Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer is infected with multiple trojans. :/


  • This topic is locked This topic is locked
13 replies to this topic

#1 Naimul

Naimul

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 27 January 2009 - 09:06 PM

Hi there BC. I've recently found my computer acting strangely, and it's progressively gotten worse over the few days. The first strange thing I noticed was that my computer was detecting new hardware (PCI device) when I hadn't installed any. Then I started to get pop-up tabs in Firefox, and the computer has gotten much slower in general. I use AVG non-professional and I've scanned multiple times, finding several different trojans. Also several changes in .dlls. If you request the XML event log for AVG later on, I'll post that. Anyway, here is my DDS pseudo-log. I hope that I can get some help.


DDS (Ver_09-01-19.01) - NTFSx86
Run by phil at 20:20:23.01 on Tue 01/27/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.447.146 [GMT -5:00]

AV: AVG 7.5.552 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\phil\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: {155128e6-f511-4042-ac0b-ef601133c5f8} - c:\windows\system32\urqPHATK.dll
BHO: {0ee90c33-0c7f-76a8-3864-63ab279757f1}: {1f757972-ba36-4683-8a67-f7c033c09ee0} - c:\windows\system32\mdydeu.dll
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\mlJDtTKb.dll
BHO: c:\windows\system32\gsdrgfdrrgnd.dll: {d5bf4552-94f1-42bd-f434-3604812c807d} - c:\windows\system32\gsdrgfdrrgnd.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6]
uRun: [GetModule35] c:\program files\getmodule\GetModule35.exe
uRun: [lrijh8s73jhbfgfd] c:\docume~1\phil\locals~1\temp\winlognn.exe
uRun: [GetPack28] "c:\program files\getpack\GetPack28.exe"
mRun: [VTTrayp] VTtrayp.exe
mRun: [VTTimer] VTTimer.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [AVG7_CC] c:\progra~1\grisoft\avg7\avgcc.exe /STARTUP
mRun: [AudioDeck] c:\program files\viaudioi\sbadeck\ADeck.exe 1
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [c0b458de] rundll32.exe "c:\windows\system32\qpbuixcm.dll",b
c:\docume~1\phil\locals~1\temp\rarsfx1\temp00
c:\docume~1\phil\locals~1\temp\rarsfx1\temp00
c:\docume~1\phil\locals~1\temp\rarsfx1\temp00
c:\docume~1\phil\locals~1\temp\rarsfx1\temp00
c:\docume~1\phil\locals~1\temp\rarsfx1\temp00
c:\docume~1\phil\locals~1\temp\rarsfx1\temp00
c:\docume~1\phil\locals~1\temp\rarsfx1\temp00
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\runnin~1.lnk - c:\program files\wificonnector\NintendoWFCReg.exe
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: mlJDtTKb - mlJDtTKb.dll
AppInit_DLLs: mdydeu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: c:\windows\system32\gsdrgfdrrgnd.dll: {d5bf4552-94f1-42bd-f434-3604812c807d} - c:\windows\system32\gsdrgfdrrgnd.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\mlJDtTKb.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\urqPHATK

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\phil\applic~1\mozilla\firefox\profiles\gd3e962s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google

============= SERVICES / DRIVERS ===============

R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2007-4-11 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2007-4-11 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2007-4-11 27776]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2007-4-11 10760]
R4 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2007-4-11 4960]

=============== Created Last 30 ================

2009-01-27 19:32 129,024 a------- c:\windows\system32\mdydeu.dll
2009-01-27 19:32 129,024 a------- c:\windows\system32\igludflf.dll
2009-01-27 19:31 1,516,535 ---sh--- c:\windows\system32\mcxiubpq.ini
2009-01-27 19:31 72,704 a------- c:\windows\system32\qpbuixcm.dll
2009-01-27 19:18 381,449 a--sh--- c:\windows\system32\KTAHPqru.ini2
2009-01-27 19:17 381,449 a--sh--- c:\windows\system32\KTAHPqru.ini
2009-01-27 19:17 315,904 a------- c:\windows\system32\urqPHATK.dll
2009-01-27 19:13 <DIR> --d----- c:\program files\GetPack
2009-01-24 13:22 <DIR> --d----- c:\documents and settings\phil\.housecall6.6
2009-01-24 12:40 198,730 a------- c:\windows\system32\wpv491232809217.cpx
2009-01-24 12:40 36,352 a------- c:\windows\system32\vtUnkjGV.dll
2009-01-24 12:40 29,184 a------- c:\windows\system32\digeste.dll
2009-01-24 12:31 36,352 a------- c:\windows\system32\nnnoMGWP.dll
2009-01-24 12:31 198,730 a------- c:\windows\system32\wpv381232809217.cpx
2009-01-24 12:25 <DIR> --d----- c:\docume~1\phil\applic~1\GetModule
2009-01-24 12:25 <DIR> --d----- c:\program files\GetModule
2009-01-24 12:25 <DIR> --d----- c:\program files\iCheck
2009-01-24 12:25 198,730 a------- c:\windows\system32\wpv061232809217.cpx
2009-01-24 12:24 29,184 a------- c:\windows\system32\~.exe
2009-01-12 13:34 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\acccore
2009-01-11 23:57 <DIR> --d----- c:\windows\system32\Adobe
2009-01-11 20:32 <DIR> --d----- c:\program files\Ventrilo
2009-01-11 20:32 262 a------- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-01-11 20:32 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-01-09 18:11 20,747 a------- c:\windows\system32\drivers\AegisP.sys
2009-01-09 18:11 7,846 a------- c:\windows\system32\rt73.cat
2009-01-09 18:11 245,248 a------- c:\windows\system32\rt73.sys
2009-01-09 18:11 245,248 a------- c:\windows\system32\drivers\rt73.sys
2009-01-09 18:11 94,208 a------- c:\windows\system32\GTW32N50.dll
2009-01-09 18:11 31,930 a------- c:\windows\system32\GTNDIS3.VXD
2009-01-09 18:11 15,872 a------- c:\windows\system32\GTNDIS5.sys
2009-01-09 18:11 32,768 a------- c:\windows\system32\GTGina.dll
2009-01-09 18:11 17,992 a------- c:\windows\system32\drivers\bcm42rly.sys
2009-01-09 18:11 17,992 a------- c:\windows\system32\bcm42rly.sys
2009-01-09 18:11 17,992 a------- c:\windows\bcm42rly.sys
2009-01-09 18:11 <DIR> --d----- c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor
2009-01-09 18:10 1,361 a------- c:\windows\system32\WLAN.INI
2009-01-09 06:44 <DIR> --d----- c:\windows\system32\CatRoot_bak

==================== Find3M ====================

2008-12-11 06:57 333,184 a------- c:\windows\system32\drivers\srv.sys
2008-11-26 12:27 43,520 a------- c:\windows\system32\CmdLineExt03.dll

============= FINISH: 20:22:44.14 ===============

BC AdBot (Login to Remove)

 


#2 Naimul

Naimul
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 27 January 2009 - 09:07 PM

Oh, I forgot to mention that I force-close a lot of applications I'm unfamiliar with when I start my computer. iexplore.exe, VTTray.exe, winlgnn.exe, are just a couple that I can remember off the top of my head. Heh, I don't even know how I got this, I don't do any downloading.

#3 Naimul

Naimul
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 28 January 2009 - 11:19 AM

Bump. :thumbup2: I need help!

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 05 February 2009 - 04:18 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 Naimul

Naimul
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 07 February 2009 - 08:28 PM

Hey, sorry for the delay. Malwarebytes log:


Malwarebytes' Anti-Malware 1.33
Database version: 1736
Windows 5.1.2600 Service Pack 3

2/7/2009 8:15:32 PM
mbam-log-2009-02-07 (20-15-15).txt

Scan type: Full Scan (C:\|)
Objects scanned: 150280
Time elapsed: 1 hour(s), 43 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by Naimul, 07 February 2009 - 08:29 PM.


#6 Naimul

Naimul
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 07 February 2009 - 08:30 PM

log.txt:



Logfile of random's system information tool 1.05 (written by random/random)
Run by phil at 2009-02-07 20:22:03
Microsoft Windows XP Professional Service Pack 3
System drive C: has 17 GB (43%) free of 38 GB
Total RAM: 447 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:17 PM, on 2/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM6\aim6.exe
C:\Documents and Settings\phil\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\phil.exe
C:\Program Files\AIM6\aolsoftware.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [LifeCam] "c:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: (no name) - http://www.sarasotarealtors.com/graphics/sarlogo100.jpg


--
End of file - 7772 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2004-06-21 143360]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2004-10-01 53248]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152]
"DiskeeperSystray"=C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe [2006-10-04 163840]
"AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [2009-01-08 590848]
"AudioDeck"=C:\Program Files\VIAudioi\SBADeck\ADeck.exe [2005-09-05 450560]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]
"LifeCam"=c:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-05-17 279912]
"VX3000"=C:\WINDOWS\vVX3000.exe [2007-04-10 709992]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"Lexmark X1100 Series"=C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [2003-08-19 57344]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Aim6"= []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Grisoft\AVG7\avgemc.exe"="C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe"
"D:\SETUP.EXE"="D:\SETUP.EXE:*:Enabled:Setup"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Disabled:Run a DLL as an App"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:Spooler SubSystem App"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\WiFiConnector\NintendoWFCReg.exe"="C:\Program Files\WiFiConnector\NintendoWFCReg.exe:*:Enabled:Nintendo Wi-Fi USB Connector"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:firefox.exe"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"C:\Documents and Settings\phil\Desktop\Setup.exe"="C:\Documents and Settings\phil\Desktop\Setup.exe:*:Enabled:Setup"
"C:\Documents and Settings\phil\Local Settings\Temp\Rar$EX11.172\Setup.exe"="C:\Documents and Settings\phil\Local Settings\Temp\Rar$EX11.172\Setup.exe:*:Enabled:Setup Wizard of WRE54G"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9902b2a2-a9fa-11dc-a073-001601790ccc}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 3 months======

2009-02-07 20:21:07 ----D---- C:\rsit
2009-01-31 18:51:16 ----A---- C:\WINDOWS\lexstat.ini
2009-01-31 18:50:01 ----A---- C:\WINDOWS\system32\lxbkvs.dll
2009-01-31 18:49:59 ----A---- C:\WINDOWS\system32\lxbkpwr.dll
2009-01-31 18:49:59 ----A---- C:\WINDOWS\system32\LXBKPMNT.DLL
2009-01-31 18:49:59 ----A---- C:\WINDOWS\system32\LXBKLSNT.EXE
2009-01-31 18:49:58 ----A---- C:\WINDOWS\system32\LXBKLCNT.DLL
2009-01-31 18:49:58 ----A---- C:\WINDOWS\system32\LXBKLCNP.DLL
2009-01-31 18:49:58 ----A---- C:\WINDOWS\system32\LXBKIH.EXE
2009-01-31 18:49:57 ----A---- C:\WINDOWS\system32\LXBKCU.DLL
2009-01-31 18:49:57 ----A---- C:\WINDOWS\system32\lxbkcomm.dll
2009-01-31 18:49:52 ----A---- C:\WINDOWS\system32\LXBKCFG.EXE
2009-01-31 18:49:49 ----A---- C:\WINDOWS\system32\LEXPPS.EXE
2009-01-31 18:49:48 ----A---- C:\WINDOWS\system32\LEXPING.EXE
2009-01-31 18:49:48 ----A---- C:\WINDOWS\system32\LEXP2P32.DLL
2009-01-31 18:49:46 ----A---- C:\WINDOWS\system32\LEXBCES.EXE
2009-01-31 18:49:46 ----A---- C:\WINDOWS\system32\LEXBCE.DLL
2009-01-31 18:49:46 ----A---- C:\WINDOWS\system32\LEX2KUSB.DLL
2009-01-31 18:49:46 ----A---- C:\WINDOWS\system32\INSTMON.EXE
2009-01-31 18:49:41 ----A---- C:\WINDOWS\system32\LXBKCUR.DLL
2009-01-31 18:49:41 ----A---- C:\WINDOWS\system32\LEXLMPM.DLL
2009-01-31 18:48:37 ----A---- C:\WINDOWS\system32\wiafbdrv.dll
2009-01-31 18:48:20 ----A---- C:\WINDOWS\system32\LXBKUTIL.DLL
2009-01-31 18:48:20 ----A---- C:\WINDOWS\system32\lxbkscin.dll
2009-01-31 18:48:20 ----A---- C:\WINDOWS\system32\LXBKGF.DLL
2009-01-31 18:48:20 ----A---- C:\WINDOWS\system32\lxbkcoin.ini
2009-01-31 18:48:20 ----A---- C:\WINDOWS\system32\lxbkcoin.dll
2009-01-31 18:48:19 ----A---- C:\WINDOWS\system32\lxbkcinf.dll
2009-01-31 18:48:02 ----A---- C:\WINDOWS\system32\LXBKJSWR.DLL
2009-01-31 18:48:01 ----D---- C:\Program Files\Lexmark X1100 Series
2009-01-31 18:44:27 ----A---- C:\WINDOWS\uninst.exe
2009-01-31 18:43:26 ----D---- C:\Lxk1100
2009-01-30 23:18:52 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-01-30 23:18:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-01-30 21:14:33 ----D---- C:\WINDOWS\Minidump
2009-01-30 20:07:43 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-01-30 20:07:43 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-01-30 19:10:50 ----D---- C:\VundoFix Backups
2009-01-30 19:10:50 ----A---- C:\VundoFix.txt
2009-01-30 18:55:32 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-30 03:08:02 ----D---- C:\WINDOWS\Prefetch
2009-01-30 02:25:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-30 02:25:16 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-01-30 02:25:03 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-01-30 02:24:46 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-01-30 02:24:23 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-01-30 02:24:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-01-30 02:23:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-01-30 02:23:31 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-01-30 02:23:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-01-30 02:23:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-01-30 02:22:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-01-30 02:22:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-01-30 02:22:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-01-30 02:20:52 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-01-30 02:20:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-01-30 02:20:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-01-30 02:20:06 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-01-30 02:19:55 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-01-30 02:19:38 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-01-30 02:19:23 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-01-30 02:08:39 ----D---- C:\WINDOWS\system32\scripting
2009-01-30 02:08:35 ----D---- C:\WINDOWS\l2schemas
2009-01-30 02:08:34 ----D---- C:\Program Files\msn
2009-01-30 02:08:33 ----D---- C:\WINDOWS\system32\en
2009-01-30 02:00:51 ----D---- C:\WINDOWS\ServicePackFiles
2009-01-30 01:40:14 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-01-28 20:39:40 ----D---- C:\Program Files\Trend Micro
2009-01-27 21:09:51 ----D---- C:\Documents and Settings\phil\Application Data\Malwarebytes
2009-01-27 21:09:26 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-01-27 21:09:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-27 19:31:08 ----A---- C:\WINDOWS\system32\cb979ca0-.txt
2009-01-15 06:23:45 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-01-12 13:34:43 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\acccore
2009-01-12 01:12:49 ----D---- C:\Program Files\Common Files\Apple
2009-01-12 01:10:55 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2009-01-12 01:06:48 ----D---- C:\Program Files\Apple Software Update
2009-01-12 01:06:46 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2009-01-11 23:57:49 ----D---- C:\WINDOWS\system32\Adobe
2009-01-11 20:36:44 ----D---- C:\Documents and Settings\phil\Application Data\Ventrilo
2009-01-11 20:32:57 ----D---- C:\Program Files\Ventrilo
2009-01-11 20:32:31 ----A---- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-01-11 20:32:04 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-10 09:32:34 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-01-10 09:32:31 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-01-10 09:32:28 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-01-10 09:32:28 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-01-10 09:32:06 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-01-10 09:32:04 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-01-10 09:31:30 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2009-01-10 09:31:22 ----N---- C:\WINDOWS\system32\slserv.exe
2009-01-10 09:31:22 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-01-10 09:31:22 ----N---- C:\WINDOWS\system32\slgen.dll
2009-01-10 09:31:22 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-01-10 09:31:22 ----N---- C:\WINDOWS\slrundll.exe
2009-01-10 09:31:21 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-01-10 09:31:13 ----N---- C:\WINDOWS\system32\setupn.exe
2009-01-10 09:31:02 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-01-10 09:30:58 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-01-10 09:30:53 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-01-10 09:30:51 ----N---- C:\WINDOWS\system32\qutil.dll
2009-01-10 09:30:48 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-01-10 09:30:47 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-01-10 09:30:47 ----N---- C:\WINDOWS\system32\qagent.dll
2009-01-10 09:30:42 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-01-10 09:30:35 ----N---- C:\WINDOWS\system32\onex.dll
2009-01-10 09:30:23 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2009-01-10 09:30:00 ----N---- C:\WINDOWS\system32\napstat.exe
2009-01-10 09:29:59 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-01-10 09:29:59 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-01-10 09:29:58 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-01-10 09:29:56 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-01-10 09:29:55 ----N---- C:\WINDOWS\system32\msxml6.dll
2009-01-10 09:29:44 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-01-10 09:29:43 ----N---- C:\WINDOWS\system32\mssha.dll
2009-01-10 09:28:46 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-01-10 09:28:45 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-01-10 09:28:45 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-01-10 09:28:45 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-01-10 09:27:54 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-01-10 09:27:45 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-01-10 09:27:35 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-01-10 09:27:34 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-01-10 09:27:32 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-01-10 09:27:29 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-01-10 09:26:38 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-01-10 09:26:37 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-01-10 09:26:23 ----N---- C:\WINDOWS\system32\comsdupd.exe
2009-01-10 09:25:41 ----N---- C:\WINDOWS\system32\faxpatch.exe
2009-01-10 09:25:41 ----A---- C:\WINDOWS\003196_.tmp
2009-01-10 09:25:34 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-01-10 09:25:34 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-01-10 09:25:34 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-01-10 09:25:34 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-01-10 09:25:34 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-01-10 09:25:34 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-01-10 09:25:34 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-01-10 09:25:33 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-01-10 09:25:23 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-01-10 09:25:23 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-01-10 09:25:22 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-01-10 09:25:22 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-01-10 09:25:22 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-01-10 09:25:22 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-01-10 09:25:22 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-01-10 09:25:19 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-01-10 09:25:19 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-01-10 09:25:18 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-01-10 09:24:52 ----N---- C:\WINDOWS\system32\credssp.dll
2009-01-10 09:24:26 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-01-10 09:24:24 ----N---- C:\WINDOWS\system32\azroles.dll
2009-01-10 09:24:23 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2009-01-10 09:24:23 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-01-10 09:24:19 ----N---- C:\WINDOWS\system32\ati3duag.dll
2009-01-10 09:24:19 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-01-10 09:24:18 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2009-01-10 09:24:18 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-01-10 09:24:18 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2009-01-10 09:23:58 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-01-09 21:12:41 ----D---- C:\Documents and Settings\phil\Application Data\Move Networks
2009-01-09 18:47:50 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2009-01-09 18:47:26 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2009-01-09 18:46:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2009-01-09 18:46:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-01-09 18:46:28 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-01-09 18:46:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2009-01-09 18:45:39 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2009-01-09 18:39:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2009-01-09 18:38:41 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2009-01-09 18:36:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2009-01-09 18:34:01 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2009-01-09 18:33:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2009-01-09 18:33:21 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-01-09 18:31:26 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-01-09 18:30:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2009-01-09 18:27:00 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2009-01-09 18:26:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2009-01-09 18:26:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2009-01-09 18:25:57 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2009-01-09 18:25:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2009-01-09 18:24:16 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-01-09 18:23:35 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-01-09 18:11:54 ----A---- C:\WINDOWS\system32\results.txt
2009-01-09 18:11:31 ----A---- C:\WINDOWS\system32\GTW32N50.dll
2009-01-09 18:11:26 ----A---- C:\WINDOWS\system32\GTGina.dll
2009-01-09 18:11:07 ----D---- C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor
2009-01-09 18:10:56 ----A---- C:\WINDOWS\system32\WLAN.INI
2008-12-21 16:43:03 ----A---- C:\WINDOWS\gswin32.ini
2008-12-07 11:49:27 ----A---- C:\WINDOWS\system32\IsUser11b.dll
2008-12-07 11:49:26 ----D---- C:\Program Files\WUSB11 WLAN Monitor
2008-11-26 21:44:58 ----D---- C:\Documents and Settings\phil\Application Data\DivX

======List of files/folders modified in the last 3 months======

2009-02-07 20:16:28 ----D---- C:\Program Files\Mozilla Firefox
2009-02-07 20:04:18 ----D---- C:\WINDOWS\system32
2009-02-07 20:04:16 ----RHD---- C:\$VAULT$.AVG
2009-02-07 18:22:27 ----SHD---- C:\WINDOWS\Installer
2009-02-07 18:22:27 ----HD---- C:\Config.Msi
2009-02-07 18:22:11 ----D---- C:\Program Files\Java
2009-02-07 18:21:29 ----D---- C:\WINDOWS\Temp
2009-02-07 18:20:12 ----RD---- C:\Program Files
2009-02-07 18:17:28 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-07 18:09:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-07 18:05:22 ----SD---- C:\WINDOWS\Tasks
2009-02-07 18:04:33 ----D---- C:\WINDOWS\security
2009-02-07 17:59:51 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-07 17:58:16 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
2009-02-07 17:57:49 ----D---- C:\Documents and Settings\phil\Application Data\AVG7
2009-02-02 13:46:24 ----D---- C:\Documents and Settings\phil\Application Data\Mozilla
2009-02-01 16:35:23 ----HD---- C:\WINDOWS\inf
2009-02-01 16:34:44 ----D---- C:\WINDOWS
2009-01-31 22:46:09 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-31 21:46:44 ----D---- C:\Program Files\Diablo II
2009-01-31 21:46:38 ----D---- C:\WINDOWS\mm.BOT
2009-01-31 18:49:15 ----D---- C:\WINDOWS\twain_32
2009-01-31 18:49:08 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-31 18:48:56 ----D---- C:\WINDOWS\system32\drivers
2009-01-30 23:18:37 ----A---- C:\WINDOWS\imsins.BAK
2009-01-30 23:15:59 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-30 03:12:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-30 03:10:03 ----A---- C:\WINDOWS\OEWABLog.txt
2009-01-30 03:08:44 ----A---- C:\WINDOWS\setuplog.txt
2009-01-30 03:07:07 ----D---- C:\WINDOWS\system32\Setup
2009-01-30 03:07:07 ----D---- C:\WINDOWS\AppPatch
2009-01-30 03:07:06 ----D---- C:\WINDOWS\system32\wbem
2009-01-30 03:07:04 ----RSD---- C:\WINDOWS\Fonts
2009-01-30 02:25:38 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-30 02:19:46 ----D---- C:\Program Files\Messenger
2009-01-30 02:09:40 ----D---- C:\WINDOWS\WinSxS
2009-01-30 02:09:10 ----D---- C:\WINDOWS\system32\inetsrv
2009-01-30 02:09:09 ----D---- C:\WINDOWS\network diagnostic
2009-01-30 02:09:09 ----D---- C:\WINDOWS\ime
2009-01-30 02:09:09 ----D---- C:\WINDOWS\Help
2009-01-30 02:08:42 ----D---- C:\WINDOWS\system32\usmt
2009-01-30 02:08:42 ----D---- C:\WINDOWS\system32\en-US
2009-01-30 02:08:32 ----D---- C:\WINDOWS\system32\bits
2009-01-30 02:08:32 ----D---- C:\WINDOWS\PeerNet
2009-01-30 02:08:32 ----D---- C:\Program Files\Movie Maker
2009-01-30 02:00:27 ----D---- C:\WINDOWS\system32\Restore
2009-01-30 02:00:27 ----D---- C:\WINDOWS\system32\npp
2009-01-30 02:00:27 ----D---- C:\WINDOWS\mui
2009-01-30 02:00:25 ----D---- C:\WINDOWS\msagent
2009-01-30 02:00:23 ----D---- C:\WINDOWS\srchasst
2009-01-30 02:00:22 ----D---- C:\Program Files\NetMeeting
2009-01-30 02:00:20 ----D---- C:\WINDOWS\system32\Com
2009-01-30 02:00:16 ----D---- C:\Program Files\Windows Media Player
2009-01-30 02:00:15 ----D---- C:\Program Files\Windows NT
2009-01-30 02:00:15 ----D---- C:\Program Files\Outlook Express
2009-01-30 02:00:11 ----D---- C:\Program Files\Common Files\System
2009-01-30 01:59:22 ----D---- C:\WINDOWS\system32\oobe
2009-01-30 01:59:17 ----D---- C:\WINDOWS\system
2009-01-30 01:49:54 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-01-30 01:40:11 ----D---- C:\WINDOWS\EHome
2009-01-28 18:45:38 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2009-01-28 18:45:34 ----D---- C:\Program Files\Viewpoint
2009-01-19 01:55:04 ----D---- C:\Documents and Settings\phil\Application Data\uTorrent
2009-01-12 13:38:09 ----D---- C:\Program Files\AIM6
2009-01-12 13:33:11 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL
2009-01-12 13:31:58 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL Downloads
2009-01-12 01:13:44 ----D---- C:\Program Files\QuickTime
2009-01-12 00:02:31 ----D---- C:\Documents and Settings\phil\Application Data\Adobe
2009-01-11 20:32:04 ----D---- C:\Program Files\Common Files
2009-01-09 18:44:53 ----A---- C:\WINDOWS\win.ini
2009-01-09 18:42:26 ----D---- C:\Program Files\Internet Explorer
2009-01-09 18:41:45 ----D---- C:\WINDOWS\ie7updates
2009-01-09 17:35:30 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-09 06:44:13 ----D---- C:\WINDOWS\Debug
2009-01-08 17:55:49 ----SD---- C:\Documents and Settings\phil\Application Data\Microsoft
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-08 14:33:21 ----D---- C:\Program Files\Warcraft III
2008-12-07 12:04:24 ----D---- C:\Documents and Settings\phil\Application Data\LimeWire
2008-11-26 12:27:49 ----A---- C:\WINDOWS\system32\CmdLineExt03.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 Avg7Core;AVG7 Kernel; C:\WINDOWS\System32\Drivers\avg7core.sys [2007-10-24 821856]
R1 Avg7RsW;AVG7 Wrap Driver; C:\WINDOWS\System32\Drivers\avg7rsw.sys [2007-04-11 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP; C:\WINDOWS\System32\Drivers\avg7rsxp.sys [2007-04-11 27776]
R1 AvgClean;AVG7 Clean Driver; C:\WINDOWS\System32\Drivers\avgclean.sys [2008-02-21 10760]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-01-09 20747]
R2 AvgTdi;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdi.sys [2007-04-11 4960]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2004-04-14 42496]
R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2004-10-06 174592]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2005-08-03 202112]
R3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2007-04-10 1966696]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PNDIS5;PNDIS5 NDIS Protocol Driver; \??\C:\DOCUME~1\phil\LOCALS~1\Temp\Rar$EX11.172\PNDIS5.SYS []
S3 PRISM_A02;D-Link Wireless 802.11b/g Driver (USB); C:\WINDOWS\System32\DRIVERS\PRISMA02.sys [2004-03-11 346560]
S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service; C:\WINDOWS\system32\DRIVERS\rt25usbap.sys [2006-04-10 162816]
S3 RT73;Linksys Home Wireless-G USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-11-24 245248]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Avg7Alrt;AVG7 Alert Manager Server; C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [2007-10-24 418816]
R2 Avg7UpdSvc;AVG7 Update Service; C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [2007-04-11 49664]
R2 AVGEMS;AVG E-mail Scanner; C:\PROGRA~1\Grisoft\AVG7\avgemc.exe [2008-02-21 406528]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-03-23 165488]
R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2006-10-04 892928]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-08-18 303104]
R2 MSCamSvc;MSCamSvc; c:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 271720]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 WUSB54GCSVC;WUSB54GCSVC; C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe [2005-07-04 53307]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2005-12-26 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-03-23 79472]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2004-09-29 69632]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

#7 Naimul

Naimul
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 07 February 2009 - 08:33 PM

info.txt:


info.txt logfile of random's system information tool 1.05 2009-02-07 20:22:55

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
-->VTUninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Timer'
Adobe Acrobat 7.0 Professional-->msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
AIM 6-->C:\Program Files\AIM6\uninst.exe
Alarm 2.0.2-->"C:\Program Files\Alarm\unins000.exe"
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG 7.5-->C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
ClubWPT-->C:\PROGRA~1\ClubWPT\UNWISE.EXE C:\PROGRA~1\ClubWPT\INSTALL.LOG
Color LaserJet 2600n-->C:\Program Files\Zenographics\{C9BFEC2A-2394-400F-80F5-89A8EB3DF047}\setup.exe -u "HPCLJKCInstaller.dll=CLJ2600.INF"
Compact Wireless-G USB Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F855C3AE-992D-4B84-A09D-07103CDCDAC2}\setup.exe" -l0x9
Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Diskeeper 2007 Pro Premier-->MsiExec.exe /X{B1D8CAE1-62E8-4259-8B57-1755629F71EC}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Image Zone 4.2-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP PSC & Officejet 5.3.B Corporate Edition-->"C:\Program Files\HP\Digital Imaging\{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update-->MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
HP Unload DLL Patch-->MsiExec.exe /X{595D0DE8-C38A-4432-B851-47DECC1A99BD}
ijji Auto Installer-->"C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
Instant Wireless USB Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B78823CD-488F-43B4-80D6-FAEADAE40EC4}\Setup.exe" -l0x9
Japanese Language Support-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\ja.inf, Uninstall
Lexmark X1100 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBKUN5C.EXE -dLexmark X1100 Series
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft LifeCam-->MsiExec.exe /X{63AFACBC-4795-4A1B-8037-5085DC03FC54}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft XML Parser and SDK-->MsiExec.exe /I{3E908702-AF35-4611-9518-955DA24B7E07}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nintendo Wi-Fi USB Connector Registration Tool-->C:\Program Files\WiFiConnector\SoftAPUninst.exe
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Rhapsody Player Engine-->MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
S3 S3Display-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'
S3 S3Gamma2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'
S3 S3Info2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'
S3 S3Overlay-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'
S3 S3TrayPlus-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3TrayPlus'
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
UniChrome Pro IGP Display Driver and Utilities-->C:\PROGRA~1\S3\S3\s3setvga.exe -s -fC:\PROGRA~1\S3\S3\S3.uns
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Vinyl Audio Codecs Driver Setup Program-->RunDll32.exe UnAudioNT.dll,UninstallAudio C:\WINDOWS\IsUninst.exe -y-f"C:\PROGRA~1\VIAudioi\SBASetup\Uninst.isu"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

=====HijackThis Backups=====

O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O20 - AppInit_DLLs: mdydeu.dll zlmmsr.dll
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG 7.5.552

System event log

Computer Name: PHIL60
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 5690
Source Name: W32Time
Time Written: 20081207133825.000000-300
Event Type: error
User:

Computer Name: PHIL60
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 59 minutes.
NtpClient has no source of accurate time.

Record Number: 5689
Source Name: W32Time
Time Written: 20081207123825.000000-300
Event Type: error
User:

Computer Name: PHIL60
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 5688
Source Name: W32Time
Time Written: 20081207123825.000000-300
Event Type: error
User:

Computer Name: PHIL60
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 30 minutes.
NtpClient has no source of accurate time.

Record Number: 5687
Source Name: W32Time
Time Written: 20081207120825.000000-300
Event Type: error
User:

Computer Name: PHIL60
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 5686
Source Name: W32Time
Time Written: 20081207120825.000000-300
Event Type: error
User:

Application event log

Computer Name: PHIL60
Event Code: 100
Message: msnmsgr (1836) The database engine 5.01.2600.2780 started.

Record Number: 2010
Source Name: ESENT
Time Written: 20080615221341.000000-240
Event Type: information
User:

Computer Name: PHIL60
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 2009
Source Name: usnjsvc
Time Written: 20080615221332.000000-240
Event Type:
User:

Computer Name: PHIL60
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 2008
Source Name: SecurityCenter
Time Written: 20080615220452.000000-240
Event Type: information
User:

Computer Name: PHIL60
Event Code: 2
Message: The Diskeeper Control Center has been started.
Diskeeper service started.

Record Number: 2007
Source Name: Diskeeper
Time Written: 20080615220438.000000-240
Event Type: information
User:

Computer Name: PHIL60
Event Code: 0
Message:
Record Number: 2006
Source Name: Viewpoint Manager Service
Time Written: 20080615220435.000000-240
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\Diskeeper Corporation\Diskeeper\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2c02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------

#8 Naimul

Naimul
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 07 February 2009 - 08:51 PM

GMER attached. Thank you for your time, Mr. Fenzodahl. =)


EDIT: posted instead of attaching.. But fixed.

Attached Files

  • Attached File  GMER.txt   878bytes   2 downloads

Edited by Naimul, 08 February 2009 - 01:32 AM.


#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 08 February 2009 - 12:50 PM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 Naimul

Naimul
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 08 February 2009 - 09:10 PM

Okay, here are the two logs. I'd just like to add as a note that once the scan started, my icons and Start bar disappeared. I don't know if that's normal, but it did. Here are the logs.

ComboFix 09-02-08.01 - phil 2009-02-08 20:49:34.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.216 [GMT -5:00]
Running from: c:\documents and settings\phil\Desktop\ComboFix.exe
AV: AVG 7.5.552 *On-access scanning enabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\wiaserviv.log

.
((((((((((((((((((((((((( Files Created from 2009-01-09 to 2009-02-09 )))))))))))))))))))))))))))))))
.

2009-02-08 01:29 . 2009-02-08 01:29 <DIR> d-------- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\SACore
2009-02-08 01:29 . 2009-02-08 01:29 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\SiteAdvisor
2009-02-08 01:27 . 2009-02-08 01:27 <DIR> d-------- c:\program files\Common Files\McAfee
2009-02-08 01:25 . 2009-02-08 01:25 <DIR> d-------- c:\program files\McAfee
2009-02-08 01:25 . 2009-02-08 01:27 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\McAfee
2009-02-07 20:31 . 2009-02-07 20:31 250 --a------ c:\windows\gmer.ini
2009-02-07 20:21 . 2009-02-07 20:22 <DIR> d-------- C:\rsit
2009-01-31 18:51 . 2009-01-31 18:52 109 --a------ c:\windows\lexstat.ini
2009-01-31 18:50 . 2002-11-13 15:40 40,960 --a------ c:\windows\system32\lxbkvs.dll
2009-01-31 18:48 . 2009-01-31 19:54 <DIR> d-------- c:\program files\Lexmark X1100 Series
2009-01-31 18:48 . 2002-08-22 15:14 983,101 --a------ c:\windows\system32\LXBKGF.DLL
2009-01-31 18:48 . 2003-08-19 10:41 454,656 --a------ c:\windows\system32\LXBKJSWR.DLL
2009-01-31 18:48 . 2003-08-19 10:29 352,256 --a------ c:\windows\system32\LXBKUTIL.DLL
2009-01-31 18:48 . 2001-08-17 22:36 87,040 --a------ c:\windows\system32\wiafbdrv.dll
2009-01-31 18:48 . 2001-08-17 22:36 87,040 --a--c--- c:\windows\system32\dllcache\wiafbdrv.dll
2009-01-31 18:48 . 2003-08-18 11:56 69,632 --a------ c:\windows\system32\lxbkscin.dll
2009-01-31 18:48 . 2003-08-18 11:56 57,344 --a------ c:\windows\system32\lxbkcinf.dll
2009-01-31 18:48 . 2003-08-18 11:56 49,152 --a------ c:\windows\system32\lxbkcoin.dll
2009-01-31 18:48 . 2002-09-13 11:40 266 --a------ c:\windows\system32\lxbkcoin.ini
2009-01-31 18:44 . 1997-04-08 20:08 299,520 --a------ c:\windows\uninst.exe
2009-01-31 18:43 . 2009-01-31 18:43 <DIR> d-------- C:\Lxk1100
2009-01-30 20:07 . 2009-01-30 20:08 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-30 20:07 . 2009-01-30 21:12 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-01-30 19:10 . 2009-01-30 19:10 <DIR> d-------- C:\VundoFix Backups
2009-01-30 18:55 . 2009-01-30 18:52 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-30 02:08 . 2009-01-30 02:08 <DIR> d-------- c:\windows\system32\scripting
2009-01-30 02:08 . 2009-01-30 02:08 <DIR> d-------- c:\windows\system32\en
2009-01-30 02:08 . 2009-01-30 02:08 <DIR> d-------- c:\windows\l2schemas
2009-01-30 02:00 . 2009-01-30 02:09 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-28 20:39 . 2009-01-28 20:39 <DIR> d-------- c:\program files\Trend Micro
2009-01-27 21:09 . 2009-01-27 21:09 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-27 21:09 . 2009-01-27 21:09 <DIR> d-------- c:\documents and settings\phil\Application Data\Malwarebytes
2009-01-27 21:09 . 2009-01-27 21:09 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-01-27 21:09 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-27 21:09 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-24 13:22 . 2009-01-24 13:28 <DIR> d-------- c:\documents and settings\phil\.housecall6.6
2009-01-12 13:34 . 2009-01-12 13:34 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\acccore
2009-01-12 01:12 . 2009-01-12 01:12 <DIR> d-------- c:\program files\Common Files\Apple
2009-01-12 01:10 . 2009-01-12 01:10 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2009-01-12 01:06 . 2009-01-12 01:06 <DIR> d-------- c:\program files\Apple Software Update
2009-01-12 01:06 . 2009-01-12 01:06 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Apple
2009-01-11 23:57 . 2009-01-12 00:08 <DIR> d-------- c:\windows\system32\Adobe
2009-01-11 20:36 . 2009-01-11 20:52 <DIR> d-------- c:\documents and settings\phil\Application Data\Ventrilo
2009-01-11 20:32 . 2009-01-11 20:33 <DIR> d-------- c:\program files\Ventrilo
2009-01-11 20:32 . 2009-01-11 20:32 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-11 20:32 . 2009-01-11 20:33 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-01-10 09:31 . 2004-08-03 22:41 404,990 --------- c:\windows\system32\drivers\slntamr.sys
2009-01-10 09:30 . 2008-04-13 19:12 4,274,816 --------- c:\windows\system32\nv4_disp.dll
2009-01-10 09:29 . 2008-04-13 19:12 1,737,856 --------- c:\windows\system32\mtxparhd.dll
2009-01-10 09:29 . 2004-08-03 22:41 1,309,184 --------- c:\windows\system32\drivers\mtlstrm.sys
2009-01-10 09:29 . 2008-09-09 20:14 1,307,648 --------- c:\windows\system32\msxml6.dll
2009-01-10 09:29 . 2008-09-09 20:14 1,307,648 -----c--- c:\windows\system32\dllcache\msxml6.dll
2009-01-10 09:29 . 2004-08-03 22:29 452,736 --------- c:\windows\system32\drivers\mtxparhm.sys
2009-01-10 09:29 . 2008-04-13 19:12 193,024 --------- c:\windows\system32\napmontr.dll
2009-01-10 09:29 . 2008-04-13 19:12 155,136 --------- c:\windows\system32\mssha.dll
2009-01-10 09:29 . 2004-08-03 22:41 126,686 --------- c:\windows\system32\drivers\mtlmnt5.sys
2009-01-10 09:29 . 2008-04-13 12:27 79,872 --------- c:\windows\system32\msxml6r.dll
2009-01-10 09:29 . 2008-04-13 12:27 79,872 -----c--- c:\windows\system32\dllcache\msxml6r.dll
2009-01-10 09:29 . 2008-04-13 13:14 76,800 --------- c:\windows\system32\msshavmsg.dll
2009-01-10 09:29 . 2008-04-13 19:12 30,208 --------- c:\windows\system32\napipsec.dll
2009-01-10 09:29 . 2008-04-13 13:43 12,672 --------- c:\windows\system32\drivers\mutohpen.sys
2009-01-10 09:28 . 2008-04-13 19:11 397,312 --------- c:\windows\system32\mmcex.dll
2009-01-10 09:28 . 2008-04-13 19:11 184,320 --------- c:\windows\system32\microsoft.managementconsole.dll
2009-01-10 09:28 . 2008-04-13 19:11 106,496 --------- c:\windows\system32\mmcfxcommon.dll
2009-01-10 09:28 . 2008-04-13 19:12 33,792 --------- c:\windows\system32\mmcperf.exe
2009-01-10 09:27 . 2008-04-13 19:11 61,440 --------- c:\windows\system32\kmsvc.dll
2009-01-10 09:27 . 2008-04-13 19:11 37,376 --------- c:\windows\system32\l2gpstore.dll
2009-01-10 09:27 . 2008-04-13 19:09 6,144 --------- c:\windows\system32\kbdpash.dll
2009-01-10 09:27 . 2008-04-13 19:09 6,144 --------- c:\windows\system32\kbdnepr.dll
2009-01-10 09:27 . 2008-04-13 19:09 6,144 --------- c:\windows\system32\kbdiultn.dll
2009-01-10 09:27 . 2008-04-13 19:09 6,144 --------- c:\windows\system32\kbdbhc.dll
2009-01-10 09:26 . 2008-04-13 11:36 144,384 --------- c:\windows\system32\drivers\hdaudbus.sys
2009-01-10 09:26 . 2008-04-13 13:45 46,592 --------- c:\windows\system32\drivers\irbus.sys
2009-01-10 09:26 . 2008-04-13 13:46 25,600 --------- c:\windows\system32\drivers\hidbth.sys
2009-01-10 09:26 . 2008-04-13 13:45 19,200 --------- c:\windows\system32\drivers\hidir.sys
2009-01-10 09:26 . 2008-04-13 19:12 10,752 --------- c:\windows\system32\smtpapi.dll
2009-01-10 09:26 . 2008-04-13 19:12 9,728 --------- c:\windows\system32\rwnh.dll
2009-01-10 09:26 . 2008-04-13 13:43 9,728 --------- c:\windows\system32\comsdupd.exe
2009-01-10 09:26 . 2007-06-21 00:52 974 --------- c:\windows\system32\pid.inf
2009-01-10 09:24 . 2008-04-13 19:11 1,888,992 --------- c:\windows\system32\ati3duag.dll
2009-01-10 09:23 . 2008-04-13 19:11 136,192 --------- c:\windows\system32\aaclient.dll
2009-01-09 21:12 . 2009-01-09 21:50 <DIR> d-------- c:\documents and settings\phil\Application Data\Move Networks
2009-01-09 18:11 . 2009-01-09 18:11 <DIR> d-------- c:\program files\Compact Wireless-G USB Adapter Wireless Network Monitor
2009-01-09 18:11 . 2005-11-24 19:51 245,248 --a------ c:\windows\system32\rt73.sys
2009-01-09 18:11 . 2005-11-24 19:51 245,248 --a------ c:\windows\system32\drivers\rt73.sys
2009-01-09 18:11 . 2003-10-13 15:30 94,208 --a------ c:\windows\system32\GTW32N50.dll
2009-01-09 18:11 . 2005-11-03 17:41 32,768 --a------ c:\windows\system32\GTGina.dll
2009-01-09 18:11 . 2003-09-25 23:28 31,930 --a------ c:\windows\system32\GTNDIS3.VXD
2009-01-09 18:11 . 2009-01-09 18:11 20,747 --a------ c:\windows\system32\drivers\AegisP.sys
2009-01-09 18:11 . 2005-02-01 18:18 17,992 --a------ c:\windows\system32\drivers\bcm42rly.sys
2009-01-09 18:11 . 2005-02-01 18:18 17,992 --a------ c:\windows\system32\bcm42rly.sys
2009-01-09 18:11 . 2005-02-01 18:18 17,992 --a------ c:\windows\bcm42rly.sys
2009-01-09 18:11 . 2003-09-25 22:15 15,872 --a------ c:\windows\system32\GTNDIS5.sys
2009-01-09 18:11 . 2005-12-06 04:24 7,846 --a------ c:\windows\system32\rt73.cat
2009-01-09 18:10 . 2009-01-09 18:10 1,361 --a------ c:\windows\system32\WLAN.INI
2009-01-09 07:18 . 2008-12-11 05:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-01-09 07:17 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-09 07:17 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-09 07:17 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-09 07:17 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-09 07:17 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-01-09 07:16 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-09 07:15 . 2008-04-11 14:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-01-09 07:15 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-08 16:18 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\avg7
2009-02-07 23:22 --------- d-----w c:\program files\Java
2009-02-07 22:57 --------- d-----w c:\documents and settings\phil\Application Data\AVG7
2009-02-01 03:46 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-01 02:46 --------- d-----w c:\program files\Diablo II
2009-01-28 23:45 --------- d-----w c:\program files\Viewpoint
2009-01-28 23:45 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Viewpoint
2009-01-19 06:55 --------- d-----w c:\documents and settings\phil\Application Data\uTorrent
2009-01-12 18:38 --------- d-----w c:\program files\AIM6
2009-01-12 18:33 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\AOL
2009-01-12 18:31 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\AOL Downloads
2009-01-12 06:13 --------- d-----w c:\program files\QuickTime
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-11-26 17:27 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
2005-05-10 19:26 27,200 ----a-w c:\documents and settings\PHILLIP DEFREEST\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-10-04 163840]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2009-01-08 590848]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2005-09-05 450560]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"VTTrayp"="VTtrayp.exe" [2004-06-21 c:\windows\system32\VTTrayp.exe]
"VTTimer"="VTTimer.exe" [2004-10-01 c:\windows\system32\VTTimer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-10-24 219136]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2005-12-26 25214]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 241664]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2007-11-17 1073152]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\phil\\Desktop\\Setup.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-02-08 206096]
S2 0282761234074470mcinstcleanup;McAfee Application Installer Cleanup (0282761234074470);c:\docume~1\phil\LOCALS~1\Temp\028276~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\phil\LOCALS~1\Temp\028276~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - 0282761234074470MCINSTCLEANUP
*NewlyCreated* - GTNDIS5

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9902b2a2-a9fa-11dc-a073-001601790ccc}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\gd3e962s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\phil\Application Data\Mozilla\Firefox\Profiles\gd3e962s.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-08 20:52:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-02-08 20:57:50
ComboFix-quarantined-files.txt 2009-02-09 01:57:14

Pre-Run: 17,232,556,032 bytes free
Post-Run: 17,235,738,624 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin

239 --- E O F --- 2009-01-31 04:19:23

Edited by Naimul, 08 February 2009 - 09:12 PM.


#11 Naimul

Naimul
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 08 February 2009 - 09:12 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:09:09 PM, on 2/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [LifeCam] "c:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: McAfee Application Installer Cleanup (0282761234074470) (0282761234074470mcinstcleanup) - Unknown owner - C:\DOCUME~1\phil\LOCALS~1\Temp\028276~1.EXE (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: (no name) - http://www.sarasotarealtors.com/graphics/sarlogo100.jpg

--
End of file - 8863 bytes

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 08 February 2009 - 11:41 PM

The steps that I am about to suggest involve modifying the registry. Modfying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Go HERE and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
For detailed instruction on how to back-up registry via ERUNT, please visit HERE




NEXT


Please copy and paste the following into a Notepad

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
"BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,00,00

Save it in desktop as Fix.reg and in Save as type: choose All Files

A new registry file will then created on your desktop. It should look like this: Posted Image

Just double-click the file and choose Yes at prompt.




NEXT


Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.




NEXT


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Post me ESET Online Scanner result in your next reply.. How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 Naimul

Naimul
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 09 February 2009 - 08:39 PM

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3839 (20090209)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=d07b2d28f8a46c4e8f6c7edae95e1c1f
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-02-10 01:23:29
# local_time=2009-02-09 08:23:29 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=381105
# found=0
# scan_time=4801


This it?

Also: My computer is much faster now. I can now search google affiliated sites without popups also! I thank you for your help, Mr. Fenzodahl. =)

Edited by Naimul, 09 February 2009 - 08:39 PM.


#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 09 February 2009 - 09:19 PM

Looks good to me.. Lets do some cleanup...


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbup2:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users