458C442-7376-4CF9-AF58-E8CEA6722363}"=Adobe Setup
"{4517BAE4-D4F2-3A21-38F7-8E4D798515E3}"=Catalyst Control Center Localization Norwegian
"{4817189D-1785-4627-A33C-39FD90919300}"=The Sims 2 Pets
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}"=Adobe Premiere Pro CS3 Third Party Content
"{491DD792-AD81-429C-9EB4-86DD3D22E333}"=Windows Communication Foundation
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}"=DocProc
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}"=Digital Media Reader
"{4B0F42ED-C1AA-1EE3-694C-B338B60D202A}"=Catalyst Control Center Localization German
"{4DE8C2BD-F830-CB44-3C55-FC77DE3FDB80}"=CCC Help German
"{4FAF0223-13C2-E94B-6E9E-D5807EFE8589}"=CCC Help Korean
"{50CE21D8-0F44-4f3f-A392-7F9AD3194DEF}"=PS_AIO_Software
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}"=Adobe Premiere Pro CS3 Functional Content
"{51007CF9-CB4C-265B-D62A-FF6BFD327ABA}"=Catalyst Control Center Localization Polish
"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
"{526AAE17-8067-9BF2-C56B-EE8CEED32254}"=CCC Help Polish
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}"=Adobe Encore CS3
"{56BA64AD-C2DF-9C71-E521-F87A2D335F57}"=Catalyst Control Center Localization French
"{57A17677-2064-D213-F2C0-37874112BCE8}"=ccc-utility
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}"=Adobe Premiere Pro CS3
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}"=The Sims™ 2 Teen Style Stuff
"{5D95AD35-368F-47D5-B63A-A082DDF00111}"=Microsoft Digital Image Starter Edition 2006 Editor
"{5DA6F06A-B389-407B-BF8C-1548767914D8}"=ATI Problem Report Wizard
"{5DACB956-E3ED-4A8E-8B9D-AC0B99820AE7}"=Intel Audio Studio 2.0
"{6084D038-3401-4C9D-A216-86E6EEA25AFB}"=ZBrush3
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}"=Adobe Setup
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}"=The Sims™ 2 Kitchen & Bath Interior Design Stuff
"{65563451-00B6-458C-9F9A-03A7757355A6}"=Compact Wireless-G USB Network Adapter with SpeedBooster
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}"=eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}"=HPProductAssistant
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}"=Microsoft Digital Image Starter Edition 2006 Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}"=Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}"=Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}"=AHV content for Acrobat and Flash
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}"=The Sims 2 Family Fun Stuff
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}"=Adobe Color Common Settings
"{6D52C408-B09A-4520-9B18-475B81D393F1}"=Microsoft Works
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}"=The Sims™ 2 IKEA® Home Stuff
"{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}"=Multimedia Keyboard Driver
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}"=CustomerResearchQFolder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{785A16DC-26B7-3184-D5F7-4186C90F77B9}"=Catalyst Control Center Localization Chinese Standard
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}"=Adobe Help Viewer CS3
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}"=The Sims 2 Open For Business
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}"=Adobe Dreamweaver CS3
"{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}"=3dsmax ancillary install
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}"=Windows Workflow Foundation
"{7DFC1012-D346-46CE-B03E-FF79125AE029}"=Adobe Fireworks CS3
"{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}"=Adobe After Effects CS3 Third Party Content
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}"=Adobe Video Profiles
"{849A20E0-8A09-45F9-BE58-4DAE823E8CE4}"=Catalyst Control Center Localization Czech
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}"=The Sims™ 2 H&M® Fashion Stuff
"{85785A25-4ED5-1CDF-24BF-4AD32FFDCD3D}"=Catalyst Control Center Localization Turkish
"{8641C1CB-03B3-41d4-8DEC-79826A4B5C0E}"=HP Photosmart All-In-One Software 8.0
"{8718DC03-D066-4957-94E5-50C3C5042E8E}"=Adobe Creative Suite 3 Master Collection
"{87E2B986-07E8-477a-93DC-AF0B6758B192}"=DocProcQFolder
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}"=The Sims™ 2 FreeTime
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}"=ATI AVIVO Codecs
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}"=The Sims 2
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8C6027FD-53DC-446D-BB75-CACD7028A134}"=HP Update
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}"=Napster Burn Engine
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}"=The Sims 2 University
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}"=Intel® Matrix Storage Manager
"{91120409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Standard Edition 2003
"{93693EB3-E1E9-BC11-76D9-E03BF7338FC9}"=CCC Help Greek
"{9541B99F-5A88-9C02-6424-F17883E907A9}"=Catalyst Control Center Localization Spanish
"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}"=MarketResearch
"{973DFE07-93EE-4EC0-73B2-1E9B1EB1B46D}"=CCC Help Danish
"{978C25EE-5777-46e4-8988-732C297CBDBD}"=Status
"{97B2C4BB-08B1-6092-0F67-62AFA077444C}"=CCC Help Russian
"{9941F0AA-B903-4AF4-A055-83A9815CC011}"=Sonic Encoders
"{9A346205-EA92-4406-B1AB-50379DA3F057}"=Autodesk DWF Viewer 7
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}"=Destinations
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}"=The Sims 2 Glamour Life Stuff
"{9F7FC79B-3059-4264-9450-39EB368E3225}"=Microsoft Digital Image Library 9 - Blocker
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}"=SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}"=Copy
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}"=SigmaTel Audio
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}"=Adobe Soundbooth CS3
"{A70FF5D5-D3A5-27EF-9751-3280710AFB9C}"=Skins
"{A958AD7D-A598-A2B6-CB71-19033DAD6730}"=Catalyst Control Center Localization Swedish
"{A9F95496-FA05-9808-2A6A-850D7CD6513A}"=CCC Help Thai
"{AAFEE577-C6AE-AB27-479D-592E2A74DBCE}"=Catalyst Control Center Localization Greek
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}"=DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}"=Adobe Acrobat 8 Professional
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B18A9215-5C66-C719-F861-2491E0726B78}"=CCC Help Spanish
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}"=Adobe Setup
"{B41B9D4A-42D5-F51F-4F9A-626D9A06CB4C}"=ccc-core-preinstall
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B668B2B8-70D4-4754-A890-17C1DDDA9418}"=PS_AIO_Software_min
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}"=Adobe SING CS3
"{B6F5B704-06D3-4687-90F3-6195304AD755}"=The Sims™ 2 Apartment Life
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}"=Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}"=Adobe Encore CS3 Codecs
"{B9A5D708-5F66-1B3D-A2D5-4A6E24BF32F7}"=CCC Help Chinese Traditional
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{BB10A37C-4BFB-BC3D-2CE4-72895A56FFAA}"=Catalyst Control Center Localization Hungarian
"{BE5F3842-8309-4754-92D5-83E02E6077A3}"=Adobe Extension Manager CS3
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}"=BufferChm
"{C12C6589-32A4-2D8E-C8D5-C85CCF40157F}"=ccc-core-static
"{C1609713-CAE7-9D05-46C5-97CF48ECE7E7}"=Catalyst Control Center Localization Japanese
"{C22404E3-371D-46A3-A633-C7094DDE7274}"=openCanvas4.06E Plus
"{C40B3988-1BF3-12FD-10AC-F708BF1C5CFC}"=Catalyst Control Center Core Implementation
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}"=Adobe WAS CS3
"{C716522C-3731-4667-8579-40B098294500}"=Toolbox
"{C876E6DA-EC76-B2EC-6E09-3A7E00233750}"=CCC Help Italian
"{CAEFCB7D-C290-57B2-D10D-E3DDBA524232}"=CCC Help Finnish
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}"=Adobe InDesign CS3
"{CC93120F-55BA-2E8A-C3B6-982B57600A89}"=Catalyst Control Center Localization Portuguese
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}"=Adobe XMP Panels CS3
"{D72C29C6-8476-B58D-9453-6D0FCD7FF481}"=Catalyst Control Center Graphics Full New
"{DA327C6D-D8F1-4587-B4DE-10C39BF6B891}"=Intel® Viiv™ Software
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{DD9E5033-7C22-4665-2232-1F8E5BB3B450}"=Catalyst Control Center Localization Thai
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}"=The Sims™ 2 Seasons
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}"=UnloadSupport
"{E3030F57-9E6B-4E36-95B6-F7B4DBDEB8FB}"=HP Smart Web Printing 1.0
"{E4ABEF81-DE3D-DF19-BC99-BC34E2BD16B3}"=CCC Help Dutch
"{E65CA2A8-1F2A-4400-AE55-FFD43D3B6980}"=c4200_Help
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{E96D4088-AAC5-437F-9E39-EC0E387897B4}"=Autodesk 3ds Max 9 32-bit
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}"=Adobe InDesign CS3 Icon Handler
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}"=The Sims™ 2 Celebration! Stuff
"{EB0202F7-016A-410C-ADE4-40F848CCC661}"=Adobe After Effects CS3
"{EB21A812-671B-4D08-B974-2A347F0D8F70}"=HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}"=HPSSupply
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support
"{ED3948D4-05E9-A37B-1D52-2466AEA87F5E}"=Catalyst Control Center Localization Italian
"{EF4A88E7-AB69-EB25-2920-0F46F27D0DB2}"=CCC Help French
"{EF901A4B-A25A-4962-83C6-C6691D062ED9}"=Nero Mega Plugin Pack
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}"=Adobe Illustrator CS3
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}"=32 Bit HP CIO Components Installer
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}"=The Sims™ 2 Bon Voyage
"{F2DC9BD1-8DB8-461C-80B2-7264AFA54EE2}"=Mudbox 1.0
"{F5F16F97-9094-02B8-2BF0-F03E67C4E55C}"=CCC Help English
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}"=The Sims 2 Nightlife
"{F958CA02-BB40-4007-894B-258729456EE4}"=QuickTime
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}"=Adobe Contribute CS3
"{FDD8070F-E3B9-0409-822C-CCFE5E82C14D}"=Autodesk 3ds Max 2009 32-bit
"{FE0C305A-37EE-4499-B4CF-0182E37B20C4}"=PS_AIO_ProductContext
"{FE2FF182-7DB1-43FB-BFDE-7C44C26867AE}"=Pen Tablet
"{FF075778-6E50-47ed-991D-3B07FD4E3250}"=TrayApp
"Adobe Acrobat 8 Professional"=Adobe Acrobat 8.1.2 Professional
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Adobe_3675c95c239b992d5d0ee8fce969b9e"=Adobe After Effects CS3 Third Party Content
"Adobe_3e054d2218e7aa282c2369d939e58ff"=Adobe ExtendScript Toolkit 2
"Adobe_4dcfd9b7e901b57f81f667144603236"=Add or Remove Adobe Creative Suite 3 Master Collection
"Adobe_6c8e2cb4fd241c55406016127a6ab2e"=Adobe Color Common Settings
"All ATI Software"=ATI - Software Uninstall Utility
"AMP Font Viewer"=AMP Font Viewer
"ATI Display Driver"=ATI Display Driver
"AVG8Uninstall"=AVG Free 8.0
"AwayMode160"=Microsoft Away Mode
"Canon iP1700 User Registration"=Canon iP1700 User Registration
"CanonMyPrinter"=Canon My Printer
"CEP - Colour Enable Packages_is1"=CEP - Color Enable Package
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_200014F1"=Soft Data Fax Modem with SmartCP
"Easy-PhotoPrint"=Canon Utilities Easy-PhotoPrint
"Easy-WebPrint"=Easy-WebPrint
"EL"=Intel® Quick Resume Technology Drivers
"FBX Plugin 2006.08 for Max 9.0"=FBX Plugin 2006.08 for Max 9.0
"FBX Plugin 2006.11.1 for Max 8.0"=FBX Plugin 2006.11.1 for Max 8.0
"FBX Plugin 2009.0 for Max 2009"=FBX Plugin 2009.0 for Max 2009
"Gateway Game Console"=Gateway Game Console
"Google Desktop"=Google Desktop
"gtw_logo"=gtw_logo
"HECI"=Intel® Management Engine Interface
"HijackThis"=HijackThis 2.0.2
"HP Imaging Device Functions"=HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools"=HP Solution Center 8.0
"HPExtendedCapabilities"=HP Customer Participation Program 8.0
"HPOCR"=HP OCR Software 8.0
"iCheck"=Internet Speed Monitor
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}"=Digital Media Reader
"InstallShield_{FE2FF182-7DB1-43FB-BFDE-7C44C26867AE}"=Pen Tablet
"Intel® Configuration Center"=Intel® Viiv™ Software
"InterActual Player"=InterActual Player
"KLiteCodecPack_is1"=K-Lite Codec Pack 4.3.4 (Basic)
"Magic ISO Maker v5.4 (build 0251)"=Magic ISO Maker v5.4 (build 0251)
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0"=Microsoft .NET Framework 3.0
"Money2006b"=Microsoft Money 2006
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"PictureItSuiteTrial_v11"=Microsoft Digital Image Starter Edition 2006
"PROSet"=Intel® PRO Network Connections Drivers
"RealPlayer 6.0"=RealPlayer Basic
"Tablet Driver"=Tablet
"ViewpointMediaPlayer"=Viewpoint Media Player
"VLC media player"=VideoLAN VLC media player 0.8.6i
"WGA"=Windows Genuine Advantage Validation Tool
"WIC"=Windows Imaging Component
"WildTangent CDA"=WildTangent Web Driver
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"WT010649"=Diner Dash
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent"=µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1484991476-2762409622-602371918-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent"=µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/11/2009 6:26:53 PM | Computer Name = ASHNICOLE | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/11/2009 7:47:09 PM | Computer Name = ASHNICOLE | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/11/2009 7:47:10 PM | Computer Name = ASHNICOLE | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/11/2009 7:47:11 PM | Computer Name = ASHNICOLE | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/15/2009 7:35:07 PM | Computer Name = ASHNICOLE | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3257, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 1/15/2009 7:37:03 PM | Computer Name = ASHNICOLE | Source = Application Error | ID = 1000
Description = Faulting application acrobat.exe, version 8.1.0.137, faulting module
unknown, version 0.0.0.0, fault address 0x24003f75.

Error - 1/15/2009 7:38:01 PM | Computer Name = ASHNICOLE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 1/29/2009 11:15:43 PM | Computer Name = ASHNICOLE | Source = Application Error | ID = 1000
Description = Faulting application remind_xp.exe, version 1.0.3.0, faulting module
msvcrt.dll, version 7.0.2600.2180, fault address 0x0001a573.

Error - 1/29/2009 11:21:03 PM | Computer Name = ASHNICOLE | Source = Application Error | ID = 1000
Description = Faulting application remind_xp.exe, version 1.0.3.0, faulting module
msvcrt.dll, version 7.0.2600.2180, fault address 0x0001a573.

Error - 2/3/2009 12:49:37 AM | Computer Name = ASHNICOLE | Source = Application Hang | ID = 1002
Description = Hanging application Illustrator.exe, version 13.0.128.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ IntelDH Events ]
Error - 10/30/2008 12:44:11 AM | Computer Name = ASHNICOLE | Source = CCU_Engine | ID = 15
Description = A CCU internal function detected an error: CCUEngine failed to determine
logged in user type

Error - 10/30/2008 12:44:11 AM | Computer Name = ASHNICOLE | Source = TrayIcon | ID = 15
Description = A CCU internal function detected an error: CCU_TrayIcon::Could not
create ICCUEngine interface pointer

Error - 11/1/2008 11:27:01 AM | Computer Name = ASHNICOLE | Source = CCU_Engine | ID = 15
Description = A CCU internal function detected an error: CCUEngine failed to determine
logged in user type

Error - 11/1/2008 11:27:01 AM | Computer Name = ASHNICOLE | Source = TrayIcon | ID = 15
Description = A CCU internal function detected an error: CCU_TrayIcon::Could not
create ICCUEngine interface pointer

Error - 11/1/2008 6:16:26 PM | Computer Name = ASHNICOLE | Source = CCU_Engine | ID = 15
Description = A CCU internal function detected an error: CCUEngine failed to determine
logged in user type

Error - 11/1/2008 6:16:26 PM | Computer Name = ASHNICOLE | Source = TrayIcon | ID = 15
Description = A CCU internal function detected an error: CCU_TrayIcon::Could not
create ICCUEngine interface pointer

Error - 11/4/2008 2:18:15 AM | Computer Name = ASHNICOLE | Source = CCU_Engine | ID = 15
Description = A CCU internal function detected an error: CCUEngine failed to determine
logged in user type

Error - 11/4/2008 2:18:15 AM | Computer Name = ASHNICOLE | Source = TrayIcon | ID = 15
Description = A CCU internal function detected an error: CCU_TrayIcon::Could not
create ICCUEngine interface pointer

Error - 11/4/2008 3:57:45 AM | Computer Name = ASHNICOLE | Source = CCU_Engine | ID = 15
Description = A CCU internal function detected an error: CCUEngine failed to determine
logged in user type

Error - 11/4/2008 3:57:45 AM | Computer Name = ASHNICOLE | Source = TrayIcon | ID = 15
Description = A CCU internal function detected an error: CCU_TrayIcon::Could not
create ICCUEngine interface pointer

[ System Events ]
Error - 1/29/2009 11:21:59 PM | Computer Name = ASHNICOLE | Source = ati2mtag | ID = 16842756
Description = You are running different builds of the miniport and display driver.
Please
use a matched pair.

Error - 1/29/2009 11:21:59 PM | Computer Name = ASHNICOLE | Source = ati2mtag | ID = 16842756
Description = You are running different builds of the miniport and display driver.
Please
use a matched pair.

Error - 1/29/2009 11:21:59 PM | Computer Name = ASHNICOLE | Source = ati2mtag | ID = 16842756
Description = You are running different builds of the miniport and display driver.
Please
use a matched pair.

Error - 1/29/2009 11:21:59 PM | Computer Name = ASHNICOLE | Source = ati2mtag | ID = 16842756
Description = You are running different builds of the miniport and display driver.
Please
use a matched pair.

Error - 1/29/2009 11:21:59 PM | Computer Name = ASHNICOLE | Source = ati2mtag | ID = 16842756
Description = You are running different builds of the miniport and display driver.
Please
use a matched pair.

Error - 1/29/2009 11:21:59 PM | Computer Name = ASHNICOLE | Source = ati2mtag | ID = 16842756
Description = You are running different builds of the miniport and display driver.
Please
use a matched pair.

Error - 1/29/2009 11:21:59 PM | Computer Name = ASHNICOLE | Source = ati2mtag | ID = 16842756
Description = You are running different builds of the miniport and display driver.
Please
use a matched pair.

Error - 1/29/2009 11:21:59 PM | Computer Name = ASHNICOLE | Source = ati2mtag | ID = 16842756
Description = You are running different builds of the miniport and display driver.
Please
use a matched pair.

Error - 1/29/2009 11:21:59 PM | Computer Name = ASHNICOLE | Source = ati2mtag | ID = 16842756
Description = You are running different builds of the miniport and display driver.
Please
use a matched pair.

Error - 1/29/2009 11:24:38 PM | Computer Name = ASHNICOLE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the TabletService service.


< End of report >





And here's the Combofix one:


ComboFix 09-02-04.01 - Owner 2009-02-04 16:19:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3062.2194 [GMT -5:00]
Running from: C:\Documents and Settings\Owner.ASHNICOLE\Desktop\ComboFix.exe
AV: *On-access scanning disabled* (Outdated)
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner.ASHNICOLE\Local Settings\Temporary Internet Files\fbk.sts
C:\Program Files\GetModule
C:\Program Files\iCheck
C:\Program Files\iCheck\Uninstall.exe
C:\WINDOWS\system32\bxajrcey.ini
C:\WINDOWS\system32\cdxnronx.ini
C:\WINDOWS\system32\erjbpcqq.ini
C:\WINDOWS\system32\fccAtTkJ.dll.vir
C:\WINDOWS\system32\hsqkma.dll
C:\WINDOWS\system32\jgusnomc.ini
C:\WINDOWS\system32\JkTtAccf.ini
C:\WINDOWS\system32\JkTtAccf.ini2
C:\WINDOWS\system32\nbdsjpsi.dll
C:\WINDOWS\system32\nchdaxbk.dll
C:\WINDOWS\system32\uteblc.dll
C:\WINDOWS\system32\xcddmw.dll
C:\WINDOWS\system32\xnornxdc.dll
C:\WINDOWS\wiaserviv.log
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-01-04 to 2009-02-04 )))))))))))))))))))))))))))))))
.

2009-02-02 15:38 . 2009-02-02 15:38 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-02 15:38 . 2009-02-02 15:38 <DIR> d-------- C:\Documents and Settings\Owner.ASHNICOLE\Application Data\Malwarebytes
2009-02-02 15:38 . 2009-02-02 15:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-02 15:38 . 2009-01-14 16:11 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-02-02 15:38 . 2009-01-14 16:11 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2009-01-29 22:08 . 2007-12-20 22:09 368,640 -ra------ C:\WINDOWS\system32\SET3C.tmp
2009-01-25 03:00 . 2009-01-25 03:00 <DIR> d-------- C:\Program Files\MSXML 6.0
2009-01-24 19:10 . 2009-01-24 19:10 <DIR> d-------- C:\Program Files\Trend Micro
2009-01-24 17:54 . 2009-01-28 18:25 <DIR> d-------- C:\Program Files\ATI
2009-01-23 17:26 . 2009-01-24 16:51 262,411 --a------ C:\Documents and Settings\Owner.bak
2009-01-23 17:25 . 2009-01-23 17:27 <DIR> d-------- C:\Documents and Settings\Owner.ASHNICOLE\Application Data\Autodesk
2009-01-23 17:22 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2009-01-23 17:22 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2009-01-23 17:22 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2009-01-23 17:22 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2009-01-23 17:22 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2009-01-23 17:20 . 2009-01-23 17:20 <DIR> d-------- C:\Program Files\MSBuild
2009-01-23 17:19 . 2009-01-23 17:19 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2009-01-23 17:18 . 2009-01-23 17:18 <DIR> d-------- C:\Program Files\Reference Assemblies
2009-01-23 17:18 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2009-01-05 17:30 . 2009-01-05 17:31 <DIR> d-------- C:\Program Files\iTunes
2009-01-05 17:30 . 2009-01-05 17:30 <DIR> d-------- C:\Program Files\iPod
2009-01-05 17:30 . 2009-01-05 17:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-04 21:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2009-01-30 03:33 325,128 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2009-01-30 03:33 107,272 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2009-01-24 23:35 --------- d-----w C:\Documents and Settings\Owner.ASHNICOLE\Application Data\AVGTOOLBAR
2009-01-24 21:51 --------- d-----w C:\Documents and Settings\Owner.ASHNICOLE\Application Data\uTorrent
2009-01-23 22:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2009-01-23 22:23 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2009-01-23 22:22 --------- d-----w C:\Program Files\Autodesk
2009-01-05 22:31 --------- d-----w C:\Program Files\Bonjour
2009-01-05 22:30 --------- d-----w C:\Program Files\Common Files\Apple
2009-01-05 22:29 --------- d-----w C:\Program Files\QuickTime
2009-01-01 04:26 --------- d-----w C:\Program Files\EA GAMES
2008-12-20 06:25 --------- d-----w C:\Program Files\DivX
2008-12-20 06:08 --------- d-----w C:\Program Files\Xvid
2008-12-20 06:08 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-12-20 06:03 --------- d-----w C:\Documents and Settings\Owner.ASHNICOLE\Application Data\Media Player Classic
2008-12-11 11:57 333,184 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-09 19:30 2,472 -c--a-w C:\Documents and Settings\Owner.ASHNICOLE\Application Data\wklnhst.dat
1999-07-07 00:00 6 -csh--r C:\WINDOWS\@@desktop.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-16 14:09 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 22:56 64512]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-11-01 12:00 169984]
"readericon"="C:\Program Files\Digital Media Reader\readericon45G.exe" [2005-12-09 21:44 139264]
"IntelAudioStudio"="C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" [2006-07-13 16:34 9134080]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2005-02-25 21:24 966656]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 02:42 212992]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 10:15 151552]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-07-27 12:54 303104]
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-03-29 22:10 375296]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 20:30 1191936]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 20:52 49152]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 18:54 623992]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2009-01-29 22:33 1601304]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 12:57 111936]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-11-04 10:30 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-11-20 13:20 290088]
"CHotkey"="zHotkey.exe" [2004-12-08 20:57 550912 C:\WINDOWS\zHotkey.exe]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 19:19 77312 C:\WINDOWS\arpwrmsg.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 20:40:10 210520]
TabUserW.exe.lnk - C:\WINDOWS\system32\Wtablet\TabUserW.exe [2003-05-29 08:33:34 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-29 22:33 10520 C:\WINDOWS\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Compact Wireless-G USB Network Adapter with SpeedBooster\\InvokeSvc2.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\drivers\avgldx86.sys [2008-08-31 20:16:27 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\drivers\avgtdix.sys [2008-08-31 20:16:27 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-31 20:16:27 903960]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-31 20:16:27 298264]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 00:04:52 65536]
R2 WUSB54GSCSVC;WUSB54GSCSVC;C:\Program Files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe [2007-05-08 09:20:39 53307]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{010fc708-d2a3-11db-aac6-00038a000015}]
\Shell\AutoRun\command - M:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10ae16d3-d9b7-11dd-ac13-001676e05b83}]
\Shell\Auto\command - Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-19 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{7fd66bef-6839-48a3-8ca3-8c65def74f3b} - C:\WINDOWS\system32\uteblc.dll
HKCU-Run-GetModule35 - C:\Program Files\GetModule\GetModule35.exe
HKLM-Run-IgfxTray - C:\WINDOWS\system32\igfxtray.exe
HKLM-Run-HotKeysCmds - C:\WINDOWS\system32\hkcmd.exe
HKLM-Run-Persistence - C:\WINDOWS\system32\igfxpers.exe
HKLM-Run-a8fefc60 - C:\WINDOWS\system32\cmonsugj.dll
HKLM-Run-SigmatelSysTrayApp - sttray.exe
Notify-mlJCULBt - mlJCULBt.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5238E
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5238E
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
FF - ProfilePath - C:\Documents and Settings\Owner.ASHNICOLE\Application Data\Mozilla\Firefox\Profiles\gyrspqww.default\
FF - component: C:\Program Files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: C:\Program Files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: C:\Program Files\Java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: C:\Program Files\Java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: C:\Program Files\Java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: C:\Program Files\Java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: C:\Program Files\Java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: C:\Program Files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: C:\Program Files\Java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.



Lemme know if you need anything else!

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:29 AM

Posted 04 February 2009 - 08:06 PM

Hi Sirenafairy,

Thanks for the logs.

The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."


Okay, to continue the fix we need to run ComboFix again with a script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the box below into it:

    File::
    C:\WINDOWS\System32\bvwbvcxb.dll
    C:\WINDOWS\System32\oluvnspy.dll
    C:\WINDOWS\System32\pgovsjjv.dll

    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.
Please see here for additional details.

Click the MBAM.exe icon on your desktop to start Malwarebytes Anti-malware. You will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Just to recap, I would like both the Combofix and MBAM logs pasted into your next reply.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#11 Sirenafairy

Sirenafairy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 05 February 2009 - 11:10 PM

I am aware of the problems that can occur with peer to peer sharing. My boyfriend is the only one that uses it and he's part of "invite only" communities that are pretty secure when it comes to viruses.

The problem with the Trojan started, i believe, because I was trying to download the driver for my graphics card. My screen has been randomly cutting off while in use. The monitor will still be "on" but the screen is black and I can't do anything but turn the console off and turn it back on. Since I found this forum only AFTER my computer got infected, I didn't have a chance to ask too many people about it. Hopefully, once the infection is gone, I can get help with my screen issue in this forum as well.

But here are the logs:


Combofix:

ComboFix 09-02-04.01 - Owner 2009-02-05 21:28:55.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3062.2401 [GMT -5:00]
Running from: c:\documents and settings\Owner.ASHNICOLE\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner.ASHNICOLE\Desktop\CFScript.txt.txt
AV: *On-access scanning disabled* (Outdated)
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: *disabled*
* Created a new restore point

FILE ::
c:\windows\System32\bvwbvcxb.dll
c:\windows\System32\oluvnspy.dll
c:\windows\System32\pgovsjjv.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Owner.ASHNICOLE\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\GetModule
c:\program files\iCheck
c:\program files\iCheck\Uninstall.exe
c:\windows\system32\bxajrcey.ini
c:\windows\system32\cdxnronx.ini
c:\windows\system32\erjbpcqq.ini
c:\windows\system32\fccAtTkJ.dll.vir
c:\windows\system32\hsqkma.dll
c:\windows\system32\jgusnomc.ini
c:\windows\system32\JkTtAccf.ini
c:\windows\system32\JkTtAccf.ini2
c:\windows\system32\nbdsjpsi.dll
c:\windows\system32\nchdaxbk.dll
c:\windows\system32\uteblc.dll
c:\windows\system32\xcddmw.dll
c:\windows\system32\xnornxdc.dll
c:\windows\wiaserviv.log
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-01-06 to 2009-02-06 )))))))))))))))))))))))))))))))
.

2009-02-02 15:38 . 2009-02-02 15:38 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-02 15:38 . 2009-02-02 15:38 <DIR> d-------- c:\documents and settings\Owner.ASHNICOLE\Application Data\Malwarebytes
2009-02-02 15:38 . 2009-02-02 15:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-02 15:38 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-02 15:38 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-29 22:08 . 2007-12-20 22:09 368,640 -ra------ c:\windows\system32\SET3C.tmp
2009-01-25 03:00 . 2009-01-25 03:00 <DIR> d-------- c:\program files\MSXML 6.0
2009-01-24 19:10 . 2009-01-24 19:10 <DIR> d-------- c:\program files\Trend Micro
2009-01-24 17:54 . 2009-01-28 18:25 <DIR> d-------- c:\program files\ATI
2009-01-23 17:26 . 2009-01-24 16:51 262,411 --a------ c:\documents and settings\Owner.bak
2009-01-23 17:25 . 2009-01-23 17:27 <DIR> d-------- c:\documents and settings\Owner.ASHNICOLE\Application Data\Autodesk
2009-01-23 17:22 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\system32\d3dx9_34.dll
2009-01-23 17:22 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2009-01-23 17:22 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll
2009-01-23 17:22 . 2007-05-16 16:45 1,124,720 --a------ c:\windows\system32\D3DCompiler_34.dll
2009-01-23 17:22 . 2007-05-16 16:45 443,752 --a------ c:\windows\system32\d3dx10_34.dll
2009-01-23 17:20 . 2009-01-23 17:20 <DIR> d-------- c:\program files\MSBuild
2009-01-23 17:19 . 2009-01-23 17:19 <DIR> d-------- c:\windows\system32\XPSViewer
2009-01-23 17:18 . 2009-01-23 17:18 <DIR> d-------- c:\program files\Reference Assemblies
2009-01-23 17:18 . 2006-06-29 13:07 14,048 --a------ c:\windows\system32\spmsg2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-04 21:23 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-30 03:33 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-30 03:33 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-30 03:33 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2009-01-24 23:35 --------- d-----w c:\documents and settings\Owner.ASHNICOLE\Application Data\AVGTOOLBAR
2009-01-24 21:51 --------- d-----w c:\documents and settings\Owner.ASHNICOLE\Application Data\uTorrent
2009-01-23 22:25 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2009-01-23 22:23 --------- d-----w c:\program files\Common Files\Autodesk Shared
2009-01-23 22:22 --------- d-----w c:\program files\Autodesk
2009-01-05 22:31 --------- d-----w c:\program files\iTunes
2009-01-05 22:31 --------- d-----w c:\program files\Bonjour
2009-01-05 22:31 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-05 22:30 --------- d-----w c:\program files\iPod
2009-01-05 22:30 --------- d-----w c:\program files\Common Files\Apple
2009-01-05 22:29 --------- d-----w c:\program files\QuickTime
2009-01-01 04:50 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-01-01 04:26 --------- d-----w c:\program files\EA GAMES
2008-12-20 06:25 --------- d-----w c:\program files\DivX
2008-12-20 06:08 --------- d-----w c:\program files\Xvid
2008-12-20 06:08 --------- d-----w c:\program files\K-Lite Codec Pack
2008-12-20 06:03 --------- d-----w c:\documents and settings\Owner.ASHNICOLE\Application Data\Media Player Classic
2008-12-12 16:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-12-12 16:11 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-01 20:52 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
2008-12-01 20:52 425,984 ----a-w c:\windows\system32\ATIDEMGX(2).dll
2008-12-01 20:51 318,464 ----a-w c:\windows\system32\ati2dvag.dll
2008-12-01 20:51 318,464 ----a-w c:\windows\system32\ati2dvag(2).dll
2008-12-01 20:46 11,304,960 ----a-w c:\windows\system32\atioglxx.dll
2008-12-01 20:41 188,416 ----a-w c:\windows\system32\atipdlxx.dll
2008-12-01 20:41 188,416 ----a-w c:\windows\system32\atipdlxx(2).dll
2008-12-01 20:40 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2008-12-01 20:40 43,520 ----a-w c:\windows\system32\ati2edxx(2).dll
2008-12-01 20:40 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2008-12-01 20:40 147,456 ----a-w c:\windows\system32\Oemdspif.dll
2008-12-01 20:40 143,360 ----a-w c:\windows\system32\ati2evxx.dll
2008-12-01 20:40 143,360 ----a-w c:\windows\system32\ati2evxx(2).dll
2008-12-01 20:38 598,016 ----a-w c:\windows\system32\ati2evxx.exe
2008-12-01 20:38 598,016 ----a-w c:\windows\system32\ati2evxx(2).exe
2008-12-01 20:37 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2008-12-01 20:27 4,120,384 ----a-w c:\windows\system32\ati3duag.dll
2008-12-01 20:27 4,120,384 ----a-w c:\windows\system32\ati3duag(2).dll
2008-12-01 20:19 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2008-12-01 20:11 2,495,360 ----a-w c:\windows\system32\ativvaxx.dll
2008-12-01 20:11 2,495,360 ----a-w c:\windows\system32\ativvaxx(2).dll
2008-12-01 19:57 48,640 ----a-w c:\windows\system32\amdpcom32.dll
2008-12-01 19:53 45,056 ----a-w c:\windows\system32\amdcalrt.dll
2008-12-01 19:53 45,056 ----a-w c:\windows\system32\amdcalcl.dll
2008-12-01 19:53 401,408 ----a-w c:\windows\system32\atikvmag.dll
2008-12-01 19:53 401,408 ----a-w c:\windows\system32\atikvmag(2).dll
2008-12-01 19:52 86,016 ----a-w c:\windows\system32\atiadlxx.dll
2008-12-01 19:52 17,408 ----a-w c:\windows\system32\atitvo32.dll
2008-12-01 19:50 3,252,224 ----a-w c:\windows\system32\Amdcaldd.dll
2008-12-01 19:50 286,720 ----a-w c:\windows\system32\atiok3x2.dll
2008-12-01 19:50 286,720 ----a-w c:\windows\system32\atiok3x2(2).dll
2008-12-01 19:45 577,536 ----a-w c:\windows\system32\ati2cqag.dll
2008-12-01 19:45 577,536 ----a-w c:\windows\system32\ati2cqag(2).dll
2008-12-01 19:35 593,920 ----a-w c:\windows\system32\ati2sgag.exe
2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-11-21 21:47 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-09-09 19:30 2,472 -c--a-w c:\documents and settings\Owner.ASHNICOLE\Application Data\wklnhst.dat
1999-07-07 00:00 6 -csh--r c:\windows\@@desktop.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7fd66bef-6839-48a3-8ca3-8c65def74f3b}]
c:\windows\system32\uteblc.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-16 68856]
"GetModule35"="c:\program files\GetModule\GetModule35.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-11-01 169984]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-09 139264]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [BU]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [BU]
"Persistence"="c:\windows\system32\igfxpers.exe" [BU]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2006-07-13 9134080]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-25 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-07-27 303104]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-03-29 375296]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 1191936]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-29 1601304]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"a8fefc60"="c:\windows\system32\cmonsugj.dll" [BU]
"CHotkey"="zHotkey.exe" [2004-12-08 c:\windows\zHotkey.exe]
"SigmatelSysTrayApp"="sttray.exe" [BU]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 c:\windows\arpwrmsg.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
TabUserW.exe.lnk - c:\windows\system32\Wtablet\TabUserW.exe [2003-05-29 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-29 22:33 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJCULBt]
mlJCULBt.dll [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Compact Wireless-G USB Network Adapter with SpeedBooster\\InvokeSvc2.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-31 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-08-31 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-31 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-31 298264]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]
R2 WUSB54GSCSVC;WUSB54GSCSVC;c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe [2007-05-08 53307]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{010fc708-d2a3-11db-aac6-00038a000015}]
\Shell\AutoRun\command - M:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10ae16d3-d9b7-11dd-ac13-001676e05b83}]
\Shell\Auto\command - Start.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5238E
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5238E
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\Owner.ASHNICOLE\Application Data\Mozilla\Firefox\Profiles\gyrspqww.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-05 21:31:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_0461&Pid_4d16\6&139a6c86&0&0000\LogConf]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-05 21:35:29
ComboFix-quarantined-files.txt 2009-02-06 02:35:27

Pre-Run: 137,379,352,576 bytes free
Post-Run: 137,358,635,008 bytes free

280 --- E O F --- 2009-01-25 08:00:46








MBAM:

Malwarebytes' Anti-Malware 1.33
Database version: 1717
Windows 5.1.2600 Service Pack 2

2/5/2009 10:36:17 PM
mbam-log-2009-02-05 (22-36-16).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 378805
Time elapsed: 39 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 28

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7fd66bef-6839-48a3-8ca3-8c65def74f3b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7fd66bef-6839-48a3-8ca3-8c65def74f3b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a8fefc60 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\uteblc.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\iCheck\Uninstall.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fccAtTkJ.dll.vir.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hsqkma.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nbdsjpsi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nchdaxbk.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\uteblc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\xcddmw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\xnornxdc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP546\A0188901.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP546\A0188902.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP549\A0189316.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP549\A0189317.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP549\A0189327.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP549\A0189328.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP551\A0189668.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP552\A0189731.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP552\A0189740.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP552\A0189754.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP552\A0189755.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP553\A0189767.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP553\A0189774.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP553\A0189777.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP553\A0189778.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP553\A0189779.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP553\A0189780.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP553\A0189781.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP553\A0189788.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:29 AM

Posted 06 February 2009 - 08:51 PM

Thanks for the logs, Sirenafairy.

Please download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only)Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Now I need you to run Combofix again.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\program files\GetModule\GetModule35.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJCULBt]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GetModule35"=-


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#13 Sirenafairy

Sirenafairy
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 06 February 2009 - 11:23 PM

Here's the log!


ComboFix 09-02-06.01 - Owner 2009-02-06 23:09:12.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3062.2384 [GMT -5:00]
Running from: c:\documents and settings\Owner.ASHNICOLE\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner.ASHNICOLE\Desktop\CFScript.txt
AV: *On-access scanning disabled* (Outdated)
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: *disabled*
* Created a new restore point

FILE ::
c:\program files\GetModule\GetModule35.exe
.

((((((((((((((((((((((((( Files Created from 2009-01-07 to 2009-02-07 )))))))))))))))))))))))))))))))
.

2009-02-05 21:53 . 2009-02-05 21:53 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-02-02 15:38 . 2009-02-02 15:38 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-02 15:38 . 2009-02-02 15:38 <DIR> d-------- c:\documents and settings\Owner.ASHNICOLE\Application Data\Malwarebytes
2009-02-02 15:38 . 2009-02-02 15:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-02 15:38 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-02 15:38 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-29 22:08 . 2007-12-20 22:09 368,640 -ra------ c:\windows\system32\SET3C.tmp
2009-01-25 03:00 . 2009-01-25 03:00 <DIR> d-------- c:\program files\MSXML 6.0
2009-01-24 19:10 . 2009-01-24 19:10 <DIR> d-------- c:\program files\Trend Micro
2009-01-24 17:54 . 2009-01-28 18:25 <DIR> d-------- c:\program files\ATI
2009-01-23 17:26 . 2009-01-24 16:51 262,411 --a------ c:\documents and settings\Owner.bak
2009-01-23 17:25 . 2009-01-23 17:27 <DIR> d-------- c:\documents and settings\Owner.ASHNICOLE\Application Data\Autodesk
2009-01-23 17:22 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\system32\d3dx9_34.dll
2009-01-23 17:22 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2009-01-23 17:22 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll
2009-01-23 17:22 . 2007-05-16 16:45 1,124,720 --a------ c:\windows\system32\D3DCompiler_34.dll
2009-01-23 17:22 . 2007-05-16 16:45 443,752 --a------ c:\windows\system32\d3dx10_34.dll
2009-01-23 17:20 . 2009-01-23 17:20 <DIR> d-------- c:\program files\MSBuild
2009-01-23 17:19 . 2009-01-23 17:19 <DIR> d-------- c:\windows\system32\XPSViewer
2009-01-23 17:18 . 2009-01-23 17:18 <DIR> d-------- c:\program files\Reference Assemblies
2009-01-23 17:18 . 2006-06-29 13:07 14,048 --a------ c:\windows\system32\spmsg2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-07 04:02 --------- d-----w c:\documents and settings\Owner.ASHNICOLE\Application Data\uTorrent
2009-02-04 21:23 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-30 03:33 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-01-30 03:33 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-01-24 23:35 --------- d-----w c:\documents and settings\Owner.ASHNICOLE\Application Data\AVGTOOLBAR
2009-01-23 22:25 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2009-01-23 22:23 --------- d-----w c:\program files\Common Files\Autodesk Shared
2009-01-23 22:22 --------- d-----w c:\program files\Autodesk
2009-01-05 22:31 --------- d-----w c:\program files\iTunes
2009-01-05 22:31 --------- d-----w c:\program files\Bonjour
2009-01-05 22:31 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-05 22:30 --------- d-----w c:\program files\iPod
2009-01-05 22:30 --------- d-----w c:\program files\Common Files\Apple
2009-01-05 22:29 --------- d-----w c:\program files\QuickTime
2009-01-01 04:26 --------- d-----w c:\program files\EA GAMES
2008-12-20 06:25 --------- d-----w c:\program files\DivX
2008-12-20 06:08 --------- d-----w c:\program files\Xvid
2008-12-20 06:08 --------- d-----w c:\program files\K-Lite Codec Pack
2008-12-20 06:03 --------- d-----w c:\documents and settings\Owner.ASHNICOLE\Application Data\Media Player Classic
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-09-09 19:30 2,472 -c--a-w c:\documents and settings\Owner.ASHNICOLE\Application Data\wklnhst.dat
1999-07-07 00:00 6 -csh--r c:\windows\@@desktop.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-16 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-11-01 169984]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-09 139264]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [BU]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [BU]
"Persistence"="c:\windows\system32\igfxpers.exe" [BU]
"IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" [2006-07-13 9134080]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-25 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-07-27 303104]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-03-29 375296]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-21 1191936]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"Adobe_ID0EYTHM"="c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 1884160]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-29 1601304]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"CHotkey"="zHotkey.exe" [2004-12-08 c:\windows\zHotkey.exe]
"SigmatelSysTrayApp"="sttray.exe" [BU]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 c:\windows\arpwrmsg.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
TabUserW.exe.lnk - c:\windows\system32\Wtablet\TabUserW.exe [2003-05-29 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-29 22:33 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Compact Wireless-G USB Network Adapter with SpeedBooster\\InvokeSvc2.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-31 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-08-31 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-08-31 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-08-31 298264]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]
R2 WUSB54GSCSVC;WUSB54GSCSVC;c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WLService.exe [2007-05-08 53307]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{010fc708-d2a3-11db-aac6-00038a000015}]
\Shell\AutoRun\command - M:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10ae16d3-d9b7-11dd-ac13-001676e05b83}]
\Shell\Auto\command - Start.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
.
Contents of the 'Scheduled Tasks' folder

2009-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5238E
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5238E
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\Owner.ASHNICOLE\Application Data\Mozilla\Firefox\Profiles\gyrspqww.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-06 23:15:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_0461&Pid_4d16\6&139a6c86&0&0000\LogConf]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Intel\IntelDH\CCU\AlertService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\Tablet.exe
c:\program files\Compact Wireless-G USB Network Adapter with SpeedBooster\WUSB54GSC.exe
c:\program files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\ELService.exe
c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
c:\program files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rsvp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Intel\IntelDH\CCU\CCU_Engine.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2009-02-06 23:22:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-07 04:21:59
ComboFix2.txt 2009-02-06 02:35:30

Pre-Run: 131,576,885,248 bytes free
Post-Run: 131,554,312,192 bytes free

246 --- E O F --- 2009-01-25 08:00:46

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:29 AM

Posted 08 February 2009 - 09:04 AM

Your log looks clean. Good job! :thumbup2:

Let's firstly do some housekeeping

First, reenable your antivirus and antispyware programs.

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Delete ComboFix and Clean Up
Click Start > Run and type combofix /u click OK (Note the space between combofix and /u)
Posted Image
Please advise if this step is missed for any reason as it performs some important actions.


Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 12.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u12-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


Please set your system to hide all hidden files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, uncheck Show hidden files and folders.
Check: Hide file extensions for known file types
Check the Hide protected operating system files (recommended) option.
Click Yes to confirm.


Here's a list of ways you can avoid problems in the future:

Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

That's it, happy surfing!

Cheers,


m0le
Posted Image
m0le is a proud member of UNITE

#15 harrythook

harrythook


  • Security Colleague
  • 4,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philadelphia
  • Local time:02:29 AM

Posted 10 February 2009 - 07:29 PM

As this issue seems to be resolved, this thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
For all others, if you have a similar issue please start a new topic.

Thanks for asking in BleepingComputer.com

Veni Vidi Vici
THE FIGHT AGAINST MALWARE

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users