Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Seneka Trojan, possibly more.


  • This topic is locked This topic is locked
12 replies to this topic

#1 burninator2998

burninator2998

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 28 January 2009 - 11:57 PM

Hi. I am very new to this site (about an hour new) and am not completely sure what to say. I will try to provide information that will help anyone who may be able to help me. I have AVG and although it recognizes threats from a few Trojans, mainly the Seneka one, it says it is unable to remove the files. I get pop-ups for all kinds of anti-spyware and my computer is acting noticibly slower than usual. also, when i press CTRL ALT DEL an error message comes up sayin "Task Manager has been disabled by your administrator" even though my TM was working only a few hours ago. I am at a loss as to what to do, but I already went through the DDS scan. Here's the log.



DDS (Ver_09-01-07.01) - NTFSx86
Run by Dennis at 23:10:41.71 on Wed 01/28/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.107 [GMT -5:00]

AV: CyberDefender Internet Security *On-access scanning enabled* (Updated)
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\frmwrk32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\WINDOWS\system32\ntdll64.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AntispywareBot\AntispywareBot.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\CyberDefender\AntiSpyware\cdas10.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ntdll64.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ntdll64.exe
C:\Documents and Settings\Dennis\Desktop\dds.com
C:\Documents and Settings\Dennis\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.rr.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.rr.com
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=proxy-server:8080;https=proxy-server:8080
uInternet Settings,ProxyOverride = 127.0.0.1;ams-server*;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: MyIdentityDefender: {a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} - c:\documents and settings\dennis\local settings\application data\cyberdefender\cdmyidd.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: {04e95545-8f1a-4461-99ce-bcb017722887} - c:\windows\system32\efcDTKaa.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DealioBHO Class: {6a87b991-a31f-4130-ae72-6d0c294bf082} - c:\program files\dealio\kb127\Dealio.dll
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\tuvSifCR.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {0431434c-122e-bcc9-a574-50c1877ff4f7}: {7f4ff778-1c05-475a-9ccb-e221c4341340} - c:\windows\system32\iaxhux.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: MyIdentityDefender: {a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} - c:\documents and settings\dennis\local settings\application data\cyberdefender\cdmyidd.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb127\SearchSettings.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Dealio: {e67c74f4-a00a-4f2c-9fec-fd9dc004a67f} - c:\program files\dealio\kb127\Dealio.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: MyIdentityDefender: {a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} - c:\documents and settings\dennis\local settings\application data\cyberdefender\cdmyidd.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\HOMERunner.exe"
uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [AntispywareBot] c:\program files\antispywarebot\AntispywareBot.exe -boot
uRun: [CyberDefender Early Detection Center] "c:\program files\cyberdefender\antispyware\cdas10.exe" /minimize
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IPHSend] c:\program files\common files\aol\iphsend\IPHSend.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [null3d] "c:\program files\null3d\null3d.exe" silent
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [au] c:\program files\dealio\DealioAU.exe
mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Framework Windows] frmwrk32.exe
mRun: [CyberDefender Early Detection Center] "c:\program files\cyberdefender\antispyware\ISSIntro.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Compare Prices with &Dealio - c:\documents and settings\dennis\application data\dealio\kb127\res\DealioSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {E908B145-C847-4e85-B315-07E2E70DECF8} - {9F038672-0425-4792-BC9C-36DE3308E8AA} - c:\program files\dealio\kb127\Dealio.dll
LSP: c:\docume~1\dennis\locals~1\temp\ntdll64.dll
Trusted Zone: turbotax.com
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: tuvSifCR - tuvSifCR.dll
AppInit_DLLs: avgrsstx.dll iaxhux.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\tuvSifCR.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\efcDTKaa

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dennis\applic~1\mozilla\firefox\profiles\xfgynw7o.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint_03050024.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-7 97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-7-7 26824]
R3 CDAVFS;CDAVFS;c:\windows\system32\drivers\CDAVFS.sys [2009-1-28 67424]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;c:\windows\system32\drivers\getnd5b.sys [2006-4-9 44544]
R4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-9 875288]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-9 231704]
R4 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-7 76040]
R4 Maxtor Sync Service;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2007-9-28 156976]
R4 szkg5;szkg5; [x]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-10 24652]
S0 gwtewdma;gwtewdma;c:\windows\system32\drivers\owffiwnm.sys --> c:\windows\system32\drivers\owffiwnm.sys [?]
S3 idmc1aud;Intel® Play™ USB Audio Filter (WDM);c:\windows\system32\drivers\idmc1aud.sys [2006-9-29 15188]
S3 IDMC1Blk;Intel Play DMC Download Driver;c:\windows\system32\drivers\IDMC1Blk.sys [2006-9-29 14628]
S3 IDMC1Vxp;Intel® Play™ DMC Camera;c:\windows\system32\drivers\idmc1vme.sys [2006-9-29 416564]
S4 CWMonitor;Symantec Crimeware Protection Driver;\??\c:\program files\common files\symantec shared\coshared\cw\1.5\co_mon.sys --> c:\program files\common files\symantec shared\coshared\cw\1.5\CO_Mon.sys [?]

=============== Created Last 30 ================

2009-01-28 23:05 4,785 a------- c:\windows\system32\warning.gif
2009-01-28 22:44 73 a------- c:\windows\st_affiliate.ini
2009-01-28 22:23 63 a------- c:\windows\av_affiliate.ini
2009-01-28 22:23 63 a------- c:\windows\as_affiliate.ini
2009-01-28 22:21 67,424 a------- c:\windows\system32\drivers\CDAVFS.sys
2009-01-28 22:21 <DIR> --d----- c:\program files\CyberDefender
2009-01-28 21:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-01-28 21:19 <DIR> --d----- c:\program files\common files\iS3
2009-01-28 21:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-01-28 21:05 <DIR> --d----- c:\docume~1\dennis\applic~1\AntispywareBot
2009-01-28 20:59 125,440 a------- c:\windows\system32\ntdll64.exe
2009-01-28 20:29 491 a------- c:\windows\system32\win32hlp.cnf
2009-01-28 20:28 125,440 ac------ c:\windows\system32\dllcache\userinit.exe
2009-01-28 20:28 1 a------- c:\windows\system32\uniq.tll
2009-01-28 20:28 1 a------- c:\windows\system32\test.ttt
2009-01-28 20:27 26,112 a------- c:\windows\system32\frmwrk32.exe
2009-01-28 19:41 124,928 a------- c:\windows\system32\iaxhux.dll
2009-01-28 19:41 124,928 a------- c:\windows\system32\uvljckrp.dll
2009-01-28 19:40 1,515,358 ---sh--- c:\windows\system32\gufkrdpr.ini
2009-01-28 19:40 84,992 a------- c:\windows\system32\rpdrkfug.dll
2009-01-27 19:44 126,464 a------- c:\windows\system32\mwejdl.dll
2009-01-27 19:44 126,464 a------- c:\windows\system32\eukbusbm.dll
2009-01-27 19:41 1,527,574 ---sh--- c:\windows\system32\flbvrayr.ini
2009-01-27 19:41 86,528 a------- c:\windows\system32\ryarvblf.dll
2009-01-26 19:45 124,416 a------- c:\windows\system32\nayftn.dll
2009-01-26 19:44 124,416 a------- c:\windows\system32\cjgwtgbs.dll
2009-01-26 19:42 1,525,122 ---sh--- c:\windows\system32\mcyxtkrb.ini
2009-01-25 19:43 129,536 a------- c:\windows\system32\epwegx.dll
2009-01-25 19:43 129,536 a------- c:\windows\system32\iheweaqs.dll
2009-01-25 19:39 1,525,122 ---sh--- c:\windows\system32\xapdfwvo.ini
2009-01-24 16:15 1,434,061 ---sh--- c:\windows\system32\ggqqqqca.ini
2009-01-24 16:15 84,480 a------- c:\windows\system32\acqqqqgg.dll
2009-01-24 16:09 416,117 a--sh--- c:\windows\system32\aaKTDcfe.ini2
2009-01-24 16:09 416,173 a--sh--- c:\windows\system32\aaKTDcfe.ini
2009-01-24 16:09 305,664 a------- c:\windows\system32\efcDTKaa.dll
2009-01-22 22:10 <DIR> --d----- c:\program files\ConvertHelper
2009-01-18 01:16 <DIR> --d----- c:\docume~1\dennis\applic~1\NetMedia Providers
2009-01-18 01:06 33,340 -------- c:\windows\system32\dbmsqlgc.dll
2009-01-18 01:06 24,576 -------- c:\windows\system32\dbmsgnet.dll
2009-01-18 01:05 <DIR> --d----- c:\program files\Microsoft SQL Server
2009-01-18 01:03 <DIR> --d----- c:\program files\Sony
2009-01-18 01:02 <DIR> --d----- c:\program files\Sony Setup
2009-01-18 00:49 <DIR> --d----- c:\program files\SVArSoft
2009-01-03 16:50 1,872,821 a------- c:\windows\system32\cygwin1.dll
2009-01-03 16:50 487,479 a------- c:\windows\system32\SkinMagic.dll
2009-01-03 16:50 66,048 a------- c:\windows\system32\cygz.dll
2009-01-03 12:30 <DIR> --d----- c:\program files\E-Zsoft
2009-01-01 11:49 <DIR> --d----- c:\windows\system32\scripting
2009-01-01 11:49 <DIR> --d----- c:\windows\l2schemas
2009-01-01 11:49 <DIR> --d----- c:\windows\system32\en
2009-01-01 11:43 <DIR> --d----- c:\windows\network diagnostic
2009-01-01 11:25 410,984 a------- c:\windows\system32\deploytk.dll

==================== Find3M ====================

2009-01-28 20:28 125,440 a------- c:\windows\system32\userinit.exe
2009-01-27 13:28 58,904 a------- c:\windows\system32\azipcontmn.dll
2009-01-01 11:53 77,423 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-11 05:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-11-21 16:47 3,596,288 a------- c:\windows\system32\qt-dx331.dll
2008-11-21 16:47 129,784 -------- c:\windows\system32\pxafs.dll
2008-11-21 16:46 1,044,480 a------- c:\windows\system32\libdivx.dll
2008-11-21 16:46 200,704 a------- c:\windows\system32\ssldivx.dll
2008-11-21 16:45 196,608 a------- c:\windows\system32\dtu100.dll
2008-11-21 16:45 81,920 a------- c:\windows\system32\dpl100.dll
2008-11-21 16:45 593,920 a------- c:\windows\system32\dpuGUI11.dll
2008-11-21 16:45 344,064 a------- c:\windows\system32\dpus11.dll
2008-11-21 16:45 294,912 a------- c:\windows\system32\dpu11.dll
2008-11-21 16:45 294,912 a------- c:\windows\system32\dpu10.dll
2008-11-21 16:45 57,344 a------- c:\windows\system32\dpv11.dll
2008-11-21 16:45 53,248 a------- c:\windows\system32\dpuGUI10.dll

============= FINISH: 23:12:54.64 ===============




And here is the Attach part

Attached File  Attach.txt   11.8KB   25 downloads


Any help would be very much appreciated. Thanks!

Edited by burninator2998, 28 January 2009 - 11:59 PM.


BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 01 February 2009 - 09:48 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 burninator2998

burninator2998
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 03 February 2009 - 06:44 PM

Hey,
Thank you very much for the reply, but just yesterday we hired a guy to come by and clean up the computer. I still have a couple trojans in my server that he said I will most likely not be able to remove, but that they pose no threat. Is that correct? I am just trying to be sure here. Thanks!

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 03 February 2009 - 10:08 PM

Hey,
Thank you very much for the reply, but just yesterday we hired a guy to come by and clean up the computer. I still have a couple trojans in my server that he said I will most likely not be able to remove, but that they pose no threat. Is that correct? I am just trying to be sure here. Thanks!



Without logs I couldn't tell you anything.. If you completed the steps I asked previously and post the logs, I will have better view on your malware problem :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 burninator2998

burninator2998
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 05 February 2009 - 10:13 PM

Ok, here is the MBAM log:

Malwarebytes' Anti-Malware 1.33
Database version: 1730
Windows 5.1.2600 Service Pack 3

2/5/2009 10:04:33 PM
mbam-log-2009-02-05 (22-04-33).txt

Scan type: Full Scan (C:\|)
Objects scanned: 205799
Time elapsed: 1 hour(s), 57 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cdmyidd.securitytoolbar (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{cd24eb02-9831-4838-99d0-726d411b1328} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f20da564-9254-49fe-a678-cc3cef172252} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cdmyidd.securitytoolbar.1 (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Dennis\Local Settings\Application Data\CyberDefender\cdmyidd.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\acqqqqgg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\cjgwtgbs.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\eukbusbm.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\iaxhux.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\irxbrfwe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\mwejdl.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nayftn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rlsqbj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ryarvblf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\uvljckrp.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wdvhyfxg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C6B2861-C932-4FCF-B1F9-3C85D895B291}\RP871\A0212891.rbf (Rogue.SpyCleaner) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C6B2861-C932-4FCF-B1F9-3C85D895B291}\RP871\A0215082.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C6B2861-C932-4FCF-B1F9-3C85D895B291}\RP871\A0215111.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C6B2861-C932-4FCF-B1F9-3C85D895B291}\RP871\A0215120.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{3C6B2861-C932-4FCF-B1F9-3C85D895B291}\RP871\A0215124.dll (Trojan.Vundo) -> Quarantined and deleted successfully.







And here is the RSIT log



Logfile of random's system information tool 1.05 (written by random/random)
Run by Dennis at 2009-02-05 22:08:52
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 47 GB (36%) free of 131 GB
Total RAM: 511 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:08:56, on 2/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dennis\Desktop\RSIT.exe
C:\Program Files\trend micro\Dennis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy-server:8080;https=proxy-server:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;ams-server*;*.local
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [null3d] "C:\Program Files\null3d\null3d.exe" silent
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\Dennis\Application Data\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by118fd.bay118.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1144699163999
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11631 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-02-02 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A87B991-A31F-4130-AE72-6D0C294BF082}]
DealioBHO Class - C:\Program Files\Dealio\kb127\Dealio.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-01 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-02-02 1968920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-20 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-12-20 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-12-20 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-01 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-01 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 440384]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-02-02 1968920]
{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - Dealio - C:\Program Files\Dealio\kb127\Dealio.dll []
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-20 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-05-14 67072]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-06-28 8466432]
"nwiz"=nwiz.exe /install []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-01 136600]
"IPHSend"=C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe [2006-02-17 124520]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-06-28 81920]
"null3d"=C:\Program Files\null3d\null3d.exe [2008-01-20 471040]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-02-02 1601304]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"au"=C:\Program Files\Dealio\DealioAU.exe []
"SearchSettings"=C:\Program Files\Search Settings\SearchSettings.exe [2008-06-12 991584]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"mxomssmenu"=C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe [2008-07-21 169312]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=c:\program files\steam\steam.exe [2008-10-08 1410296]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-01-29 361832]
"Microsoft Works Update Detection"=C:\Program Files\Microsoft Works\WkDetect.exe [2000-08-08 28739]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-07-27 68856]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-12-18 342848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe [2008-12-16 637232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1144715304\ee\AOLSoftware.exe [2006-05-09 50760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe [2000-08-08 311350]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Microsoft Works\WkDetect.exe [2000-08-08 28739]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2007-08-31 22879528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
C:\Program Files\Microsoft Works\wkfud.exe [2000-08-08 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]
C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe [2006-06-08 5541888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpobnz08.exe [2003-04-09 323646]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe [2003-04-09 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~4\Office\OSA9.EXE [2000-08-08 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\wkcalrem.exe [2000-08-08 24633]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-02-02 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1144715304\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1144715304\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1144715304\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1144715304\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Steam\steamapps\jherrick\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\jherrick\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Steam\steamapps\jherrick\day of defeat source\hl2.exe"="C:\Program Files\Steam\steamapps\jherrick\day of defeat source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\Call of Duty\CoDMP.exe"="C:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Steam\steamapps\jherrick\insurgency\hl2.exe"="C:\Program Files\Steam\steamapps\jherrick\insurgency\hl2.exe:*:Enabled:hl2"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c8fea26-3aff-11dc-81e2-00508d6768c5}]
shell\Auto\command - D:\sxs.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c8fea27-3aff-11dc-81e2-00508d6768c5}]
shell\Auto\command - K:\sxs.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c8fea28-3aff-11dc-81e2-00508d6768c5}]
shell\Auto\command - L:\sxs.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe


======List of files/folders created in the last 3 months======

2009-02-05 22:07:15 ----D---- C:\Program Files\trend micro
2009-02-05 22:07:12 ----D---- C:\rsit
2009-02-04 22:32:01 ----D---- C:\Documents and Settings\Dennis\Application Data\Malwarebytes
2009-02-04 22:31:50 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-04 22:31:50 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-02 14:02:18 ----D---- C:\Program Files\Maxtor
2009-02-02 12:44:03 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-02-02 12:43:47 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2009-02-02 12:43:47 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2009-02-02 12:43:47 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2009-02-02 12:39:28 ----A---- C:\WINDOWS\system32\tmp.txt
2009-02-02 12:39:13 ----A---- C:\rapport.txt
2009-02-02 12:38:05 ----SHD---- C:\RECYCLER
2009-02-02 12:37:15 ----D---- C:\WINDOWS\temp
2009-02-02 12:37:11 ----A---- C:\ComboFix.txt
2009-02-02 12:14:48 ----A---- C:\WINDOWS\zip.exe
2009-02-02 12:14:48 ----A---- C:\WINDOWS\VFIND.exe
2009-02-02 12:14:48 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-02-02 12:14:48 ----A---- C:\WINDOWS\SWSC.exe
2009-02-02 12:14:48 ----A---- C:\WINDOWS\SWREG.exe
2009-02-02 12:14:48 ----A---- C:\WINDOWS\sed.exe
2009-02-02 12:14:48 ----A---- C:\WINDOWS\NIRCMD.exe
2009-02-02 12:14:48 ----A---- C:\WINDOWS\grep.exe
2009-02-02 12:14:48 ----A---- C:\WINDOWS\fdsv.exe
2009-02-02 12:14:40 ----D---- C:\WINDOWS\ERDNT
2009-02-02 12:14:40 ----D---- C:\Qoobox
2009-02-02 12:14:40 ----D---- C:\ComboFix
2009-02-02 12:10:48 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-28 23:21:58 ----A---- C:\WINDOWS\gmer.ini
2009-01-28 23:20:55 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-01-28 23:20:39 ----A---- C:\WINDOWS\gmer.dll
2009-01-28 23:20:24 ----A---- C:\WINDOWS\gmer.exe
2009-01-28 22:44:23 ----A---- C:\WINDOWS\st_affiliate.ini
2009-01-28 21:24:46 ----D---- C:\Documents and Settings\All Users\Application Data\SITEguard
2009-01-28 21:19:28 ----D---- C:\Program Files\Common Files\iS3
2009-01-28 21:19:26 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2009-01-24 16:11:57 ----A---- C:\WINDOWS\system32\2759a017-.txt
2009-01-22 22:10:53 ----D---- C:\Program Files\ConvertHelper
2009-01-18 01:16:05 ----D---- C:\Documents and Settings\Dennis\Application Data\Publish Providers
2009-01-18 01:16:05 ----D---- C:\Documents and Settings\Dennis\Application Data\NetMedia Providers
2009-01-18 01:06:24 ----A---- C:\WINDOWS\system32\dbmsqlgc.dll
2009-01-18 01:06:24 ----A---- C:\WINDOWS\system32\dbmsgnet.dll
2009-01-18 01:05:44 ----D---- C:\Program Files\Microsoft SQL Server
2009-01-18 01:05:21 ----D---- C:\Documents and Settings\Dennis\Application Data\Sony
2009-01-18 01:04:57 ----D---- C:\Documents and Settings\All Users\Application Data\Sony
2009-01-18 01:03:25 ----D---- C:\Program Files\Sony
2009-01-18 01:02:13 ----D---- C:\Program Files\Sony Setup
2009-01-18 00:49:34 ----D---- C:\Program Files\SVArSoft
2009-01-13 23:50:32 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-13 23:50:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-01-03 16:50:08 ----A---- C:\WINDOWS\system32\SkinMagic.dll
2009-01-03 16:50:08 ----A---- C:\WINDOWS\system32\cygz.dll
2009-01-03 16:50:08 ----A---- C:\WINDOWS\system32\cygwin1.dll
2009-01-03 12:30:52 ----D---- C:\Program Files\E-Zsoft
2009-01-02 02:25:00 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-01-02 02:24:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-01-02 02:24:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-01-02 02:24:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-01-02 02:24:23 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-01-02 02:24:16 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-01-02 02:24:11 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-01-02 02:23:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-01-01 16:31:15 ----D---- C:\WINDOWS\Prefetch
2009-01-01 11:56:38 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-01-01 11:56:33 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-01-01 11:56:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-01-01 11:56:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-01-01 11:56:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-01-01 11:56:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2009-01-01 11:55:56 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-01-01 11:55:41 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-01-01 11:55:29 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-01-01 11:55:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-01-01 11:55:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-01-01 11:55:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-01-01 11:54:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-01-01 11:54:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-01-01 11:54:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-01-01 11:54:34 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-01-01 11:54:30 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-01-01 11:49:55 ----D---- C:\WINDOWS\system32\en-us
2009-01-01 11:49:54 ----D---- C:\WINDOWS\system32\scripting
2009-01-01 11:49:52 ----D---- C:\WINDOWS\l2schemas
2009-01-01 11:49:51 ----D---- C:\WINDOWS\system32\en
2009-01-01 11:43:59 ----D---- C:\WINDOWS\network diagnostic
2009-01-01 11:25:32 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-01 11:25:31 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-01 11:25:31 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-01 11:25:30 ----A---- C:\WINDOWS\system32\java.exe
2008-12-26 21:15:44 ----A---- C:\WINDOWS\system32\efsadu.dll
2008-12-26 21:15:44 ----A---- C:\WINDOWS\system32\dwmapi.dll
2008-12-25 17:55:56 ----A---- C:\WINDOWS\doom3.ini
2008-12-25 17:47:41 ----D---- C:\Program Files\Doom 3
2008-12-24 01:02:50 ----RHD---- C:\Documents and Settings\Dennis\Application Data\SecuROM
2008-12-24 01:02:28 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2008-12-24 01:02:28 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2008-12-24 01:02:26 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2008-12-24 01:02:25 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2008-12-24 01:02:25 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2008-12-24 01:02:24 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2008-12-24 01:02:24 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2008-12-24 01:02:22 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2008-12-24 01:02:22 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2008-12-24 01:02:21 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2008-12-24 01:02:20 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2008-12-24 01:02:20 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2008-12-24 01:02:19 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2008-12-24 01:02:17 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-12-24 01:02:17 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-12-24 01:02:16 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-12-24 01:02:15 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-12-24 01:02:12 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-12-24 01:02:12 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-12-24 01:02:10 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-12-24 01:02:09 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-12-24 01:02:08 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-12-24 01:02:07 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-12-24 01:02:05 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-12-24 01:02:05 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-12-24 01:02:00 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-12-24 01:01:53 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-12-24 01:01:36 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-12-24 01:01:36 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-12-24 01:01:30 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-12-24 01:01:24 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-12-24 01:01:16 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2008-12-24 01:01:16 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-12-24 01:01:09 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-12-24 00:59:24 ----D---- C:\WINDOWS\Logs
2008-12-24 00:58:03 ----D---- C:\Program Files\Telltale Games
2008-12-20 01:24:36 ----A---- C:\WINDOWS\system32\pxafs.dll
2008-12-20 01:24:34 ----A---- C:\WINDOWS\system32\pxsfs.dll
2008-12-13 14:43:16 ----D---- C:\Program Files\HooTech
2008-12-13 14:42:23 ----A---- C:\WINDOWS\AudioConverter.INI
2008-12-13 14:41:17 ----D---- C:\Program Files\easetech
2008-11-26 12:55:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-11-26 12:55:11 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-11-26 12:55:05 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-11-26 12:54:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-11-26 12:54:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-26 12:54:46 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-11-26 12:54:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-11-26 12:54:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-11-26 12:54:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-11-26 12:54:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-11-26 12:53:40 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-11-26 12:53:33 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2008-11-26 12:53:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-11-26 12:53:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-11-26 12:53:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-11-26 12:53:04 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-11-26 12:52:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-11-26 12:52:48 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2008-11-26 12:52:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956390_0$
2008-11-26 12:52:03 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-11-26 12:51:55 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-11-26 10:01:04 ----A---- C:\WINDOWS\system32\xmllite.dll
2008-11-26 10:01:01 ----A---- C:\WINDOWS\system32\wmphoto.dll
2008-11-26 10:01:00 ----A---- C:\WINDOWS\system32\wlanapi.dll
2008-11-26 10:00:58 ----A---- C:\WINDOWS\system32\windowscodecsext.dll
2008-11-26 10:00:58 ----A---- C:\WINDOWS\system32\windowscodecs.dll
2008-11-26 10:00:50 ----A---- C:\WINDOWS\system32\tspkg.dll
2008-11-26 10:00:50 ----A---- C:\WINDOWS\system32\tsgqec.dll
2008-11-26 10:00:39 ----A---- C:\WINDOWS\system32\setupn.exe
2008-11-26 10:00:35 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2008-11-26 10:00:33 ----A---- C:\WINDOWS\system32\rasqec.dll
2008-11-26 10:00:33 ----A---- C:\WINDOWS\system32\qutil.dll
2008-11-26 10:00:31 ----A---- C:\WINDOWS\system32\qcliprov.dll
2008-11-26 10:00:31 ----A---- C:\WINDOWS\system32\qagentrt.dll
2008-11-26 10:00:31 ----A---- C:\WINDOWS\system32\qagent.dll
2008-11-26 10:00:29 ----A---- C:\WINDOWS\system32\photometadatahandler.dll
2008-11-26 10:00:27 ----A---- C:\WINDOWS\system32\onex.dll
2008-11-26 10:00:18 ----A---- C:\WINDOWS\system32\napstat.exe
2008-11-26 10:00:18 ----A---- C:\WINDOWS\system32\napmontr.dll
2008-11-26 10:00:18 ----A---- C:\WINDOWS\system32\napipsec.dll
2008-11-26 10:00:14 ----A---- C:\WINDOWS\system32\msshavmsg.dll
2008-11-26 10:00:14 ----A---- C:\WINDOWS\system32\mssha.dll
2008-11-26 10:00:01 ----A---- C:\WINDOWS\system32\mmcperf.exe
2008-11-26 10:00:01 ----A---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-11-26 10:00:01 ----A---- C:\WINDOWS\system32\mmcex.dll
2008-11-26 10:00:01 ----A---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-11-26 09:59:52 ----A---- C:\WINDOWS\system32\l2gpstore.dll
2008-11-26 09:59:44 ----A---- C:\WINDOWS\system32\kmsvc.dll
2008-11-26 09:59:43 ----A---- C:\WINDOWS\system32\kbdpash.dll
2008-11-26 09:59:43 ----A---- C:\WINDOWS\system32\kbdnepr.dll
2008-11-26 09:59:43 ----A---- C:\WINDOWS\system32\kbdiultn.dll
2008-11-26 09:59:43 ----A---- C:\WINDOWS\system32\kbdbhc.dll
2008-11-26 09:59:21 ----A---- C:\WINDOWS\005513_.tmp
2008-11-26 09:59:20 ----A---- C:\WINDOWS\system32\eapsvc.dll
2008-11-26 09:59:20 ----A---- C:\WINDOWS\system32\eapqec.dll
2008-11-26 09:59:20 ----A---- C:\WINDOWS\system32\eappprxy.dll
2008-11-26 09:59:20 ----A---- C:\WINDOWS\system32\eapphost.dll
2008-11-26 09:59:19 ----A---- C:\WINDOWS\system32\eappgnui.dll
2008-11-26 09:59:19 ----A---- C:\WINDOWS\system32\eappcfg.dll
2008-11-26 09:59:19 ----A---- C:\WINDOWS\system32\eapp3hst.dll
2008-11-26 09:59:19 ----A---- C:\WINDOWS\system32\eapolqec.dll
2008-11-26 09:59:16 ----A---- C:\WINDOWS\system32\dot3ui.dll
2008-11-26 09:59:16 ----A---- C:\WINDOWS\system32\dot3svc.dll
2008-11-26 09:59:16 ----A---- C:\WINDOWS\system32\dot3msm.dll
2008-11-26 09:59:16 ----A---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-11-26 09:59:16 ----A---- C:\WINDOWS\system32\dot3dlg.dll
2008-11-26 09:59:16 ----A---- C:\WINDOWS\system32\dot3cfg.dll
2008-11-26 09:59:16 ----A---- C:\WINDOWS\system32\dot3api.dll
2008-11-26 09:59:15 ----A---- C:\WINDOWS\system32\dimsroam.dll
2008-11-26 09:59:15 ----A---- C:\WINDOWS\system32\dimsntfy.dll
2008-11-26 09:59:14 ----A---- C:\WINDOWS\system32\dhcpqec.dll
2008-11-26 09:59:11 ----A---- C:\WINDOWS\system32\credssp.dll
2008-11-26 09:59:06 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2008-11-26 09:59:06 ----A---- C:\WINDOWS\system32\azroles.dll
2008-11-26 09:58:56 ----A---- C:\WINDOWS\system32\aaclient.dll
2008-11-22 16:15:17 ----D---- C:\Program Files\iPod
2008-11-22 16:14:57 ----D---- C:\Program Files\iTunes
2008-11-22 16:14:57 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-21 16:47:52 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-11-21 16:46:10 ----A---- C:\WINDOWS\system32\ssldivx.dll
2008-11-21 16:46:10 ----A---- C:\WINDOWS\system32\libdivx.dll
2008-11-21 16:45:16 ----A---- C:\WINDOWS\system32\dtu100.dll.manifest
2008-11-21 16:45:16 ----A---- C:\WINDOWS\system32\dtu100.dll
2008-11-21 16:45:16 ----A---- C:\WINDOWS\system32\dpl100.dll.manifest
2008-11-21 16:45:16 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpv11.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpus11.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpuGUI11.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpuGUI10.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpu11.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpu10.dll

======List of files/folders modified in the last 3 months======

2009-02-05 22:08:47 ----D---- C:\Documents and Settings\Dennis\Application Data\BitTorrent
2009-02-05 22:07:15 ----D---- C:\Program Files
2009-02-05 22:00:58 ----D---- C:\Documents and Settings\Dennis\Application Data\DNA
2009-02-05 22:00:43 ----D---- C:\Program Files\Mozilla Firefox
2009-02-05 21:59:55 ----HD---- C:\$AVG8.VAULT$
2009-02-05 17:33:40 ----A---- C:\WINDOWS\NeroDigital.ini
2009-02-05 17:00:54 ----D---- C:\Program Files\Steam
2009-02-05 17:00:28 ----D---- C:\Program Files\DNA
2009-02-05 06:45:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-05 06:11:15 ----D---- C:\Documents and Settings\Dennis\Application Data\Skype
2009-02-04 22:31:54 ----D---- C:\WINDOWS\system32\drivers
2009-02-03 16:53:09 ----D---- C:\WINDOWS
2009-02-02 20:29:36 ----HD---- C:\WINDOWS\inf
2009-02-02 20:29:35 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-02 20:29:33 ----D---- C:\WINDOWS\system32
2009-02-02 20:28:49 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-02 14:03:09 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-02-02 14:02:48 ----SHD---- C:\WINDOWS\Installer
2009-02-02 13:23:28 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-02-02 13:22:45 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-02-02 12:57:39 ----D---- C:\Documents and Settings
2009-02-02 12:29:34 ----A---- C:\WINDOWS\system.ini
2009-02-02 12:25:55 ----D---- C:\WINDOWS\system32\config
2009-02-02 12:20:10 ----D---- C:\WINDOWS\AppPatch
2009-02-02 12:20:10 ----D---- C:\Program Files\Common Files
2009-02-02 12:19:05 ----SD---- C:\WINDOWS\Tasks
2009-01-29 20:58:30 ----D---- C:\Program Files\AlphaZIP
2009-01-29 20:31:27 ----D---- C:\Program Files\null3d
2009-01-28 22:23:06 ----A---- C:\WINDOWS\win.ini
2009-01-28 22:22:54 ----RSD---- C:\WINDOWS\assembly
2009-01-28 20:28:17 ----A---- C:\WINDOWS\system32\userinit.exe.vir
2009-01-27 13:28:49 ----A---- C:\WINDOWS\system32\azipcontmn.dll
2009-01-18 01:06:32 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-18 01:06:23 ----HD---- C:\Program Files\Uninstall Information
2009-01-18 01:04:05 ----D---- C:\Program Files\VstPlugins
2009-01-13 23:50:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-13 23:50:32 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-13 23:50:29 ----A---- C:\WINDOWS\imsins.BAK
2009-01-03 13:40:40 ----D---- C:\Documents and Settings\Dennis\Application Data\Dealio
2009-01-01 16:35:07 ----AC---- C:\WINDOWS\OEWABLog.txt
2009-01-01 16:32:35 ----AC---- C:\WINDOWS\setuplog.txt
2009-01-01 16:30:39 ----D---- C:\WINDOWS\system32\Setup
2009-01-01 16:30:38 ----D---- C:\WINDOWS\system32\wbem
2009-01-01 16:30:37 ----RSD---- C:\WINDOWS\Fonts
2009-01-01 12:00:14 ----D---- C:\WINDOWS\security
2009-01-01 11:54:36 ----D---- C:\Program Files\Messenger
2009-01-01 11:50:22 ----D---- C:\WINDOWS\WinSxS
2009-01-01 11:50:15 ----D---- C:\WINDOWS\ServicePackFiles
2009-01-01 11:50:11 ----D---- C:\WINDOWS\ime
2009-01-01 11:50:11 ----D---- C:\WINDOWS\Help
2009-01-01 11:49:55 ----D---- C:\WINDOWS\system32\usmt
2009-01-01 11:49:53 ----D---- C:\Program Files\Internet Explorer
2009-01-01 11:49:51 ----D---- C:\WINDOWS\system32\bits
2009-01-01 11:49:51 ----D---- C:\WINDOWS\peernet
2009-01-01 11:49:51 ----D---- C:\Program Files\Movie Maker
2009-01-01 11:46:17 ----D---- C:\WINDOWS\system32\Restore
2009-01-01 11:46:16 ----D---- C:\WINDOWS\system32\npp
2009-01-01 11:46:15 ----D---- C:\WINDOWS\msagent
2009-01-01 11:46:14 ----D---- C:\WINDOWS\srchasst
2009-01-01 11:46:12 ----D---- C:\Program Files\NetMeeting
2009-01-01 11:46:10 ----D---- C:\WINDOWS\system32\Com
2009-01-01 11:46:08 ----D---- C:\Program Files\Windows Media Player
2009-01-01 11:46:07 ----D---- C:\Program Files\Windows NT
2009-01-01 11:46:07 ----D---- C:\Program Files\Outlook Express
2009-01-01 11:46:04 ----D---- C:\Program Files\Common Files\System
2009-01-01 11:45:46 ----D---- C:\WINDOWS\system32\oobe
2009-01-01 11:45:44 ----D---- C:\WINDOWS\system
2009-01-01 11:42:27 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-01-01 11:38:12 ----D---- C:\WINDOWS\EHome
2009-01-01 11:23:40 ----D---- C:\Program Files\Java
2008-12-26 21:15:50 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2008-12-25 17:56:43 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-24 15:06:01 ----D---- C:\WINDOWS\system32\DirectX
2008-12-24 15:05:52 ----HD---- C:\WINDOWS\msdownld.tmp
2008-12-20 01:25:13 ----D---- C:\Program Files\DivX
2008-12-20 01:12:30 ----D---- C:\Program Files\Google
2008-12-20 01:11:03 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-12-14 20:43:08 ----D---- C:\Program Files\NCH Software
2008-12-12 12:01:00 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-11-26 09:37:23 ----D---- C:\WINDOWS\Debug
2008-11-22 16:15:16 ----D---- C:\Program Files\Common Files\Apple
2008-11-22 16:13:05 ----D---- C:\Program Files\QuickTime
2008-11-18 16:30:15 ----D---- C:\WINDOWS\system32\Macromed
2008-11-18 16:26:43 ----SD---- C:\WINDOWS\Downloaded Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Athlon64 Processor Driver; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2003-11-07 35328]
R1 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2004-07-20 16512]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-02-02 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-02-02 27656]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-02-02 107272]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-23 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-05-14 622172]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\getnd5b.sys [2004-01-29 44544]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2007-05-03 22152]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2007-06-28 6807328]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2003-08-04 11392]
S2 CWMonitor;Symantec Crimeware Protection Driver; \??\C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.5\CO_Mon.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-03-18 17480]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 idmc1aud;Intel® Play™ USB Audio Filter (WDM); C:\WINDOWS\system32\drivers\idmc1aud.sys [2001-07-05 15188]
S3 IDMC1Blk;Intel Play DMC Download Driver; C:\WINDOWS\system32\DRIVERS\IDMC1Blk.sys [2001-07-05 14628]
S3 IDMC1Vxp;Intel® Play™ DMC Camera; C:\WINDOWS\system32\DRIVERS\idmc1vme.sys [2001-07-05 416564]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\System32\ntsim.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2003-08-04 6912]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-02-02 903960]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-02-02 298264]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-01 152984]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768]
R2 Maxtor Sync Service;Maxtor Service; C:\Program Files\Maxtor\Sync\SyncServices.exe [2008-07-21 193888]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-06-28 155716]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-11-23 66872]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-20 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

#6 burninator2998

burninator2998
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 05 February 2009 - 10:46 PM

I will run the GMER while I'm gone here for a while. But there was a problem. For the RSIT no "info" file appeared? I will try again a little later. Thank you for your patience.

#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 06 February 2009 - 03:31 AM

Its ok... Just run GMER and post the log here :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 burninator2998

burninator2998
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 08 February 2009 - 12:06 AM

Here is the GMER

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-08 00:05:54
Windows 5.1.2600 Service Pack 3


---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[988] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [017E2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[988] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [017E2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[988] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [017E2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[988] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [017E2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A42F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A42CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A42D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A42CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\DOCUME~1\Dennis\LOCALS~1\Temp\ztv7\gmer.exe[2648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00382F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\DOCUME~1\Dennis\LOCALS~1\Temp\ztv7\gmer.exe[2648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00382CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\DOCUME~1\Dennis\LOCALS~1\Temp\ztv7\gmer.exe[2648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00382D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\DOCUME~1\Dennis\LOCALS~1\Temp\ztv7\gmer.exe[2648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00382CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AE2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AE2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AE2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AE2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3948] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009B2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3948] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009B2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3948] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009B2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3948] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009B2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

---- EOF - GMER 1.0.14 ----

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 08 February 2009 - 09:36 PM

Well, I think the guy you hired has done a decent job cleaning the computer.. Lets do this...


IMPORTANT!! Uninstall these programs first (if present..) so that they won't interfere with our fixes..

1. Ask Toolbar
2. Lavasoft Ad-Aware
3. Spybot - Search & Destroy
4. Viewpoint (all of them..)
5. Search Settings
6. Dealio Toolbar




Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.




NEXT


Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :services
    
    :files
    C:\Program Files\Dealio
    C:\Program Files\Search Settings
    C:\WINDOWS\system32\2759a017-.txt
    C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    
    :reg
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c8fea26-3aff-11dc-81e2-00508d6768c5}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c8fea27-3aff-11dc-81e2-00508d6768c5}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c8fea28-3aff-11dc-81e2-00508d6768c5}]
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT again... Post these logs in your next reply..

1. OTMoveIt3
2. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 burninator2998

burninator2998
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 10 February 2009 - 08:50 PM

When I ran HijackThis I did not see the files named:
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll (file missing)

Here are the other logs:

OTMoveIt3:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
File/Folder C:\Program Files\Dealio not found.
File/Folder C:\Program Files\Search Settings not found.
C:\WINDOWS\system32\2759a017-.txt moved successfully.
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86 moved successfully.
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86 moved successfully.
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c8fea26-3aff-11dc-81e2-00508d6768c5}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c8fea27-3aff-11dc-81e2-00508d6768c5}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c8fea28-3aff-11dc-81e2-00508d6768c5}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Dennis\LOCALS~1\Temp\etilqs_BOqIjcQVVaSpyB6lRSdR scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6e8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Dennis\Local Settings\Application Data\Mozilla\Firefox\Profiles\xfgynw7o.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dennis\Local Settings\Application Data\Mozilla\Firefox\Profiles\xfgynw7o.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dennis\Local Settings\Application Data\Mozilla\Firefox\Profiles\xfgynw7o.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dennis\Local Settings\Application Data\Mozilla\Firefox\Profiles\xfgynw7o.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dennis\Local Settings\Application Data\Mozilla\Firefox\Profiles\xfgynw7o.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Dennis\Local Settings\Application Data\Mozilla\Firefox\Profiles\xfgynw7o.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

And the RSIT log:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Dennis at 2009-02-10 20:47:08
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 47 GB (36%) free of 131 GB
Total RAM: 1535 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:47:20 PM, on 2/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dennis\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Dennis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy-server:8080;https=proxy-server:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;ams-server*;*.local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [null3d] "C:\Program Files\null3d\null3d.exe" silent
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - S-1-5-18 Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'Default user')
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by118fd.bay118.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1144699163999
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 11425 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-02-02 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-01 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-02-02 1968920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-20 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-12-20 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2008-12-20 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-01 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-01 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 440384]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-02-02 1968920]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2008-12-20 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-05-14 67072]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-06-28 8466432]
"nwiz"=nwiz.exe /install []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-01 136600]
"IPHSend"=C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe [2006-02-17 124520]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-06-28 81920]
"null3d"=C:\Program Files\null3d\null3d.exe [2008-01-20 471040]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-02-02 1601304]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"mxomssmenu"=C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe [2008-07-21 169312]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-02-13 564496]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-02-13 2196240]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=c:\program files\steam\steam.exe [2008-10-08 1410296]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-01-29 361832]
"Microsoft Works Update Detection"=C:\Program Files\Microsoft Works\WkDetect.exe [2000-08-08 28739]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-07-27 68856]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-12-18 342848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe [2008-12-16 637232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1144715304\ee\AOLSoftware.exe [2006-05-09 50760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
C:\Program Files\Microsoft Works\WksSb.exe [2000-08-08 311350]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Microsoft Works\WkDetect.exe [2000-08-08 28739]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2007-08-31 22879528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
C:\Program Files\Microsoft Works\wkfud.exe [2000-08-08 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]
C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe [2006-06-08 5541888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpobnz08.exe [2003-04-09 323646]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe [2003-04-09 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~4\Office\OSA9.EXE [2000-08-08 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\wkcalrem.exe [2000-08-08 24633]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

C:\Documents and Settings\Dennis\Start Menu\Programs\Startup
Logitech . Product Registration.lnk - C:\Program Files\Logitech\QuickCam\eReg.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-02-02 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1144715304\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1144715304\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1144715304\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1144715304\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Steam\steamapps\jherrick\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\jherrick\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Steam\steamapps\jherrick\day of defeat source\hl2.exe"="C:\Program Files\Steam\steamapps\jherrick\day of defeat source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\Call of Duty\CoDMP.exe"="C:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Steam\steamapps\jherrick\insurgency\hl2.exe"="C:\Program Files\Steam\steamapps\jherrick\insurgency\hl2.exe:*:Enabled:hl2"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-02-10 20:35:52 ----D---- C:\_OTMoveIt
2009-02-07 21:40:53 ----RA---- C:\WINDOWS\system32\LVUI2RC.dll
2009-02-07 21:40:53 ----RA---- C:\WINDOWS\system32\lvcoinst.ini
2009-02-07 21:40:53 ----RA---- C:\WINDOWS\system32\lvci11701196.dll
2009-02-07 21:40:52 ----RA---- C:\WINDOWS\system32\LVUI2.dll
2009-02-07 21:40:52 ----RA---- C:\WINDOWS\system32\lvcodec2.dll
2009-02-07 21:40:16 ----D---- C:\Documents and Settings\Dennis\Application Data\Leadertech
2009-02-07 21:38:30 ----D---- C:\Documents and Settings\All Users\Application Data\Logishrd
2009-02-07 21:38:28 ----D---- C:\Program Files\Common Files\LogiShrd
2009-02-07 21:38:17 ----D---- C:\Documents and Settings\All Users\Application Data\Logitech
2009-02-07 21:38:16 ----D---- C:\Program Files\Logitech
2009-02-05 22:07:15 ----D---- C:\Program Files\trend micro
2009-02-05 22:07:12 ----D---- C:\rsit
2009-02-04 22:32:01 ----D---- C:\Documents and Settings\Dennis\Application Data\Malwarebytes
2009-02-04 22:31:50 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-04 22:31:50 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-02 14:02:18 ----D---- C:\Program Files\Maxtor
2009-02-02 12:44:03 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-02-02 12:43:47 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2009-02-02 12:43:47 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2009-02-02 12:43:47 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2009-02-02 12:39:28 ----A---- C:\WINDOWS\system32\tmp.txt
2009-02-02 12:39:13 ----A---- C:\rapport.txt
2009-02-02 12:38:05 ----SHD---- C:\RECYCLER
2009-02-02 12:37:15 ----D---- C:\WINDOWS\temp
2009-02-02 12:37:11 ----A---- C:\ComboFix.txt
2009-02-02 12:14:48 ----A---- C:\WINDOWS\zip.exe
2009-02-02 12:14:48 ----A---- C:\WINDOWS\VFIND.exe
2009-02-02 12:14:48 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-02-02 12:14:48 ----A---- C:\WINDOWS\SWSC.exe
2009-02-02 12:14:48 ----A---- C:\WINDOWS\SWREG.exe
2009-02-02 12:14:48 ----A---- C:\WINDOWS\sed.exe
2009-02-02 12:14:48 ----A---- C:\WINDOWS\NIRCMD.exe
2009-02-02 12:14:48 ----A---- C:\WINDOWS\grep.exe
2009-02-02 12:14:48 ----A---- C:\WINDOWS\fdsv.exe
2009-02-02 12:14:40 ----D---- C:\WINDOWS\ERDNT
2009-02-02 12:14:40 ----D---- C:\Qoobox
2009-02-02 12:14:40 ----D---- C:\ComboFix
2009-02-02 12:10:48 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-28 23:21:58 ----A---- C:\WINDOWS\gmer.ini
2009-01-28 23:20:55 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-01-28 23:20:39 ----A---- C:\WINDOWS\gmer.dll
2009-01-28 23:20:24 ----A---- C:\WINDOWS\gmer.exe
2009-01-28 22:44:23 ----A---- C:\WINDOWS\st_affiliate.ini
2009-01-28 21:24:46 ----D---- C:\Documents and Settings\All Users\Application Data\SITEguard
2009-01-28 21:19:28 ----D---- C:\Program Files\Common Files\iS3
2009-01-28 21:19:26 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2009-01-22 22:10:53 ----D---- C:\Program Files\ConvertHelper
2009-01-18 01:16:05 ----D---- C:\Documents and Settings\Dennis\Application Data\Publish Providers
2009-01-18 01:16:05 ----D---- C:\Documents and Settings\Dennis\Application Data\NetMedia Providers
2009-01-18 01:06:24 ----A---- C:\WINDOWS\system32\dbmsqlgc.dll
2009-01-18 01:06:24 ----A---- C:\WINDOWS\system32\dbmsgnet.dll
2009-01-18 01:05:44 ----D---- C:\Program Files\Microsoft SQL Server
2009-01-18 01:05:21 ----D---- C:\Documents and Settings\Dennis\Application Data\Sony
2009-01-18 01:04:57 ----D---- C:\Documents and Settings\All Users\Application Data\Sony
2009-01-18 01:03:25 ----D---- C:\Program Files\Sony
2009-01-18 01:02:13 ----D---- C:\Program Files\Sony Setup
2009-01-18 00:49:34 ----D---- C:\Program Files\SVArSoft
2009-01-13 23:50:32 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-13 23:50:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-01-03 16:50:08 ----A---- C:\WINDOWS\system32\SkinMagic.dll
2009-01-03 16:50:08 ----A---- C:\WINDOWS\system32\cygz.dll
2009-01-03 16:50:08 ----A---- C:\WINDOWS\system32\cygwin1.dll
2009-01-03 12:30:52 ----D---- C:\Program Files\E-Zsoft
2009-01-02 02:25:00 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-01-02 02:24:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-01-02 02:24:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-01-02 02:24:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-01-02 02:24:23 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-01-02 02:24:16 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-01-02 02:24:11 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-01-02 02:23:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-01-01 16:31:15 ----D---- C:\WINDOWS\Prefetch
2009-01-01 11:56:38 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-01-01 11:56:33 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-01-01 11:56:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-01-01 11:56:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-01-01 11:56:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-01-01 11:56:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2009-01-01 11:55:56 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-01-01 11:55:41 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-01-01 11:55:29 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-01-01 11:55:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-01-01 11:55:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-01-01 11:55:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-01-01 11:54:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-01-01 11:54:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-01-01 11:54:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-01-01 11:54:34 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-01-01 11:54:30 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-01-01 11:49:55 ----D---- C:\WINDOWS\system32\en-us
2009-01-01 11:49:54 ----D---- C:\WINDOWS\system32\scripting
2009-01-01 11:49:52 ----D---- C:\WINDOWS\l2schemas
2009-01-01 11:49:51 ----D---- C:\WINDOWS\system32\en
2009-01-01 11:43:59 ----D---- C:\WINDOWS\network diagnostic
2009-01-01 11:25:32 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-01 11:25:31 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-01 11:25:31 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-01 11:25:30 ----A---- C:\WINDOWS\system32\java.exe
2008-12-26 21:15:44 ----A---- C:\WINDOWS\system32\efsadu.dll
2008-12-26 21:15:44 ----A---- C:\WINDOWS\system32\dwmapi.dll
2008-12-25 17:55:56 ----A---- C:\WINDOWS\doom3.ini
2008-12-25 17:47:41 ----D---- C:\Program Files\Doom 3
2008-12-24 01:02:50 ----RHD---- C:\Documents and Settings\Dennis\Application Data\SecuROM
2008-12-24 01:02:28 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2008-12-24 01:02:28 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2008-12-24 01:02:26 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2008-12-24 01:02:25 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2008-12-24 01:02:25 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2008-12-24 01:02:24 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2008-12-24 01:02:24 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2008-12-24 01:02:22 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2008-12-24 01:02:22 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2008-12-24 01:02:21 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2008-12-24 01:02:20 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2008-12-24 01:02:20 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2008-12-24 01:02:19 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2008-12-24 01:02:17 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-12-24 01:02:17 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-12-24 01:02:16 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-12-24 01:02:15 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-12-24 01:02:12 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-12-24 01:02:12 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-12-24 01:02:10 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-12-24 01:02:09 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-12-24 01:02:08 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-12-24 01:02:07 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-12-24 01:02:05 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-12-24 01:02:05 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-12-24 01:02:00 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-12-24 01:01:53 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-12-24 01:01:36 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-12-24 01:01:36 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-12-24 01:01:30 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-12-24 01:01:24 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-12-24 01:01:16 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2008-12-24 01:01:16 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-12-24 01:01:09 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-12-24 00:59:24 ----D---- C:\WINDOWS\Logs
2008-12-24 00:58:03 ----D---- C:\Program Files\Telltale Games
2008-12-20 01:24:36 ----A---- C:\WINDOWS\system32\pxafs.dll
2008-12-20 01:24:34 ----A---- C:\WINDOWS\system32\pxsfs.dll
2008-12-13 14:43:16 ----D---- C:\Program Files\HooTech
2008-12-13 14:42:23 ----A---- C:\WINDOWS\AudioConverter.INI
2008-12-13 14:41:17 ----D---- C:\Program Files\easetech
2008-11-26 12:55:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-11-26 12:55:11 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-11-26 12:55:05 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-11-26 12:54:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-11-26 12:54:52 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-26 12:54:46 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-11-26 12:54:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-11-26 12:54:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-11-26 12:54:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-11-26 12:54:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-11-26 12:53:40 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-11-26 12:53:33 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2008-11-26 12:53:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-11-26 12:53:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-11-26 12:53:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-11-26 12:53:04 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-11-26 12:52:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-11-26 12:52:48 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2008-11-26 12:52:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956390_0$
2008-11-26 12:52:03 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-11-26 12:51:55 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-11-26 10:01:04 ----A---- C:\WINDOWS\system32\xmllite.dll
2008-11-26 10:01:01 ----A---- C:\WINDOWS\system32\wmphoto.dll
2008-11-26 10:01:00 ----A---- C:\WINDOWS\system32\wlanapi.dll
2008-11-26 10:00:58 ----A---- C:\WINDOWS\system32\windowscodecsext.dll
2008-11-26 10:00:58 ----A---- C:\WINDOWS\system32\windowscodecs.dll
2008-11-26 10:00:50 ----A---- C:\WINDOWS\system32\tspkg.dll
2008-11-26 10:00:50 ----A---- C:\WINDOWS\system32\tsgqec.dll
2008-11-26 10:00:39 ----A---- C:\WINDOWS\system32\setupn.exe
2008-11-26 10:00:35 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2008-11-26 10:00:33 ----A---- C:\WINDOWS\system32\rasqec.dll
2008-11-26 10:00:33 ----A---- C:\WINDOWS\system32\qutil.dll
2008-11-26 10:00:31 ----A---- C:\WINDOWS\system32\qcliprov.dll
2008-11-26 10:00:31 ----A---- C:\WINDOWS\system32\qagentrt.dll
2008-11-26 10:00:31 ----A---- C:\WINDOWS\system32\qagent.dll
2008-11-26 10:00:29 ----A---- C:\WINDOWS\system32\photometadatahandler.dll
2008-11-26 10:00:27 ----A---- C:\WINDOWS\system32\onex.dll
2008-11-26 10:00:18 ----A---- C:\WINDOWS\system32\napstat.exe
2008-11-26 10:00:18 ----A---- C:\WINDOWS\system32\napmontr.dll
2008-11-26 10:00:18 ----A---- C:\WINDOWS\system32\napipsec.dll
2008-11-26 10:00:14 ----A---- C:\WINDOWS\system32\msshavmsg.dll
2008-11-26 10:00:14 ----A---- C:\WINDOWS\system32\mssha.dll
2008-11-26 10:00:01 ----A---- C:\WINDOWS\system32\mmcperf.exe
2008-11-26 10:00:01 ----A---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-11-26 10:00:01 ----A---- C:\WINDOWS\system32\mmcex.dll
2008-11-26 10:00:01 ----A---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-11-26 09:59:52 ----A---- C:\WINDOWS\system32\l2gpstore.dll
2008-11-26 09:59:44 ----A---- C:\WINDOWS\system32\kmsvc.dll
2008-11-26 09:59:43 ----A---- C:\WINDOWS\system32\kbdpash.dll
2008-11-26 09:59:43 ----A---- C:\WINDOWS\system32\kbdnepr.dll
2008-11-26 09:59:43 ----A---- C:\WINDOWS\system32\kbdiultn.dll
2008-11-26 09:59:43 ----A---- C:\WINDOWS\system32\kbdbhc.dll
2008-11-26 09:59:21 ----A---- C:\WINDOWS\005513_.tmp
2008-11-26 09:59:20 ----A---- C:\WINDOWS\system32\eapsvc.dll
2008-11-26 09:59:20 ----A---- C:\WINDOWS\system32\eapqec.dll
2008-11-26 09:59:20 ----A---- C:\WINDOWS\system32\eappprxy.dll
2008-11-26 09:59:20 ----A---- C:\WINDOWS\system32\eapphost.dll
2008-11-26 09:59:19 ----A---- C:\WINDOWS\system32\eappgnui.dll
2008-11-26 09:59:19 ----A---- C:\WINDOWS\system32\eappcfg.dll
2008-11-26 09:59:19 ----A---- C:\WINDOWS\system32\eapp3hst.dll
2008-11-26 09:59:19 ----A---- C:\WINDOWS\system32\eapolqec.dll
2008-11-26 09:59:16 ----A---- C:\WINDOWS\system32\dot3ui.dll
2008-11-26 09:59:16 ----A---- C:\WINDOWS\system32\dot3svc.dll
2008-11-26 09:59:16 ----A---- C:\WINDOWS\system32\dot3msm.dll
2008-11-26 09:59:16 ----A---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-11-26 09:59:16 ----A---- C:\WINDOWS\system32\dot3dlg.dll
2008-11-26 09:59:16 ----A---- C:\WINDOWS\system32\dot3cfg.dll
2008-11-26 09:59:16 ----A---- C:\WINDOWS\system32\dot3api.dll
2008-11-26 09:59:15 ----A---- C:\WINDOWS\system32\dimsroam.dll
2008-11-26 09:59:15 ----A---- C:\WINDOWS\system32\dimsntfy.dll
2008-11-26 09:59:14 ----A---- C:\WINDOWS\system32\dhcpqec.dll
2008-11-26 09:59:11 ----A---- C:\WINDOWS\system32\credssp.dll
2008-11-26 09:59:06 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2008-11-26 09:59:06 ----A---- C:\WINDOWS\system32\azroles.dll
2008-11-26 09:58:56 ----A---- C:\WINDOWS\system32\aaclient.dll
2008-11-22 16:15:17 ----D---- C:\Program Files\iPod
2008-11-22 16:14:57 ----D---- C:\Program Files\iTunes
2008-11-21 16:47:52 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-11-21 16:46:10 ----A---- C:\WINDOWS\system32\ssldivx.dll
2008-11-21 16:46:10 ----A---- C:\WINDOWS\system32\libdivx.dll
2008-11-21 16:45:16 ----A---- C:\WINDOWS\system32\dtu100.dll.manifest
2008-11-21 16:45:16 ----A---- C:\WINDOWS\system32\dtu100.dll
2008-11-21 16:45:16 ----A---- C:\WINDOWS\system32\dpl100.dll.manifest
2008-11-21 16:45:16 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpv11.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpus11.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpuGUI11.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpuGUI10.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpu11.dll
2008-11-21 16:45:12 ----A---- C:\WINDOWS\system32\dpu10.dll

======List of files/folders modified in the last 3 months======

2009-02-10 20:44:23 ----D---- C:\Program Files\Mozilla Firefox
2009-02-10 20:43:24 ----D---- C:\Program Files\Steam
2009-02-10 20:42:55 ----D---- C:\Program Files\DNA
2009-02-10 20:42:55 ----D---- C:\Documents and Settings\Dennis\Application Data\DNA
2009-02-10 20:42:48 ----D---- C:\Program Files\null3d
2009-02-10 20:38:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-10 20:35:52 ----D---- C:\WINDOWS\system32
2009-02-10 20:25:51 ----SHD---- C:\WINDOWS\Installer
2009-02-10 20:25:50 ----D---- C:\Program Files
2009-02-10 20:24:35 ----D---- C:\Documents and Settings\Dennis\Application Data\Viewpoint
2009-02-10 20:24:32 ----D---- C:\Program Files\Viewpoint
2009-02-10 20:17:51 ----A---- C:\WINDOWS\NeroDigital.ini
2009-02-10 16:03:46 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-08 15:34:37 ----HD---- C:\$AVG8.VAULT$
2009-02-08 12:02:49 ----D---- C:\Program Files\AlphaZIP
2009-02-07 23:05:51 ----D---- C:\Documents and Settings\Dennis\Application Data\Skype
2009-02-07 23:03:02 ----D---- C:\WINDOWS
2009-02-07 21:41:03 ----D---- C:\WINDOWS\system32\drivers
2009-02-07 21:40:52 ----D---- C:\WINDOWS\twain_32
2009-02-07 21:40:46 ----HD---- C:\WINDOWS\inf
2009-02-07 21:40:43 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-07 21:39:55 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-02-07 21:38:28 ----D---- C:\Program Files\Common Files
2009-02-05 23:08:47 ----D---- C:\Documents and Settings\Dennis\Application Data\BitTorrent
2009-02-05 21:59:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-02 14:03:09 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-02-02 13:23:28 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-02-02 13:22:45 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-02-02 12:57:39 ----D---- C:\Documents and Settings
2009-02-02 12:29:34 ----A---- C:\WINDOWS\system.ini
2009-02-02 12:25:55 ----D---- C:\WINDOWS\system32\config
2009-02-02 12:20:10 ----D---- C:\WINDOWS\AppPatch
2009-02-02 12:19:05 ----SD---- C:\WINDOWS\Tasks
2009-01-28 22:23:06 ----A---- C:\WINDOWS\win.ini
2009-01-28 22:22:54 ----RSD---- C:\WINDOWS\assembly
2009-01-27 13:28:49 ----A---- C:\WINDOWS\system32\azipcontmn.dll
2009-01-18 01:06:32 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-18 01:06:23 ----HD---- C:\Program Files\Uninstall Information
2009-01-18 01:04:05 ----D---- C:\Program Files\VstPlugins
2009-01-13 23:50:32 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-13 23:50:29 ----A---- C:\WINDOWS\imsins.BAK
2009-01-09 17:35:30 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-01 16:35:07 ----AC---- C:\WINDOWS\OEWABLog.txt
2009-01-01 16:32:35 ----AC---- C:\WINDOWS\setuplog.txt
2009-01-01 16:30:39 ----D---- C:\WINDOWS\system32\Setup
2009-01-01 16:30:38 ----D---- C:\WINDOWS\system32\wbem
2009-01-01 16:30:37 ----RSD---- C:\WINDOWS\Fonts
2009-01-01 12:00:14 ----D---- C:\WINDOWS\security
2009-01-01 11:54:36 ----D---- C:\Program Files\Messenger
2009-01-01 11:50:22 ----D---- C:\WINDOWS\WinSxS
2009-01-01 11:50:15 ----D---- C:\WINDOWS\ServicePackFiles
2009-01-01 11:50:11 ----D---- C:\WINDOWS\ime
2009-01-01 11:50:11 ----D---- C:\WINDOWS\Help
2009-01-01 11:49:55 ----D---- C:\WINDOWS\system32\usmt
2009-01-01 11:49:53 ----D---- C:\Program Files\Internet Explorer
2009-01-01 11:49:51 ----D---- C:\WINDOWS\system32\bits
2009-01-01 11:49:51 ----D---- C:\WINDOWS\peernet
2009-01-01 11:49:51 ----D---- C:\Program Files\Movie Maker
2009-01-01 11:46:17 ----D---- C:\WINDOWS\system32\Restore
2009-01-01 11:46:16 ----D---- C:\WINDOWS\system32\npp
2009-01-01 11:46:15 ----D---- C:\WINDOWS\msagent
2009-01-01 11:46:14 ----D---- C:\WINDOWS\srchasst
2009-01-01 11:46:12 ----D---- C:\Program Files\NetMeeting
2009-01-01 11:46:10 ----D---- C:\WINDOWS\system32\Com
2009-01-01 11:46:08 ----D---- C:\Program Files\Windows Media Player
2009-01-01 11:46:07 ----D---- C:\Program Files\Windows NT
2009-01-01 11:46:07 ----D---- C:\Program Files\Outlook Express
2009-01-01 11:46:04 ----D---- C:\Program Files\Common Files\System
2009-01-01 11:45:46 ----D---- C:\WINDOWS\system32\oobe
2009-01-01 11:45:44 ----D---- C:\WINDOWS\system
2009-01-01 11:42:27 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-01-01 11:38:12 ----D---- C:\WINDOWS\EHome
2009-01-01 11:23:40 ----D---- C:\Program Files\Java
2008-12-26 21:15:50 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2008-12-25 17:56:43 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-24 15:06:01 ----D---- C:\WINDOWS\system32\DirectX
2008-12-24 15:05:52 ----HD---- C:\WINDOWS\msdownld.tmp
2008-12-20 01:25:13 ----D---- C:\Program Files\DivX
2008-12-20 01:12:30 ----D---- C:\Program Files\Google
2008-12-20 01:11:03 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-12-14 20:43:08 ----D---- C:\Program Files\NCH Software
2008-12-12 12:01:00 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-11-26 09:37:23 ----D---- C:\WINDOWS\Debug
2008-11-22 16:15:16 ----D---- C:\Program Files\Common Files\Apple
2008-11-22 16:13:05 ----D---- C:\Program Files\QuickTime
2008-11-18 16:30:15 ----D---- C:\WINDOWS\system32\Macromed
2008-11-18 16:26:43 ----SD---- C:\WINDOWS\Downloaded Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Athlon64 Processor Driver; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2003-11-07 35328]
R1 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2004-07-20 16512]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-02-02 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-02-02 27656]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-02-02 107272]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-18 12032]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-23 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-05-14 622172]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\getnd5b.sys [2004-01-29 44544]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2008-02-05 25624]
R3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-02-05 628760]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-02-05 41752]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2007-06-28 6807328]
R3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2008-02-05 13848]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2008-02-05 2570520]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2003-08-04 11392]
S2 CWMonitor;Symantec Crimeware Protection Driver; \??\C:\Program Files\Common Files\Symantec Shared\coShared\CW\1.5\CO_Mon.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-28 85969]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2007-03-18 17480]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 idmc1aud;Intel® Play™ USB Audio Filter (WDM); C:\WINDOWS\system32\drivers\idmc1aud.sys [2001-07-05 15188]
S3 IDMC1Blk;Intel Play DMC Download Driver; C:\WINDOWS\system32\DRIVERS\IDMC1Blk.sys [2001-07-05 14628]
S3 IDMC1Vxp;Intel® Play™ DMC Camera; C:\WINDOWS\system32\DRIVERS\idmc1vme.sys [2001-07-05 416564]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2008-02-05 689176]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2007-05-03 22152]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\System32\ntsim.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2003-08-04 6912]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-02-02 903960]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-02-02 298264]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-01 152984]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-02-05 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-02-05 150040]
R2 Maxtor Sync Service;Maxtor Service; C:\Program Files\Maxtor\Sync\SyncServices.exe [2008-07-21 193888]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-06-28 155716]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2007-11-23 66872]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2008-02-05 141848]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-20 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 10 February 2009 - 11:13 PM

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 burninator2998

burninator2998
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:20 PM

Posted 11 February 2009 - 07:48 PM

The computer is working a whole lot better now! Thank you so much for everything!

Here is the ESET log:


# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3846 (20090211)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=213da4338bd393469fd9ad94c06d743c
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-02-12 12:23:41
# local_time=2009-02-11 07:23:41 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=550547
# found=0
# scan_time=6487

#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:20 AM

Posted 11 February 2009 - 10:34 PM

Looks good to me.. Lets do some cleanup...


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbup2:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users