Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

When I press CRTL+ALT+DEL,


  • This topic is locked This topic is locked
22 replies to this topic

#1 zerooo

zerooo

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 06 February 2009 - 02:10 AM

When I press CRTL+ALT+DEL, "This has been disabled by administrator" message pops up and the system shuts down. :thumbup2:
help

This is my logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:22 PM, on 2/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\Msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [USBcillin] C:\WINDOWS\system32\USBcillin.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SYS1] C:\WINDOWS\system32\system.exe
O4 - HKLM\..\Run: [SYS2] C:\WINDOWS\system32\bad1.exe
O4 - HKLM\..\Run: [SYS3] C:\WINDOWS\system32\bad2.exe
O4 - HKLM\..\Run: [SYS4] C:\WINDOWS\system32\bad3.exe
O4 - HKLM\..\Run: [Msmsgs] C:\WINDOWS\system32\Msmsgs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0341D88E-8026-4418-9CFE-D32B0262C7A4}: NameServer = 202.70.64.5 202.70.64.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E684CF5-606C-491C-BCA9-2B365B61EC81}: NameServer = 192.168.0.1,192.168.0.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{0341D88E-8026-4418-9CFE-D32B0262C7A4}: NameServer = 202.70.64.5 202.70.64.15
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 6831 bytes



BC AdBot (Login to Remove)

 


#2 zerooo

zerooo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 07 February 2009 - 12:47 AM

can someone help me here please! :thumbup2:

#3 zerooo

zerooo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 08 February 2009 - 02:17 AM

can anyone help me with this please!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:16 PM, on 2/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\Msmsgs.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
H:\system.exe
H:\system.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
F:\Downloads NJ\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SYS1] C:\WINDOWS\system32\system.exe
O4 - HKLM\..\Run: [SYS2] C:\WINDOWS\system32\bad1.exe
O4 - HKLM\..\Run: [SYS3] C:\WINDOWS\system32\bad2.exe
O4 - HKLM\..\Run: [SYS4] C:\WINDOWS\system32\bad3.exe
O4 - HKLM\..\Run: [Msmsgs] C:\WINDOWS\system32\Msmsgs.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?8b76ed675e814a929dc3bb94a16eb8db
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?8b76ed675e814a929dc3bb94a16eb8db
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5828 bytes



START up list

StartupList report, 2/8/2009, 12:57:00 PM
StartupList version: 1.52.2
Started from : F:\Downloads NJ\HiJackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16762)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\Msmsgs.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
H:\system.exe
H:\system.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
F:\Downloads NJ\HiJackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Nischal\Start Menu\Programs\Startup]
OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
C-Media Mixer = Mixer.exe /startup
SunJavaUpdateSched = "C:\Program Files\Java\jre6\bin\jusched.exe"
AVG8_TRAY = C:\PROGRA~1\AVG\AVG8\avgtray.exe
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
SYS1 = C:\WINDOWS\system32\system.exe
SYS2 = C:\WINDOWS\system32\bad1.exe
SYS3 = C:\WINDOWS\system32\bad2.exe
SYS4 = C:\WINDOWS\system32\bad3.exe
Msmsgs = C:\WINDOWS\system32\Msmsgs.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

AcroIEHelperStub - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
WormRadar.com IESiteBlocker.NavFilter - C:\Program Files\AVG\AVG8\avgssie.dll - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
(no name) - C:\Program Files\Java\jre6\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - (no file) - {7E853D72-626A-48EC-A868-BA8D5E23E045}
(no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
(no name) - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL - {A057A204-BACC-4D26-9990-79A187E2698E}
(no name) - C:\Program Files\Windows Live Toolbar\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
(no name) - C:\Program Files\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
JQSIEStartDetectorImpl - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Check Updates for Windows Live Toolbar.job
1-Click Maintenance.job

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
End of report, 5,660 bytes
Report generated in 0.063 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


I can't run CMD or REGEDIT, when I press CTRL+ALT+DEL the system displays a message saying task manager has been disabled by administrator; but Im the only user.

HELP, pronto!!!!

#4 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:07:00 AM

Posted 08 February 2009 - 03:37 AM

Hello zerooo,

Welcome to Bleeping Computer.

My name mas_pogi and I will be helping you with your Malware problem.
As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts.

Attention!

Please do not run any other tool untill instructed to do so.
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.
Please reply to this thread, do not start another.




You might want to save this page on your bookmark, so you can find it again when you return.

Firefox: Posted Image Then click on Done.

IExplorer: Posted Image Then click on Add.

Stay calm and everything will be just alright.

I will be analyzing your log. I will get back to you with instructions after it is approved.

With Regards,
mas_pogi

Edited by mas_pogi, 08 February 2009 - 03:37 AM.


#5 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:07:00 AM

Posted 09 February 2009 - 04:27 PM

hi Zero,

Please promptly follow the instructions below;
  • Backup Your Registry with ERUNT
    • Please use the following link and scroll down to ERUNT and download it.
      http://aumha.org/freeware/freeware.php
    • For version with the Installer:
      Use the setup program to install ERUNT on your computer
    • For the zipped version:
      Unzip all the files into a folder of your choice.
    Click Erunt.exe to backup your registry to the folder of your choice.

    Note: to restore your registry, go to the folder and start ERDNT.exe

  • Please download the OTMoveIt3 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
    • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      :Processes
      explorer.exe
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SYS1"=-
      "SYS2"=-
      "SYS3"=-
      "SYS4"=-
      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
      "DisableRegistryTools"=dword:0 
      "DisableTaskMgr"=dword:0 
      
      :Files
      C:\WINDOWS\system32\system.exe
      C:\WINDOWS\system32\bad1.exe
      C:\WINDOWS\system32\bad2.exe
      C:\WINDOWS\system32\bad3.exe
      H:\system.exe
      F:\system.exe
      
      :Commands
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTMoveIt3
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


  • Your system is infected with a Flash Drive infector
    Warning: Any flash / jump drives you have connected to this system since your infection have been compromised by a flash drive infector. We are going to run a tool as part of the following fix which will disinfect your machine, as well as clean any flash drives connected to the system. It is advised you connect any flash drives that have been connected to this machine during this time frame to this system for the following fix, in order to disinfect them.

    We need to remove the Flash Drive infector
    • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
    • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
    • Wait until it has finished scanning and then exit the program.
    • Reboot your computer when done.
    Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

    • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
In your reply, please post

RSIT's log.txt and info.txt. They are both located at C:\RSIT
OTmoveit result


Mark

#6 zerooo

zerooo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 10 February 2009 - 04:12 AM

As you can see above I have pasted two different log files, the first one is my office computer and the second one is of home. should I follow the same on both computers.

#7 zerooo

zerooo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 10 February 2009 - 04:16 AM

did the above mentioned things on my second log of hijack this with the startup :thumbup2:

moveit log

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SYS1 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SYS2 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SYS3 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SYS4 deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\\"DisableRegistryTools"|dword:0 /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\\"DisableTaskMgr"|dword:0 /E : value set successfully!
========== FILES ==========
File/Folder C:\WINDOWS\system32\system.exe not found.
C:\WINDOWS\system32\bad1.exe moved successfully.
C:\WINDOWS\system32\bad2.exe moved successfully.
C:\WINDOWS\system32\bad3.exe moved successfully.
File/Folder H:\system.exe not found.
File/Folder F:\system.exe not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Nischal\LOCALS~1\Temp\~DFC15.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nischal\LOCALS~1\Temp\~DFC1C.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nischal\LOCALS~1\Temp\~DF2638.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nischal\LOCALS~1\Temp\~DF2648.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nischal\LOCALS~1\Temp\etilqs_VEFsiNyT8ccMMjs4ic4t scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nischal\LOCALS~1\Temp\4fdc6816-4580-4b07-8ab1-5a7512e033f4.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Nischal\LOCALS~1\Temp\9f4a6724-5c57-4e46-9b71-5b89e8033d5a.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_374.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Documents and Settings\Nischal\Local Settings\Application Data\Mozilla\Firefox\Profiles\62wxooqw.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nischal\Local Settings\Application Data\Mozilla\Firefox\Profiles\62wxooqw.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nischal\Local Settings\Application Data\Mozilla\Firefox\Profiles\62wxooqw.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nischal\Local Settings\Application Data\Mozilla\Firefox\Profiles\62wxooqw.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nischal\Local Settings\Application Data\Mozilla\Firefox\Profiles\62wxooqw.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Nischal\Local Settings\Application Data\Mozilla\Firefox\Profiles\62wxooqw.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02102009_144159

Files moved on Reboot...
File C:\DOCUME~1\Nischal\LOCALS~1\Temp\~DFC15.tmp not found!
File C:\DOCUME~1\Nischal\LOCALS~1\Temp\~DFC1C.tmp not found!
File C:\DOCUME~1\Nischal\LOCALS~1\Temp\~DF2638.tmp not found!
File C:\DOCUME~1\Nischal\LOCALS~1\Temp\~DF2648.tmp not found!
File C:\DOCUME~1\Nischal\LOCALS~1\Temp\etilqs_VEFsiNyT8ccMMjs4ic4t not found!
File C:\DOCUME~1\Nischal\LOCALS~1\Temp\4fdc6816-4580-4b07-8ab1-5a7512e033f4.tmp not found!
File C:\DOCUME~1\Nischal\LOCALS~1\Temp\9f4a6724-5c57-4e46-9b71-5b89e8033d5a.tmp not found!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_374.dat not found!
C:\Documents and Settings\Nischal\Local Settings\Application Data\Mozilla\Firefox\Profiles\62wxooqw.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Nischal\Local Settings\Application Data\Mozilla\Firefox\Profiles\62wxooqw.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Nischal\Local Settings\Application Data\Mozilla\Firefox\Profiles\62wxooqw.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Nischal\Local Settings\Application Data\Mozilla\Firefox\Profiles\62wxooqw.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Nischal\Local Settings\Application Data\Mozilla\Firefox\Profiles\62wxooqw.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Nischal\Local Settings\Application Data\Mozilla\Firefox\Profiles\62wxooqw.default\XUL.mfl moved successfully.



#8 zerooo

zerooo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 10 February 2009 - 04:18 AM

RSIT log

Logfile of random's system information tool 1.05 (written by random/random)
Run by Nischal at 2009-02-10 14:59:06
Microsoft Windows XP Professional Service Pack 3
System drive C: has 12 GB (58%) free of 20 GB
Total RAM: 511 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:59:25 PM, on 2/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\Msmsgs.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
H:\system.exe
F:\Downloads NJ\RSIT.exe
F:\Downloads NJ\HiJackThis\Nischal.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Msmsgs] C:\WINDOWS\system32\Msmsgs.exe
O4 - HKLM\..\Run: [SYS1] C:\WINDOWS\system32\system.exe
O4 - HKLM\..\Run: [SYS2] C:\WINDOWS\system32\bad1.exe
O4 - HKLM\..\Run: [SYS3] C:\WINDOWS\system32\bad2.exe
O4 - HKLM\..\Run: [SYS4] C:\WINDOWS\system32\bad3.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?8b76ed675e814a929dc3bb94a16eb8db
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?8b76ed675e814a929dc3bb94a16eb8db
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{59486F2E-8255-4AEB-A5BB-6A1DDA957273}: NameServer = 202.79.32.97 202.79.32.98
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6036 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\1-Click Maintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-02-03 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-03 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-02-03 1968920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 544032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-03 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-03 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-02-03 1968920]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2006-09-27 544032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
"C-Media Mixer"=Mixer.exe /startup []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-03 136600]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-02-03 1601304]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"Msmsgs"=C:\WINDOWS\system32\Msmsgs.exe [2008-05-28 286314]
"SYS1"=C:\WINDOWS\system32\system.exe []
"SYS2"=C:\WINDOWS\system32\bad1.exe []
"SYS3"=C:\WINDOWS\system32\bad2.exe []
"SYS4"=C:\WINDOWS\system32\bad3.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\Nischal\Start Menu\Programs\Startup
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-02-03 10520]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91
"NoFind"=1
"NoFolderOptions"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Disabled:TVAnts"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5a15fb4-f39a-11dd-9378-00e0e401ca93}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
shell\Explore\command - H:\system.exe
shell\Open\command - H:\system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7f01dfc-f682-11dd-9382-00e0e401ca93}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
shell\Explore\command - H:\system.exe
shell\Open\command - H:\system.exe


======List of files/folders created in the last 1 months======

2009-02-10 14:59:06 ----D---- C:\rsit
2009-02-10 14:49:05 ----D---- C:\WINDOWS\ERDNT
2009-02-10 14:42:01 ----A---- C:\WINDOWS\system32\bad3.exe
2009-02-10 14:42:01 ----A---- C:\WINDOWS\system32\bad2.exe
2009-02-10 14:42:01 ----A---- C:\WINDOWS\system32\bad1.exe
2009-02-10 14:41:59 ----D---- C:\_OTMoveIt
2009-02-10 14:37:17 ----D---- C:\Program Files\ERUNT
2009-02-09 13:14:08 ----HD---- C:\WINDOWS\$NtUninstallKB951978$
2009-02-09 13:13:42 ----HD---- C:\WINDOWS\$NtUninstallKB954459$
2009-02-08 21:52:45 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-02-08 21:52:18 ----D---- C:\WINDOWS\Prefetch
2009-02-08 17:33:43 ----HD---- C:\WINDOWS\$NtUninstallKB951066$
2009-02-08 17:33:33 ----HD---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-02-08 17:33:23 ----HD---- C:\WINDOWS\$NtUninstallKB946648$
2009-02-08 17:33:14 ----HD---- C:\WINDOWS\$NtUninstallKB956803$
2009-02-08 17:33:02 ----HD---- C:\WINDOWS\$NtUninstallKB954211$
2009-02-08 17:32:48 ----HD---- C:\WINDOWS\$NtUninstallKB956841$
2009-02-08 17:32:36 ----HD---- C:\WINDOWS\$NtUninstallKB950762$
2009-02-08 17:32:26 ----HD---- C:\WINDOWS\$NtUninstallKB957097$
2009-02-08 17:32:17 ----HD---- C:\WINDOWS\$NtUninstallKB958687$
2009-02-08 17:32:08 ----HD---- C:\WINDOWS\$NtUninstallKB952287$
2009-02-08 17:32:00 ----HD---- C:\WINDOWS\$NtUninstallKB938464$
2009-02-08 17:31:51 ----HD---- C:\WINDOWS\$NtUninstallKB954600$
2009-02-08 17:31:42 ----HD---- C:\WINDOWS\$NtUninstallKB958644$
2009-02-08 17:31:33 ----HD---- C:\WINDOWS\$NtUninstallKB955069$
2009-02-08 17:31:23 ----HD---- C:\WINDOWS\$NtUninstallKB952954$
2009-02-08 17:31:12 ----HD---- C:\WINDOWS\$NtUninstallKB950974$
2009-02-08 17:31:02 ----HD---- C:\WINDOWS\$NtUninstallKB951698$
2009-02-08 17:30:52 ----HD---- C:\WINDOWS\$NtUninstallKB951748$
2009-02-08 17:30:40 ----HD---- C:\WINDOWS\$NtUninstallKB956802$
2009-02-08 17:25:12 ----D---- C:\WINDOWS\system32\scripting
2009-02-08 17:25:11 ----D---- C:\WINDOWS\l2schemas
2009-02-08 17:25:10 ----D---- C:\WINDOWS\system32\en
2009-02-08 17:25:09 ----D---- C:\WINDOWS\system32\bits
2009-02-08 17:19:36 ----D---- C:\WINDOWS\ServicePackFiles
2009-02-08 17:09:52 ----HD---- C:\WINDOWS\$NtServicePackUninstall$
2009-02-08 14:03:12 ----HD---- C:\$AVG8.VAULT$
2009-02-08 12:45:32 ----D---- C:\WINDOWS\pss
2009-02-08 12:41:42 ----RASH---- C:\WINDOWS\system32\msmsgs.exe
2009-02-07 22:08:47 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-02-07 22:05:59 ----D---- C:\Program Files\Common Files\Adobe
2009-02-07 22:05:59 ----D---- C:\Program Files\Adobe
2009-02-07 22:04:43 ----SHD---- C:\Config.Msi
2009-02-07 21:48:27 ----D---- C:\WINDOWS\ie7updates
2009-02-07 21:43:46 ----D---- C:\WINDOWS\WBEM
2009-02-07 21:43:42 ----D---- C:\WINDOWS\system32\en-US
2009-02-07 21:40:13 ----HD---- C:\WINDOWS\ie7
2009-02-07 21:39:14 ----HD---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2009-02-07 21:38:34 ----HD---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2009-02-07 21:37:16 ----HD---- C:\WINDOWS\$NtUninstallKB915865$
2009-02-07 21:36:54 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-02-07 21:32:38 ----D---- C:\WINDOWS\network diagnostic
2009-02-07 21:32:35 ----HD---- C:\WINDOWS\$NtUninstallKB914440$
2009-02-07 21:31:40 ----HD---- C:\WINDOWS\$NtUninstallKB904942$
2009-02-07 21:30:25 ----D---- C:\Program Files\TVAnts
2009-02-07 20:05:39 ----HD---- C:\WINDOWS\$NtUninstallKB952954_0$
2009-02-07 20:05:04 ----HD---- C:\WINDOWS\$NtUninstallKB955839$
2009-02-07 20:01:24 ----HD---- C:\WINDOWS\$NtUninstallKB958215$
2009-02-07 20:01:15 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2009-02-07 20:00:08 ----HD---- C:\WINDOWS\$NtUninstallKB950974_0$
2009-02-07 19:59:10 ----HD---- C:\WINDOWS\$NtUninstallKB951698_0$
2009-02-07 19:57:47 ----HD---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-02-07 19:57:36 ----HD---- C:\WINDOWS\$NtUninstallKB951066_0$
2009-02-07 19:57:16 ----HD---- C:\WINDOWS\$NtUninstallKB951748_0$
2009-02-07 19:57:04 ----HD---- C:\WINDOWS\$NtUninstallKB956802_0$
2009-02-07 19:56:46 ----HD---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-02-07 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe
2009-02-07 19:52:18 ----D---- C:\Program Files\TuneUp Utilities 2007
2009-02-07 19:52:18 ----D---- C:\Documents and Settings\Nischal\Application Data\TuneUp Software
2009-02-07 19:51:46 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2009-02-07 19:51:33 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-02-07 10:46:48 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2009-02-07 10:18:04 ----HD---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2009-02-07 10:17:56 ----HD---- C:\WINDOWS\$NtUninstallKB946648_0$
2009-02-07 10:17:45 ----HD---- C:\WINDOWS\$NtUninstallKB956803_0$
2009-02-07 10:17:38 ----HD---- C:\WINDOWS\$NtUninstallKB956391$
2009-02-07 10:17:28 ----HD---- C:\WINDOWS\$NtUninstallKB954211_0$
2009-02-07 10:17:10 ----HD---- C:\WINDOWS\$NtUninstallKB956841_0$
2009-02-07 10:16:50 ----HD---- C:\WINDOWS\$NtUninstallKB960714$
2009-02-07 10:16:38 ----HD---- C:\WINDOWS\$NtUninstallKB950762_0$
2009-02-07 10:16:28 ----HD---- C:\WINDOWS\$NtUninstallKB957097_0$
2009-02-07 10:16:19 ----HD---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-02-07 10:16:09 ----HD---- C:\WINDOWS\$NtUninstallKB952287_0$
2009-02-07 10:15:59 ----HD---- C:\WINDOWS\$NtUninstallKB938464_0$
2009-02-07 10:15:50 ----HD---- C:\WINDOWS\$NtUninstallKB954600_0$
2009-02-07 10:15:40 ----HD---- C:\WINDOWS\$NtUninstallKB958644_0$
2009-02-07 10:15:26 ----HD---- C:\WINDOWS\$NtUninstallKB955069_0$
2009-02-05 21:36:22 ----D---- C:\Documents and Settings\Nischal\Application Data\Adobe
2009-02-05 21:35:45 ----D---- C:\Documents and Settings\Nischal\Application Data\OpenOffice.org
2009-02-05 12:42:14 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-02-05 12:42:14 ----D---- C:\WINDOWS\system32\PreInstall
2009-02-05 12:42:14 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-02-05 12:42:12 ----HD---- C:\WINDOWS\$NtUninstallKB898461$
2009-02-05 12:42:12 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-05 12:21:31 ----A---- C:\WINDOWS\system32\muweb.dll
2009-02-05 12:21:30 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-02-05 12:21:30 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-02-05 12:17:30 ----SHD---- C:\FOUND.000
2009-02-03 17:44:07 ----D---- C:\Program Files\Windows Live Favorites
2009-02-03 17:40:20 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2009-02-03 17:40:02 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-02-03 17:40:02 ----A---- C:\WINDOWS\system32\wups2.dll
2009-02-03 17:40:02 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2009-02-03 17:40:02 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-02-03 17:40:01 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-02-03 17:32:47 ----D---- C:\Program Files\Windows Live Toolbar
2009-02-03 17:29:50 ----D---- C:\WINDOWS\system32\DRVSTORE
2009-02-03 17:29:39 ----D---- C:\Program Files\MSN Messenger
2009-02-03 17:25:26 ----A---- C:\WINDOWS\system32\javaws.exe
2009-02-03 17:25:26 ----A---- C:\WINDOWS\system32\javaw.exe
2009-02-03 17:25:26 ----A---- C:\WINDOWS\system32\java.exe
2009-02-03 17:25:26 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-02-03 17:23:16 ----D---- C:\Documents and Settings\Nischal\Application Data\Macromedia
2009-02-03 17:19:01 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-02-03 17:18:49 ----D---- C:\Documents and Settings\Nischal\Application Data\AVGTOOLBAR
2009-02-03 17:18:43 ----D---- C:\Program Files\AVG
2009-02-03 17:18:43 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-02-03 17:12:42 ----D---- C:\Documents and Settings\Nischal\Application Data\Sun
2009-02-03 16:41:39 ----D---- C:\Documents and Settings\Nischal\Application Data\Mozilla
2009-02-03 16:37:10 ----D---- C:\Program Files\Java
2009-02-03 16:37:09 ----D---- C:\Program Files\Common Files\Java
2009-02-03 16:33:15 ----D---- C:\Program Files\Common Files\Softwin
2009-02-03 16:28:29 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-02-03 16:25:07 ----D---- C:\Program Files\Mozilla Firefox
2009-02-03 16:20:59 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA
2009-02-03 16:17:11 ----SHD---- C:\Recycled
2009-02-03 16:11:12 ----A---- C:\WINDOWS\mixerdef.ini
2009-02-03 16:09:01 ----D---- C:\Documents and Settings\Nischal\Application Data\WinRAR
2009-02-03 16:07:32 ----D---- C:\Program Files\OpenOffice.org 3
2009-02-03 16:01:53 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-02-03 16:01:50 ----N---- C:\WINDOWS\cmaudio.ini
2009-02-03 16:01:50 ----A---- C:\WINDOWS\system32\cmnprop.dll
2009-02-03 16:01:50 ----A---- C:\WINDOWS\system32\Audio3D.dll
2009-02-03 16:01:50 ----A---- C:\WINDOWS\system32\a3d.dll
2009-02-03 16:01:50 ----A---- C:\WINDOWS\mixer.exe
2009-02-03 16:01:50 ----A---- C:\WINDOWS\cmuninst.exe
2009-02-03 16:01:49 ----D---- C:\Program Files\C-Media
2009-02-03 16:01:13 ----D---- C:\Program Files\WinRAR
2009-02-03 16:00:53 ----D---- C:\WINDOWS\nview
2009-02-03 16:00:53 ----A---- C:\WINDOWS\system32\nvudisp.exe
2009-02-03 16:00:46 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-02-03 16:00:41 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2009-02-03 16:00:34 ----D---- C:\Program Files\Common Files\InstallShield
2009-02-03 16:00:24 ----D---- C:\NVIDIA
2009-02-03 15:59:05 ----D---- C:\Documents and Settings\Nischal\Application Data\Identities
2009-02-03 15:59:02 ----HD---- C:\Program Files\Uninstall Information
2009-02-03 15:58:49 ----ASH---- C:\Documents and Settings\Nischal\Application Data\desktop.ini
2009-02-03 15:58:48 ----SD---- C:\Documents and Settings\Nischal\Application Data\Microsoft
2009-02-03 15:57:45 ----SHD---- C:\System Volume Information
2009-02-03 15:57:45 ----D---- C:\WINDOWS\SoftwareDistribution
2009-02-03 15:56:37 ----SD---- C:\WINDOWS\system32\Microsoft
2009-02-03 15:56:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-03 15:48:26 ----D---- C:\WINDOWS\system32\xircom
2009-02-03 15:48:26 ----D---- C:\Program Files\xerox
2009-02-03 15:48:26 ----D---- C:\Program Files\microsoft frontpage
2009-02-03 15:47:55 ----A---- C:\WINDOWS\control.ini
2009-02-03 15:47:55 ----A---- C:\AUTOEXEC.BAT
2009-02-03 15:47:36 ----A---- C:\WINDOWS\OEWABLog.txt
2009-02-03 15:47:32 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-02-03 15:46:18 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-03 15:46:18 ----RD---- C:\WINDOWS\Offline Web Pages
2009-02-03 15:46:18 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-02-03 15:46:09 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-02-03 15:46:03 ----HD---- C:\Program Files\WindowsUpdate
2009-02-03 15:45:43 ----D---- C:\WINDOWS\system32\DirectX
2009-02-03 15:45:24 ----A---- C:\WINDOWS\system32\atrace.dll
2009-02-03 15:45:22 ----A---- C:\WINDOWS\system32\desktop.ini
2009-02-03 15:45:22 ----A---- C:\WINDOWS\desktop.ini
2009-02-03 15:45:16 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-02-03 15:45:15 ----A---- C:\WINDOWS\system32\acctres.dll
2009-02-03 15:45:14 ----D---- C:\Program Files\Common Files\Services
2009-02-03 15:45:12 ----SD---- C:\WINDOWS\Tasks
2009-02-03 15:45:12 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-02-03 15:45:11 ----D---- C:\Program Files\Common Files\MSSoap
2009-02-03 15:45:07 ----D---- C:\WINDOWS\srchasst
2009-02-03 15:45:06 ----D---- C:\WINDOWS\system32\Macromed
2009-02-03 15:45:03 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-02-03 15:45:03 ----A---- C:\WINDOWS\system32\wups.dll
2009-02-03 15:45:03 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-02-03 15:45:03 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-02-03 15:45:03 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-02-03 15:45:03 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-02-03 15:45:03 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-02-03 15:45:03 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-02-03 15:45:02 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-02-03 15:45:02 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-02-03 15:45:02 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-02-03 15:45:02 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-02-03 15:45:02 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-02-03 15:44:58 ----D---- C:\Program Files\Movie Maker
2009-02-03 15:44:55 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-02-03 15:44:55 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-02-03 15:44:55 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-02-03 15:44:55 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-02-03 15:44:51 ----D---- C:\WINDOWS\system32\Restore
2009-02-03 15:44:51 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-02-03 15:44:51 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-02-03 15:44:51 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-02-03 15:44:50 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-02-03 15:44:50 ----A---- C:\WINDOWS\system32\srclient.dll
2009-02-03 15:44:50 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-02-03 15:44:50 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-02-03 15:44:50 ----A---- C:\WINDOWS\system32\ils.dll
2009-02-03 15:44:49 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-02-03 15:44:49 ----A---- C:\WINDOWS\system32\msconf.dll
2009-02-03 15:44:49 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-02-03 15:44:47 ----D---- C:\Program Files\NetMeeting
2009-02-03 15:44:47 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-02-03 15:44:47 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-02-03 15:44:46 ----A---- C:\WINDOWS\system32\inetres.dll
2009-02-03 15:44:46 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-02-03 15:44:44 ----D---- C:\Program Files\Outlook Express
2009-02-03 15:44:44 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-02-03 15:44:44 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-02-03 15:44:44 ----A---- C:\WINDOWS\system32\mstask.dll
2009-02-03 15:44:43 ----A---- C:\WINDOWS\system32\isign32.dll
2009-02-03 15:44:43 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-02-03 15:44:43 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-02-03 15:44:43 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-02-03 15:44:38 ----D---- C:\Program Files\Common Files\System
2009-02-03 15:44:36 ----D---- C:\Program Files\Internet Explorer
2009-02-03 15:43:34 ----D---- C:\Program Files\ComPlus Applications
2009-02-03 15:43:33 ----A---- C:\WINDOWS\vbaddin.ini
2009-02-03 15:43:33 ----A---- C:\WINDOWS\vb.ini
2009-02-03 15:43:29 ----D---- C:\WINDOWS\Registration
2009-02-03 15:43:24 ----D---- C:\Program Files\Online Services
2009-02-03 15:43:23 ----D---- C:\Program Files\Windows Media Player
2009-02-03 15:43:16 ----D---- C:\Program Files\Messenger
2009-02-03 15:43:12 ----D---- C:\Program Files\MSN Gaming Zone
2009-02-03 15:43:12 ----A---- C:\WINDOWS\system32\write.exe
2009-02-03 15:43:04 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-02-03 15:43:04 ----A---- C:\WINDOWS\system32\hticons.dll
2009-02-03 15:43:03 ----A---- C:\WINDOWS\system32\winchat.exe
2009-02-03 15:43:03 ----A---- C:\WINDOWS\system32\avwav.dll
2009-02-03 15:43:03 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-02-03 15:43:03 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-02-03 15:42:57 ----A---- C:\WINDOWS\system32\getuname.dll
2009-02-03 15:42:57 ----A---- C:\WINDOWS\system32\charmap.exe
2009-02-03 15:42:56 ----A---- C:\WINDOWS\system32\winmine.exe
2009-02-03 15:42:56 ----A---- C:\WINDOWS\system32\sol.exe
2009-02-03 15:42:56 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-02-03 15:42:56 ----A---- C:\WINDOWS\system32\calc.exe
2009-02-03 15:42:55 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-02-03 15:42:55 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-02-03 15:42:55 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-02-03 15:42:55 ----A---- C:\WINDOWS\system32\tskill.exe
2009-02-03 15:42:55 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-02-03 15:42:55 ----A---- C:\WINDOWS\system32\tscon.exe
2009-02-03 15:42:55 ----A---- C:\WINDOWS\system32\shadow.exe
2009-02-03 15:42:55 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-02-03 15:42:55 ----A---- C:\WINDOWS\system32\reset.exe
2009-02-03 15:42:55 ----A---- C:\WINDOWS\system32\regini.exe
2009-02-03 15:42:55 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-02-03 15:42:55 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-02-03 15:42:55 ----A---- C:\WINDOWS\system32\freecell.exe
2009-02-03 15:42:54 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-02-03 15:42:54 ----A---- C:\WINDOWS\system32\msg.exe
2009-02-03 15:42:54 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-02-03 15:42:54 ----A---- C:\WINDOWS\system32\logoff.exe
2009-02-03 15:42:54 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-02-03 15:42:53 ----A---- C:\WINDOWS\system32\stclient.dll
2009-02-03 15:42:53 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-02-03 15:42:53 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-02-03 15:42:53 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-02-03 15:42:53 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-02-03 15:42:53 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-02-03 15:42:53 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-02-03 15:42:53 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-02-03 15:42:48 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-02-03 15:42:37 ----D---- C:\Program Files\MSN
2009-02-03 15:42:36 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-02-03 15:42:35 ----D---- C:\Program Files\Windows NT
2009-02-03 15:42:35 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-02-03 15:42:35 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-02-03 15:42:35 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-02-03 15:42:35 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-02-03 15:42:34 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-02-03 15:42:34 ----A---- C:\WINDOWS\system32\spider.exe
2009-02-03 15:42:34 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-02-03 15:42:33 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-02-03 15:42:33 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-02-03 15:42:33 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-02-03 15:42:33 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-02-03 15:42:33 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-02-03 15:42:33 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-02-03 15:42:33 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-02-03 15:42:33 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-02-03 15:42:33 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-02-03 15:42:32 ----D---- C:\WINDOWS\system32\MsDtc
2009-02-03 15:42:32 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-02-03 15:42:32 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-02-03 15:42:32 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-02-03 15:42:32 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-02-03 15:42:32 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-02-03 15:42:32 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-02-03 15:42:32 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-02-03 15:42:32 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-02-03 15:42:31 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-02-03 15:42:31 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-02-03 15:42:31 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-02-03 15:42:31 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-02-03 15:42:31 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-02-03 15:42:30 ----D---- C:\WINDOWS\system32\Com
2009-02-03 15:42:30 ----A---- C:\WINDOWS\system32\colbact.dll
2009-02-03 15:42:30 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-02-03 15:42:30 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-02-03 15:42:30 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-02-03 15:42:30 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-02-03 15:42:29 ----A---- C:\WINDOWS\system32\comuid.dll
2009-02-03 15:42:29 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-02-03 15:42:29 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-02-03 15:42:23 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-02-03 15:42:23 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-02-03 15:42:23 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-02-03 15:42:23 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-02-03 15:38:34 ----A---- C:\WINDOWS\system32\h323log.txt
2009-02-03 15:33:03 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2009-02-03 15:32:45 ----A---- C:\WINDOWS\system32\usbui.dll
2009-02-03 15:31:38 ----A---- C:\WINDOWS\imsins.BAK
2009-02-03 15:31:35 ----SHD---- C:\WINDOWS\Installer
2009-02-03 15:31:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-03 15:31:34 ----D---- C:\Program Files\Common Files\ODBC
2009-02-03 15:31:34 ----A---- C:\WINDOWS\ODBCINST.INI
2009-02-03 15:31:31 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-02-03 15:31:30 ----RD---- C:\Program Files
2009-02-03 15:31:30 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-02-03 15:31:30 ----D---- C:\Program Files\Common Files
2009-02-03 15:31:27 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-02-03 15:31:27 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-02-03 15:31:27 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-02-03 15:31:26 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-02-03 15:31:26 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-02-03 15:31:26 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-02-03 15:31:26 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-02-03 15:31:26 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-02-03 15:31:26 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-02-03 15:31:26 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-02-03 15:31:26 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-02-03 15:31:26 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-02-03 15:31:25 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-02-03 15:31:25 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-02-03 15:31:25 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-02-03 15:31:24 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-02-03 15:31:24 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-02-03 15:31:24 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-02-03 15:31:24 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-02-03 15:31:24 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-02-03 15:31:24 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-02-03 15:31:24 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-02-03 15:31:22 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-02-03 15:31:22 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-02-03 15:31:22 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-02-03 15:31:22 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-02-03 15:31:22 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-02-03 15:31:21 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-02-03 15:31:21 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-02-03 15:31:21 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-02-03 15:31:21 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-02-03 15:31:21 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-02-03 15:31:21 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-02-03 15:31:21 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-02-03 15:31:21 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-02-03 15:31:21 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-02-03 15:31:21 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-02-03 15:31:21 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-02-03 15:31:21 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-02-03 15:31:20 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-02-03 15:31:18 ----A---- C:\WINDOWS\system32\irclass.dll
2009-02-03 15:31:18 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-02-03 15:31:18 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-02-03 15:31:17 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-02-03 15:31:17 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-02-03 15:31:15 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-02-03 15:31:15 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-02-03 15:31:15 ----A---- C:\WINDOWS\system32\batt.dll
2009-02-03 15:31:14 ----A---- C:\WINDOWS\notepad.exe
2009-02-03 15:31:12 ----A---- C:\WINDOWS\system32\storprop.dll
2009-02-03 15:31:04 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-02-03 15:28:58 ----RA---- C:\WINDOWS\SET8.tmp
2009-02-03 15:28:55 ----RA---- C:\WINDOWS\SET4.tmp
2009-02-03 15:28:54 ----RA---- C:\WINDOWS\SET3.tmp
2009-02-03 15:28:48 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-03 15:28:48 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-03 15:28:42 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-02-03 15:28:25 ----A---- C:\WINDOWS\setuplog.txt
2009-02-03 15:28:21 ----D---- C:\Documents and Settings
2009-02-03 15:27:23 ----SH---- C:\boot.ini
2009-02-03 15:22:35 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-02-03 15:22:35 ----RSD---- C:\WINDOWS\Fonts
2009-02-03 15:22:35 ----RD---- C:\WINDOWS\Web
2009-02-03 15:22:35 ----HD---- C:\WINDOWS\inf
2009-02-03 15:22:35 ----D---- C:\WINDOWS\WinSxS
2009-02-03 15:22:35 ----D---- C:\WINDOWS\twain_32
2009-02-03 15:22:35 ----D---- C:\WINDOWS\Temp
2009-02-03 15:22:35 ----D---- C:\WINDOWS\system32\wins
2009-02-03 15:22:35 ----D---- C:\WINDOWS\system32\wbem
2009-02-03 15:22:35 ----D---- C:\WINDOWS\system32\usmt
2009-02-03 15:22:35 ----D---- C:\WINDOWS\system32\spool
2009-02-03 15:22:35 ----D---- C:\WINDOWS\system32\ShellExt
2009-02-03 15:22:35 ----D---- C:\WINDOWS\system32\Setup
2009-02-03 15:22:35 ----D---- C:\WINDOWS\system32\ras
2009-02-03 15:22:35 ----D---- C:\WINDOWS\system32\oobe
2009-02-03 15:22:35 ----D---- C:\WINDOWS\system32\npp
2009-02-03 15:22:35 ----D---- C:\WINDOWS\system32\mui
2009-02-03 15:22:35 ----D---- C:\WINDOWS\system32\inetsrv
2009-02-03 15:22:35 ----D---- C:\WINDOWS\system32\IME
2009-02-03 15:22:35 ----D---- C:\WINDOWS\system32\icsxml
2009-02-03 15:22:35 ----D---- C:\WINDOWS\system32\ias
2009-02-03 15:22:35 ----D---- C:\WINDOWS\system32\export
2009-02-03 15:22:35 ----D---- C:\WINDOWS\system32\drivers
2009-02-03 15:22:35 ----D---- C:\WINDOWS\system32\dhcp
2009-02-03 15:22:35 ----D---- C:\WINDOWS\system32\config
2009-02-03 15:22:35 ----D---- C:\WINDOWS\system32\3com_dmi
2009-02-03 15:22:35 ----D---- C:\WINDOWS\system32\3076
2009-02-03 15:22:35 ----D---- C:\WINDOWS\system32\2052
2009-02-03 15:22:35 ----D---- C:\WINDOWS\system32\1054
2009-02-03 15:22:35 ----D---- C:\WINDOWS\system32\1042
2009-02-03 15:22:35 ----D---- C:\WINDOWS\system32\1041
2009-02-03 15:22:35 ----D---- C:\WINDOWS\system32\1037
2009-02-03 15:22:35 ----D---- C:\WINDOWS\system32\1033
2009-02-03 15:22:35 ----D---- C:\WINDOWS\system32\1031
2009-02-03 15:22:35 ----D---- C:\WINDOWS\system32\1028
2009-02-03 15:22:35 ----D---- C:\WINDOWS\system32\1025
2009-02-03 15:22:35 ----D---- C:\WINDOWS\system32
2009-02-03 15:22:35 ----D---- C:\WINDOWS\system
2009-02-03 15:22:35 ----D---- C:\WINDOWS\security
2009-02-03 15:22:35 ----D---- C:\WINDOWS\Resources
2009-02-03 15:22:35 ----D---- C:\WINDOWS\repair
2009-02-03 15:22:35 ----D---- C:\WINDOWS\Provisioning
2009-02-03 15:22:35 ----D---- C:\WINDOWS\PeerNet
2009-02-03 15:22:35 ----D---- C:\WINDOWS\pchealth
2009-02-03 15:22:35 ----D---- C:\WINDOWS\mui
2009-02-03 15:22:35 ----D---- C:\WINDOWS\msapps
2009-02-03 15:22:35 ----D---- C:\WINDOWS\msagent
2009-02-03 15:22:35 ----D---- C:\WINDOWS\Media
2009-02-03 15:22:35 ----D---- C:\WINDOWS\java
2009-02-03 15:22:35 ----D---- C:\WINDOWS\ime
2009-02-03 15:22:35 ----D---- C:\WINDOWS\Help
2009-02-03 15:22:35 ----D---- C:\WINDOWS\ehome
2009-02-03 15:22:35 ----D---- C:\WINDOWS\Driver Cache
2009-02-03 15:22:35 ----D---- C:\WINDOWS\Debug
2009-02-03 15:22:35 ----D---- C:\WINDOWS\Cursors
2009-02-03 15:22:35 ----D---- C:\WINDOWS\Connection Wizard
2009-02-03 15:22:35 ----D---- C:\WINDOWS\Config
2009-02-03 15:22:35 ----D---- C:\WINDOWS\AppPatch
2009-02-03 15:22:35 ----D---- C:\WINDOWS\addins
2009-02-03 15:22:35 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2009-02-03 17:17:14 ----A---- C:\WINDOWS\win.ini
2009-02-03 15:31:32 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-02-03 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-02-03 27656]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-02-03 107272]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 36224]
R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-07-16 379726]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 DM9102;DAVICOM 9102(A) PCI Fast Ethernet Based NT Driver; C:\WINDOWS\system32\DRIVERS\DM9PCI5.SYS [2001-08-17 29696]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-02-03 903960]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-02-03 298264]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-03 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------


RSIT info

info.txt logfile of random's system information tool 1.05 2009-02-10 14:59:31

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Form Fill (Windows Live Toolbar)-->MsiExec.exe /X{F5AF5CDA-76FC-4794-9F28-09B6D54E7431}
HijackThis 2.0.2-->"F:\Downloads NJ\HiJackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Macromedia Shockwave Player-->C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log
Map Button (Windows Live Toolbar)-->MsiExec.exe /X{ECDA9BD9-A54E-462A-8191-A2B569D9AB34}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{DF821FC5-C198-452B-A0D4-82433EFEAE9B}
OpenOffice.org 3.0-->MsiExec.exe /I{92B79901-C57D-409F-8D2F-4E5337383569}
PCI Audio Driver-->cmuninst.exe
Popup Blocker (Windows Live Toolbar)-->MsiExec.exe /X{117CD9C0-0F15-4633-93D7-F957B50535A5}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{95FC661A-A0C5-4B18-92CE-90347DA79CC9}
Tabbed Browsing (Windows Live Toolbar)-->MsiExec.exe /X{1707BF02-0F5C-4A6C-8F17-053BB73E443F}
TuneUp Utilities 2007-->MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
TVAnts 1.0-->C:\PROGRA~1\TVANTS\UNWISE.EXE C:\PROGRA~1\TVANTS\INSTALL.LOG
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Outlook Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{A40D6757-B145-4FE7-B694-89180A9F3F64}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{3727B920-F5A3-46A4-AC02-94F421A039C7}
Windows Live Toolbar Feed Detector (Windows Live Toolbar)-->MsiExec.exe /X{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
Windows Live Toolbar-->MsiExec.exe /X{DA0FFF7B-DA9D-46A2-A329-87804ECA58EA}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: AVG Anti-Virus Free

System event log

Computer Name: SLOWSYSTEM1000
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 00E0E401CA93. The IP address being used is 169.254.67.217.

Record Number: 5
Source Name: Dhcp
Time Written: 20090203154049.000000+345
Event Type: warning
User:

Computer Name: SLOWSYSTEM1000
Event Code: 6011
Message: The NetBIOS name and DNS host name of this machine have been changed from MACHINENAME to SLOWSYSTEM1000.

Record Number: 4
Source Name: EventLog
Time Written: 20090203153907.000000+345
Event Type: information
User:

Computer Name: MACHINENAME
Event Code: 2
Message: While validating that \Device\Serial0 was really a serial port, a fifo was detected. The fifo will be used.

Record Number: 3
Source Name: Serial
Time Written: 20090203211347.000000+345
Event Type: information
User:

Computer Name: MACHINENAME
Event Code: 6005
Message: The Event log service was started.

Record Number: 2
Source Name: EventLog
Time Written: 20090203211326.000000+345
Event Type: information
User:

Computer Name: MACHINENAME
Event Code: 6009
Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 2 Uniprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20090203211326.000000+345
Event Type: information
User:

Application event log

Computer Name: SLOWSYSTEM1000
Event Code: 1000
Message: Performance counters for the MSDTC (MSDTC) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 5
Source Name: LoadPerf
Time Written: 20090203154326.000000+345
Event Type: information
User:

Computer Name: SLOWSYSTEM1000
Event Code: 1000
Message: Performance counters for the TermService (Terminal Services) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 4
Source Name: LoadPerf
Time Written: 20090203154323.000000+345
Event Type: information
User:

Computer Name: SLOWSYSTEM1000
Event Code: 1000
Message: Performance counters for the RemoteAccess (Routing and Remote Access) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 3
Source Name: LoadPerf
Time Written: 20090203154009.000000+345
Event Type: information
User:

Computer Name: SLOWSYSTEM1000
Event Code: 1000
Message: Performance counters for the PSched (PSched) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 2
Source Name: LoadPerf
Time Written: 20090203153945.000000+345
Event Type: information
User:

Computer Name: SLOWSYSTEM1000
Event Code: 1000
Message: Performance counters for the RSVP (QoS RSVP) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 1
Source Name: LoadPerf
Time Written: 20090203153944.000000+345
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 1 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0103
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------


hope everthing is gone, cheers!! :thumbup2:

#9 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:07:00 AM

Posted 10 February 2009 - 08:58 AM

hi.

As you can see above I have pasted two different log files, the first one is my office computer and the second one is of home. should I follow the same on both computers.


Seems you ran the fix to your office computer.

However your office computer condition needs to be inform to your
Admin. They are the one who maintains computers in a company. We need
his/her approval before we take steps on cleaning your office computer. Because there
are some instances that some company don't want to disclose their apps or whatsoever.
Let me know if they will permit you. So that I can deal with it after we cleaned your first computer.


I will revise your fix for your home computer. Lets do the home computer first.

Mark


edit..

Edited by mas_pogi, 10 February 2009 - 09:14 AM.


#10 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:07:00 AM

Posted 10 February 2009 - 05:18 PM

hi.

This instructions is for your home computer.


Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Your system is infected with a Flash Drive infector
Warning: Any flash / jump drives you have connected to this system since your infection have been compromised by a flash drive infector. We are going to run a tool as part of the following fix which will disinfect your machine, as well as clean any flash drives connected to the system. It is advised you connect any flash drives that have been connected to this machine during this time frame to this system for the following fix, in order to disinfect them.

Please let owners of other machines to which you have connected any flash media or drives that their machines may now be infected.

We need to remove the Flash Drive infector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.


In your reply, please post

C:\combofix.txt


Mark

#11 zerooo

zerooo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 10 February 2009 - 10:14 PM

its me own office so that won't be a problem :),

move it log for office computer

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SYS1 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SYS2 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SYS3 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SYS4 deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\\"DisableRegistryTools"|dword:0 /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\\"DisableTaskMgr"|dword:0 /E : value set successfully!
========== FILES ==========
File/Folder C:\WINDOWS\system32\system.exe not found.
C:\WINDOWS\system32\bad1.exe moved successfully.
C:\WINDOWS\system32\bad2.exe moved successfully.
C:\WINDOWS\system32\bad3.exe moved successfully.
File/Folder H:\system.exe not found.
File/Folder F:\system.exe not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF79AA.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_0wKHD6mrtc21u0xVA3im scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8cadxqf.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8cadxqf.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8cadxqf.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8cadxqf.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8cadxqf.default\XUL.mfl scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8cadxqf.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02112009_101714

Files moved on Reboot...
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF79AA.tmp moved successfully.
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_0wKHD6mrtc21u0xVA3im not found!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8cadxqf.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8cadxqf.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8cadxqf.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8cadxqf.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8cadxqf.default\XUL.mfl moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8cadxqf.default\urlclassifier3.sqlite moved successfully.


RSIT log



Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrator at 2009-02-11 10:22:32
Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (19%) free of 20 GB
Total RAM: 509 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:44 AM, on 2/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20978)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\USBcillin.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\Msmsgs.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [USBcillin] C:\WINDOWS\system32\USBcillin.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Msmsgs] C:\WINDOWS\system32\Msmsgs.exe
O4 - HKLM\..\Run: [SYS1] C:\WINDOWS\system32\system.exe
O4 - HKLM\..\Run: [SYS2] C:\WINDOWS\system32\bad1.exe
O4 - HKLM\..\Run: [SYS3] C:\WINDOWS\system32\bad2.exe
O4 - HKLM\..\Run: [SYS4] C:\WINDOWS\system32\bad3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0341D88E-8026-4418-9CFE-D32B0262C7A4}: NameServer = 202.70.64.5 202.70.64.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E684CF5-606C-491C-BCA9-2B365B61EC81}: NameServer = 192.168.0.1,192.168.0.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{0341D88E-8026-4418-9CFE-D32B0262C7A4}: NameServer = 202.70.64.5 202.70.64.15
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 7014 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-02-02 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-02-02 1968920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-02-02 1968920]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-02-02 1601304]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2007-10-27 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"USBcillin"=C:\WINDOWS\system32\USBcillin.exe [2008-03-30 126976]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"Msmsgs"=C:\WINDOWS\system32\Msmsgs.exe [2008-05-28 286314]
"SYS1"=C:\WINDOWS\system32\system.exe []
"SYS2"=C:\WINDOWS\system32\bad1.exe []
"SYS3"=C:\WINDOWS\system32\bad2.exe []
"SYS4"=C:\WINDOWS\system32\bad3.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-02-02 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-08-24 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2007-01-17 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=1
"DisableTaskMgr"=1
"NoDispCPL"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0
"NoDispCPL"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91
"NoFolderOptions"=1
"NoActiveDesktop"=0
"NoPrinters"=0
"NoSetFolders"=0
"NoViewContextMenu"=0
"NoDesktop"=0
"NoRun"=0
"NoFind"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoFolderOptions"=
"NoActiveDesktop"=
"NoPrinters"=
"NoSetFolders"=
"NoViewContextMenu"=
"NoDesktop"=
"NoRun"=
"NoFind"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\groove.exe"="C:\Program Files\Microsoft Office\Office12\groove.exe:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\Games\RON\rise.exe"="D:\Games\RON\rise.exe:*:Enabled:Rise of Nations"
"D:\Games\RON\thrones.exe"="D:\Games\RON\thrones.exe:*:Enabled:Rise of Nations"
"D:\1.6og\hl.exe"="D:\1.6og\hl.exe:*:Enabled:Half-Life Launcher"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62b8de8c-ec35-11dd-b6d8-0050bf511aa6}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
shell\Explore\command - F:\system.exe
shell\Open\command - F:\system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a186154-bab5-11dd-b66a-0050bf511aa6}]
shell\AutoRun\command - iph.exe %1
shell\Explore\command - iph.exe %1
shell\Open\command - iph.exe %1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82ed205d-f423-11dd-b6e6-0050bf511aa6}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
shell\Explore\command - F:\system.exe
shell\Open\command - F:\system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82ed205e-f423-11dd-b6e6-0050bf511aa6}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
shell\Explore\command - F:\system.exe
shell\Open\command - F:\system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a267fe4-f281-11dd-b6e3-0050bf511aa6}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
shell\Explore\command - G:\system.exe
shell\Open\command - G:\system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b033324c-f05f-11dd-b6df-0050bf511aa6}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
shell\Explore\command - G:\system.exe
shell\Open\command - G:\system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1b3e854-c59f-11dd-b687-0050bf511aa6}]
shell\1\command - Recycled.exe
shell\2\command - Recycled.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e31d7024-a185-11dd-b641-0050bf511aa6}]
shell\AutoRun\command - F:\iph.exe %1
shell\Explore\command - F:\iph.exe %1
shell\Open\command - F:\iph.exe %1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5b5610e-f367-11dd-b6e4-0050bf511aa6}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
shell\Explore\command - F:\system.exe
shell\Open\command - F:\system.exe


======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2009-02-11 10:22:32 ----D---- C:\rsit
2009-02-11 10:17:34 ----A---- C:\WINDOWS\system32\bad3.exe
2009-02-11 10:17:29 ----A---- C:\WINDOWS\system32\bad2.exe
2009-02-11 10:17:24 ----A---- C:\WINDOWS\system32\bad1.exe
2009-02-11 10:17:14 ----D---- C:\_OTMoveIt
2009-02-11 10:16:39 ----D---- C:\WINDOWS\ERDNT
2009-02-11 08:54:27 ----HD---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-07 15:14:54 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-02-07 15:14:53 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-01-27 11:37:36 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-01-27 11:37:32 ----HD---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-01-27 11:35:40 ----HD---- C:\WINDOWS\$NtUninstallwmp11$
2009-01-27 11:32:49 ----HD---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-01-27 09:18:57 ----RASH---- C:\WINDOWS\system32\msmsgs.exe
2009-01-23 12:11:48 ----SHD---- C:\FOUND.016
2009-01-22 12:06:26 ----D---- C:\WINDOWS\Minidump
2009-01-20 11:44:07 ----D---- C:\Documents and Settings\Administrator\Application Data\Thunderbird
2009-01-15 12:13:32 ----HD---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-15 12:09:28 ----SHD---- C:\FOUND.015
2009-01-14 11:37:40 ----D---- C:\Documents and Settings\Administrator\Application Data\FileZilla
2009-01-14 11:37:05 ----D---- C:\Program Files\FileZilla FTP Client
2009-01-14 10:13:38 ----N---- C:\WINDOWS\system32\iyvu9_32.dll
2009-01-14 10:13:38 ----N---- C:\WINDOWS\system32\iacenc.dll
2009-01-14 10:13:36 ----D---- C:\Program Files\Ligos
2009-01-14 09:57:36 ----D---- C:\Documents and Settings\All Users\Application Data\Macrovision
2009-01-14 09:52:27 ----D---- C:\Program Files\Common Files\Adobe Systems Shared
2009-01-13 09:07:08 ----SHD---- C:\FOUND.014
2009-01-13 08:45:28 ----SHD---- C:\FOUND.013
2009-01-13 08:38:16 ----SHD---- C:\FOUND.012

======List of files/folders modified in the last 1 months======

2009-02-11 10:17:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-11 08:54:24 ----A---- C:\WINDOWS\imsins.BAK
2009-02-04 05:06:12 ----A---- C:\WINDOWS\system32\MRT.exe
2009-02-02 16:24:36 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-01-16 22:09:38 ----A---- C:\WINDOWS\system32\mshtml.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-02-02 325128]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-02-02 27656]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-02-02 107272]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2007-10-27 62336]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-09-29 4108992]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-08-24 5776928]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-10-27 12160]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2007-07-12 96384]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 i740;i740; C:\WINDOWS\system32\DRIVERS\i740nt5.sys [2001-08-17 58592]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2007-01-17 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2007-01-17 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-02-02 903960]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-02-02 298264]
R2 UxTuneUp;TuneUp Design Expansion; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-01-14 68096]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\wmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 {4eauultaw;{4eauultaw; C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-09-29 4108992]

-----------------EOF-----------------


RSIT info

info.txt logfile of random's system information tool 1.05 2009-02-11 10:22:46

======Uninstall list======

-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {471159EB-BECC-453C-B6F2-FE4FAB29B3F3}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe PageMaker 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\PageMaker 7.0\Uninst.isu" -c"C:\Program Files\Adobe\PageMaker 7.0\Uninst.dll"
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Alky for Applications (Windows XP)-->MsiExec.exe /X{BB05D173-9681-4812-A7FA-BD4042A3DA00}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
FileZilla Client 3.2.0-rc2-->C:\Program Files\FileZilla FTP Client\uninstall.exe
HijackThis 2.0.2-->"C:\Documents and Settings\Administrator\Desktop\HiJackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Indeo® XP Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\UninstXP.isu"
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Macromedia Dreamweaver 8-->MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.19)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
PowerDVD Ultra-->"C:\Program Files\InstallShield Installation Information\{1F0B7A92-C643-4F8F-B35F-2CBAE4FEA4F3}\setup.exe" -l0x000409 /z-uninstall
Realtek AC'97 Audio-->Alcrmv.exe -r -m
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
TheSage-->"C:\Program Files\TheSage\uninstall.exe"
TuneUp Utilities 2007-->MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb959634)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {50C77E2F-5C1C-467D-9BC8-3CA07D28C9F2}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Sidebar-->RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,UnInstall
Windows Vista Games Main (uninstall last)-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\NR_VGmz.inf,RemoveMainFiles
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: AVG Anti-Virus Free

System event log

Computer Name: OFFICECOMPUTER
Event Code: 7036
Message: The Universal Plug and Play Device Host service entered the running state.

Record Number: 786
Source Name: Service Control Manager
Time Written: 20090113080040.000000+345
Event Type: information
User:

Computer Name: OFFICECOMPUTER
Event Code: 7036
Message: The Remote Access Auto Connection Manager service entered the running state.

Record Number: 785
Source Name: Service Control Manager
Time Written: 20090113080040.000000+345
Event Type: information
User:

Computer Name: OFFICECOMPUTER
Event Code: 7035
Message: The Universal Plug and Play Device Host service was successfully sent a start control.

Record Number: 784
Source Name: Service Control Manager
Time Written: 20090113080040.000000+345
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: OFFICECOMPUTER
Event Code: 7035
Message: The Remote Access Auto Connection Manager service was successfully sent a start control.

Record Number: 783
Source Name: Service Control Manager
Time Written: 20090113080040.000000+345
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: OFFICECOMPUTER
Event Code: 7036
Message: The Remote Access Connection Manager service entered the running state.

Record Number: 782
Source Name: Service Control Manager
Time Written: 20090113080040.000000+345
Event Type: information
User:

Application event log

Computer Name: OFFICECOMPUTER
Event Code: 1000
Message: Performance counters for the MSDTC (MSDTC) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 5
Source Name: LoadPerf
Time Written: 20081019150604.000000+345
Event Type: information
User:

Computer Name: OFFICECOMPUTER
Event Code: 1000
Message: Performance counters for the TermService (Terminal Services) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 4
Source Name: LoadPerf
Time Written: 20081019150600.000000+345
Event Type: information
User:

Computer Name: OFFICECOMPUTER
Event Code: 1000
Message: Performance counters for the RemoteAccess (Routing and Remote Access) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 3
Source Name: LoadPerf
Time Written: 20081019150439.000000+345
Event Type: information
User:

Computer Name: OFFICECOMPUTER
Event Code: 1000
Message: Performance counters for the PSched (PSched) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 2
Source Name: LoadPerf
Time Written: 20081019150407.000000+345
Event Type: information
User:

Computer Name: OFFICECOMPUTER
Event Code: 1000
Message: Performance counters for the RSVP (QoS RSVP) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 1
Source Name: LoadPerf
Time Written: 20081019150406.000000+345
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0605
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------


:thumbup2:

Edited by zerooo, 10 February 2009 - 11:41 PM.


#12 zerooo

zerooo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 11 February 2009 - 02:56 AM

i just realised that I can't click on the taskmanager in the taskbar, also there is no folder options.

flash disinfector doesnt seem to work.

#13 zerooo

zerooo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 11 February 2009 - 03:06 AM

Done the things for home computer

combofix log

ComboFix 09-02-10.02 - Nischal 2009-02-11 13:44:23.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.148 [GMT 5.75:45]
Running from: c:\documents and settings\Nischal\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\autorun.inf
c:\windows\system32\bad1.exe
c:\windows\system32\bad2.exe
c:\windows\system32\bad3.exe
c:\windows\system32\msmsgs.exe

.
((((((((((((((((((((((((( Files Created from 2009-01-11 to 2009-02-11 )))))))))))))))))))))))))))))))
.

2009-02-10 17:49 . 2009-02-10 17:49 <DIR> d--hs---- C:\FOUND.001
2009-02-10 16:18 . 2009-02-10 16:18 685,816 --a------ c:\windows\system32\drivers\sptd.sys
2009-02-10 14:59 . 2009-02-10 14:59 <DIR> d-------- C:\rsit
2009-02-10 14:41 . 2009-02-10 14:42 <DIR> d-------- C:\_OTMoveIt
2009-02-10 14:37 . 2009-02-10 14:37 <DIR> d-------- c:\program files\ERUNT
2009-02-08 21:52 . 2008-04-14 05:57 221,184 --a------ c:\windows\system32\wmpns.dll
2009-02-08 17:25 . 2009-02-08 17:25 <DIR> d-------- c:\windows\system32\scripting
2009-02-08 17:25 . 2009-02-08 17:25 <DIR> d-------- c:\windows\system32\en
2009-02-08 17:25 . 2009-02-08 17:25 <DIR> d-------- c:\windows\system32\bits
2009-02-08 17:25 . 2009-02-08 17:25 <DIR> d-------- c:\windows\l2schemas
2009-02-08 17:19 . 2009-02-08 17:19 <DIR> d-------- c:\windows\ServicePackFiles
2009-02-08 14:03 . 2009-02-08 14:03 <DIR> d--h----- C:\$AVG8.VAULT$
2009-02-07 22:08 . 2009-02-07 22:08 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-02-07 22:05 . 2009-02-07 22:06 <DIR> d-------- c:\program files\Common Files\Adobe
2009-02-07 21:45 . 2008-10-17 02:23 6,066,176 --------- c:\windows\system32\dllcache\ieframe.dll
2009-02-07 21:45 . 2007-04-17 15:17 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat
2009-02-07 21:45 . 2007-03-08 10:55 991,232 --------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-07 21:45 . 2008-10-17 02:23 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll
2009-02-07 21:45 . 2008-10-17 02:23 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll
2009-02-07 21:45 . 2008-10-17 02:23 267,776 --------- c:\windows\system32\dllcache\iertutil.dll
2009-02-07 21:45 . 2008-10-17 02:23 63,488 --------- c:\windows\system32\dllcache\icardie.dll
2009-02-07 21:45 . 2008-10-17 02:23 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-07 21:45 . 2008-10-16 18:56 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-07 21:30 . 2009-02-07 21:30 <DIR> d-------- c:\program files\TVAnts
2009-02-07 20:01 . 2007-03-29 04:42 29,704 --a------ c:\windows\system32\uxtuneup.dll
2009-02-07 19:52 . 2009-02-07 19:52 <DIR> d-------- c:\program files\TuneUp Utilities 2007
2009-02-07 19:52 . 2009-02-07 19:52 <DIR> d-------- c:\documents and settings\Nischal\Application Data\TuneUp Software
2009-02-07 19:51 . 2009-02-07 19:51 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-07 19:51 . 2009-02-07 19:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-02-07 10:35 . 2008-04-12 00:49 691,712 --------- c:\windows\system32\dllcache\inetcomm.dll
2009-02-05 21:40 . 2008-06-13 16:50 272,128 --------- c:\windows\system32\drivers\bthport.sys
2009-02-05 21:40 . 2008-06-13 16:50 272,128 --------- c:\windows\system32\dllcache\bthport.sys
2009-02-05 21:35 . 2009-02-05 21:35 <DIR> d-------- c:\documents and settings\Nischal\Application Data\OpenOffice.org
2009-02-05 21:29 . 2008-09-15 17:57 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys
2009-02-05 21:26 . 2008-08-14 15:56 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-05 21:26 . 2008-08-14 15:54 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-05 21:26 . 2008-08-14 15:18 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-05 21:26 . 2008-08-14 15:18 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-05 21:12 . 2008-10-24 17:06 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-05 21:12 . 2008-05-08 19:47 203,136 --------- c:\windows\system32\dllcache\rmcast.sys
2009-02-05 21:10 . 2008-12-11 16:42 333,952 --------- c:\windows\system32\dllcache\srv.sys
2009-02-05 12:54 . 2008-10-15 22:19 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2009-02-05 12:42 . 2009-02-05 12:42 <DIR> d--h----- c:\windows\$hf_mig$
2009-02-05 12:42 . 2007-08-10 20:46 26,488 --a------ c:\windows\system32\spupdsvc.exe
2009-02-05 12:21 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-02-05 12:21 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-02-05 12:21 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-02-05 12:20 . 2009-02-05 12:20 <DIR> d--hs---- c:\documents and settings\Nischal\UserData
2009-02-05 12:17 . 2009-02-05 12:17 <DIR> d--hs---- C:\FOUND.000
2009-02-04 20:30 . 2009-02-04 20:30 <DIR> d-------- c:\documents and settings\Nischal\Contacts
2009-02-03 17:44 . 2009-02-03 17:44 <DIR> d-------- c:\program files\Windows Live Favorites
2009-02-03 17:40 . 2009-02-03 17:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Windows Live Toolbar
2009-02-03 17:40 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll
2009-02-03 17:40 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2009-02-03 17:40 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2009-02-03 17:40 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2009-02-03 17:40 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui
2009-02-03 17:32 . 2009-02-03 17:32 <DIR> d-------- c:\program files\Windows Live Toolbar
2009-02-03 17:29 . 2009-02-03 17:29 <DIR> d-------- c:\windows\system32\DRVSTORE
2009-02-03 17:29 . 2009-02-03 17:29 <DIR> d-------- c:\program files\MSN Messenger
2009-02-03 17:25 . 2009-02-03 17:25 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-03 17:25 . 2009-02-03 17:25 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-03 17:19 . 2009-02-03 17:19 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-02-03 17:18 . 2009-02-03 17:18 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-02-03 17:18 . 2009-02-03 17:18 <DIR> d-------- c:\program files\AVG
2009-02-03 17:18 . 2009-02-03 17:18 <DIR> d-------- c:\documents and settings\Nischal\Application Data\AVGTOOLBAR
2009-02-03 17:18 . 2009-02-03 17:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-02-03 17:18 . 2009-02-03 17:18 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-02-03 17:18 . 2009-02-03 17:19 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-02-03 16:41 . 2009-02-03 16:41 14 --a------ c:\documents and settings\Nischal\getfile.dat
2009-02-03 16:41 . 2009-02-03 16:41 0 --a------ c:\windows\nsreg.dat
2009-02-03 16:37 . 2009-02-03 16:37 <DIR> d-------- c:\program files\Java
2009-02-03 16:37 . 2009-02-03 16:37 <DIR> d-------- c:\program files\Common Files\Java
2009-02-03 16:33 . 2009-02-03 16:33 <DIR> d-------- c:\program files\Common Files\Softwin
2009-02-03 16:20 . 2009-02-03 16:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\NVIDIA
2009-02-03 16:17 . 2009-02-03 16:17 <DIR> d--hs---- C:\Recycled
2009-02-03 16:11 . 2009-02-03 16:11 25 --a------ c:\windows\mixerdef.ini
2009-02-03 16:07 . 2009-02-03 16:07 <DIR> d-------- c:\program files\OpenOffice.org 3
2009-02-03 16:02 . 2008-04-14 00:30 172,416 --a------ c:\windows\system32\drivers\kmixer.sys
2009-02-03 16:02 . 2008-04-13 22:24 142,592 --a------ c:\windows\system32\drivers\aec.sys
2009-02-03 16:02 . 2008-04-14 01:02 83,072 --a------ c:\windows\system32\drivers\wdmaud.sys
2009-02-03 16:02 . 2008-04-14 01:00 60,800 --a------ c:\windows\system32\drivers\sysaudio.sys
2009-02-03 16:02 . 2008-04-14 00:30 56,576 --a------ c:\windows\system32\drivers\swmidi.sys
2009-02-03 16:02 . 2008-04-14 00:30 52,864 --a------ c:\windows\system32\drivers\DMusic.sys
2009-02-03 16:02 . 2008-04-14 00:24 7,552 --a------ c:\windows\system32\drivers\mskssrv.sys
2009-02-03 16:02 . 2008-04-14 00:30 6,272 --a------ c:\windows\system32\drivers\splitter.sys
2009-02-03 16:02 . 2008-04-14 00:24 5,376 --a------ c:\windows\system32\drivers\mspclock.sys
2009-02-03 16:02 . 2008-04-14 00:24 4,992 --a------ c:\windows\system32\drivers\mspqm.sys
2009-02-03 16:02 . 2008-04-14 00:30 2,944 --a------ c:\windows\system32\drivers\drmkaud.sys
2009-02-03 16:01 . 2009-02-03 16:01 <DIR> d-------- c:\program files\C-Media
2009-02-03 16:00 . 2009-02-03 16:00 <DIR> d-------- c:\windows\nview
2009-02-03 16:00 . 2009-02-03 16:00 <DIR> d-------- c:\program files\Common Files\InstallShield
2009-02-03 16:00 . 2009-02-03 16:00 <DIR> d-------- C:\NVIDIA
2009-02-03 16:00 . 2006-10-22 15:06 208,896 --a------ c:\windows\system32\NVUNINST.EXE
2009-02-03 16:00 . 2006-10-22 12:22 208,896 --a------ c:\windows\system32\nvudisp.exe
2009-02-03 16:00 . 2009-02-11 12:42 88,566 --a------ c:\windows\system32\nvapps.xml
2009-02-03 16:00 . 2006-10-22 12:22 17,056 --a------ c:\windows\system32\nvdisp.nvu

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 10:03 --------- d-----w c:\program files\microsoft frontpage
2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-03 136600]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-03 1601304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
"C-Media Mixer"="Mixer.exe" [2002-07-12 c:\windows\mixer.exe]

c:\documents and settings\Nischal\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-03 17:19 10520 c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-03 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-03 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-03 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-03 298264]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5a15fb4-f39a-11dd-9378-00e0e401ca93}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
\Shell\Explore\command - H:\system.exe
\Shell\Open\command - H:\system.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7f01dfc-f682-11dd-9382-00e0e401ca93}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
\Shell\Explore\command - H:\system.exe
\Shell\Open\command - H:\system.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-11 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]

2009-02-07 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-27 06:51]
.
.
------- Supplementary Scan -------
.
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?8b76ed675e814a929dc3bb94a16eb8db
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?8b76ed675e814a929dc3bb94a16eb8db
FF - ProfilePath - c:\documents and settings\Nischal\Application Data\Mozilla\Firefox\Profiles\62wxooqw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-11 13:46:05
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-02-11 13:47:24
ComboFix-quarantined-files.txt 2009-02-11 08:02:22

Pre-Run: 11,862,147,072 bytes free
Post-Run: 11,856,150,528 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

206 --- E O F --- 2009-02-09 07:29:14


thnks for the help. so where do i stand now?

#14 mas_pogi

mas_pogi

    Carpal Tunnel of Love


  • Members
  • 1,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tokyo, JP
  • Local time:07:00 AM

Posted 12 February 2009 - 06:33 AM

hi.

Lets continue.
  • 1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the quotebox below into it:

    FILE::
    H:\system.exe

    REGISTRY::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5a15fb4-f39a-11dd-9378-00e0e401ca93}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7f01dfc-f682-11dd-9382-00e0e401ca93}]


    Save this as CFScript.txt, in the same location as ComboFix.exe


    Posted Image

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

  • Please do a scan with Kaspersky Online Scanner

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    Click on the Accept button and install any components it needs.
    • The program will install and then begin downloading the latest definition files.
    • After the files have been downloaded on the left side of the page in the Scan section select My Computer
    • This will start the program and scan your system.
    • The scan will take a while, so be patient and let it run.
    • Once the scan is complete, click on View scan report
    • Now, click on the Save Report as button.
    • Save the file to your desktop.
    • Copy and paste that information in your next post.
  • i just realised that I can't click on the taskmanager in the taskbar, also there is no folder options.

    Do you still have this issue in your computer?
    How's your computer now?
In your reply, please post

C:\combofix.txt
C:\QooBox\Add-Remove Programs.txt
<--don't forget this one.
Kaspersky scan result
Answer to my questions


Mark

#15 zerooo

zerooo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 13 February 2009 - 01:59 AM

:) compurter looks better now,

And taskbar and folder options are back :thumbup2:

here is the combo fix log

ComboFix 09-02-10.02 - Nischal 2009-02-13 12:32:13.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.237 [GMT 5.75:45]
Running from: c:\documents and settings\Nischal\My Documents\ComboFix.exe
Command switches used :: c:\documents and settings\Nischal\My Documents\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
H:\system.exe
.

((((((((((((((((((((((((( Files Created from 2009-01-13 to 2009-02-13 )))))))))))))))))))))))))))))))
.

2009-02-12 11:26 . 2001-08-17 22:36 8,704 --a------ c:\windows\system32\kbdjpn.dll
2009-02-12 11:26 . 2001-08-17 22:36 8,704 --a------ c:\windows\system32\dllcache\kbdjpn.dll
2009-02-12 11:26 . 2001-08-17 22:36 8,192 --a------ c:\windows\system32\kbdkor.dll
2009-02-12 11:26 . 2001-08-17 22:36 8,192 --a------ c:\windows\system32\dllcache\kbdkor.dll
2009-02-12 11:26 . 2008-04-14 05:54 6,144 --a------ c:\windows\system32\kbd106.dll
2009-02-12 11:26 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101c.dll
2009-02-12 11:26 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101b.dll
2009-02-12 11:26 . 2008-04-14 05:54 6,144 --a------ c:\windows\system32\dllcache\kbd106.dll
2009-02-12 11:26 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\dllcache\kbd101c.dll
2009-02-12 11:26 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\dllcache\kbd101b.dll
2009-02-12 11:26 . 2001-08-17 14:55 5,632 --a------ c:\windows\system32\kbd103.dll
2009-02-12 11:26 . 2001-08-17 14:55 5,632 --a------ c:\windows\system32\dllcache\kbd103.dll
2009-02-10 16:18 . 2009-02-10 16:18 685,816 --a------ c:\windows\system32\drivers\sptd.sys
2009-02-10 14:59 . 2009-02-10 14:59 <DIR> d-------- C:\rsit
2009-02-10 14:41 . 2009-02-10 14:42 <DIR> d-------- C:\_OTMoveIt
2009-02-10 14:37 . 2009-02-10 14:37 <DIR> d-------- c:\program files\ERUNT
2009-02-08 21:52 . 2008-04-14 05:57 221,184 --a------ c:\windows\system32\wmpns.dll
2009-02-08 17:25 . 2009-02-08 17:25 <DIR> d-------- c:\windows\system32\scripting
2009-02-08 17:25 . 2009-02-08 17:25 <DIR> d-------- c:\windows\system32\en
2009-02-08 17:25 . 2009-02-08 17:25 <DIR> d-------- c:\windows\system32\bits
2009-02-08 17:25 . 2009-02-08 17:25 <DIR> d-------- c:\windows\l2schemas
2009-02-08 17:19 . 2009-02-08 17:19 <DIR> d-------- c:\windows\ServicePackFiles
2009-02-08 14:03 . 2009-02-08 14:03 <DIR> d--h----- C:\$AVG8.VAULT$
2009-02-07 22:08 . 2009-02-07 22:08 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-02-07 22:05 . 2009-02-07 22:06 <DIR> d-------- c:\program files\Common Files\Adobe
2009-02-07 21:45 . 2008-10-17 02:23 6,066,176 --------- c:\windows\system32\dllcache\ieframe.dll
2009-02-07 21:45 . 2007-04-17 15:17 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat
2009-02-07 21:45 . 2007-03-08 10:55 991,232 --------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-07 21:45 . 2008-10-17 02:23 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll
2009-02-07 21:45 . 2008-10-17 02:23 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll
2009-02-07 21:45 . 2008-10-17 02:23 267,776 --------- c:\windows\system32\dllcache\iertutil.dll
2009-02-07 21:45 . 2008-10-17 02:23 63,488 --------- c:\windows\system32\dllcache\icardie.dll
2009-02-07 21:45 . 2008-10-17 02:23 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-07 21:45 . 2008-10-16 18:56 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-07 21:30 . 2009-02-07 21:30 <DIR> d-------- c:\program files\TVAnts
2009-02-07 20:01 . 2007-03-29 04:42 29,704 --a------ c:\windows\system32\uxtuneup.dll
2009-02-07 19:52 . 2009-02-07 19:52 <DIR> d-------- c:\program files\TuneUp Utilities 2007
2009-02-07 19:52 . 2009-02-07 19:52 <DIR> d-------- c:\documents and settings\Nischal\Application Data\TuneUp Software
2009-02-07 19:51 . 2009-02-07 19:51 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-07 19:51 . 2009-02-07 19:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-02-07 10:35 . 2008-04-12 00:49 691,712 --------- c:\windows\system32\dllcache\inetcomm.dll
2009-02-05 21:40 . 2008-06-13 16:50 272,128 --------- c:\windows\system32\drivers\bthport.sys
2009-02-05 21:40 . 2008-06-13 16:50 272,128 --------- c:\windows\system32\dllcache\bthport.sys
2009-02-05 21:35 . 2009-02-05 21:35 <DIR> d-------- c:\documents and settings\Nischal\Application Data\OpenOffice.org
2009-02-05 21:29 . 2008-09-15 17:57 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys
2009-02-05 21:26 . 2008-08-14 15:56 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-05 21:26 . 2008-08-14 15:54 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-05 21:26 . 2008-08-14 15:18 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-05 21:26 . 2008-08-14 15:18 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-05 21:12 . 2008-10-24 17:06 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-05 21:12 . 2008-05-08 19:47 203,136 --------- c:\windows\system32\dllcache\rmcast.sys
2009-02-05 21:10 . 2008-12-11 16:42 333,952 --------- c:\windows\system32\dllcache\srv.sys
2009-02-05 12:54 . 2008-10-15 22:19 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2009-02-05 12:42 . 2009-02-05 12:42 <DIR> d--h----- c:\windows\$hf_mig$
2009-02-05 12:42 . 2007-08-10 20:46 26,488 --a------ c:\windows\system32\spupdsvc.exe
2009-02-05 12:21 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-02-05 12:21 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-02-05 12:21 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-02-04 20:30 . 2009-02-04 20:30 <DIR> d-------- c:\documents and settings\Nischal\Contacts
2009-02-03 17:44 . 2009-02-03 17:44 <DIR> d-------- c:\program files\Windows Live Favorites
2009-02-03 17:40 . 2009-02-03 17:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\Windows Live Toolbar
2009-02-03 17:40 . 2008-10-16 14:09 43,544 --a------ c:\windows\system32\wups2.dll
2009-02-03 17:40 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui
2009-02-03 17:40 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui
2009-02-03 17:40 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2009-02-03 17:40 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui
2009-02-03 17:32 . 2009-02-03 17:32 <DIR> d-------- c:\program files\Windows Live Toolbar
2009-02-03 17:29 . 2009-02-03 17:29 <DIR> d-------- c:\windows\system32\DRVSTORE
2009-02-03 17:29 . 2009-02-03 17:29 <DIR> d-------- c:\program files\MSN Messenger
2009-02-03 17:25 . 2009-02-03 17:25 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-03 17:25 . 2009-02-03 17:25 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-03 17:19 . 2009-02-03 17:19 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-02-03 17:18 . 2009-02-03 17:18 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-02-03 17:18 . 2009-02-03 17:18 <DIR> d-------- c:\program files\AVG
2009-02-03 17:18 . 2009-02-03 17:18 <DIR> d-------- c:\documents and settings\Nischal\Application Data\AVGTOOLBAR
2009-02-03 17:18 . 2009-02-03 17:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-02-03 17:18 . 2009-02-03 17:18 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-02-03 17:18 . 2009-02-03 17:19 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-02-03 16:41 . 2009-02-03 16:41 14 --a------ c:\documents and settings\Nischal\getfile.dat
2009-02-03 16:41 . 2009-02-03 16:41 0 --a------ c:\windows\nsreg.dat
2009-02-03 16:37 . 2009-02-03 16:37 <DIR> d-------- c:\program files\Java
2009-02-03 16:37 . 2009-02-03 16:37 <DIR> d-------- c:\program files\Common Files\Java
2009-02-03 16:33 . 2009-02-03 16:33 <DIR> d-------- c:\program files\Common Files\Softwin
2009-02-03 16:20 . 2009-02-03 16:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\NVIDIA
2009-02-03 16:17 . 2009-02-03 16:17 <DIR> d--hs---- C:\Recycled
2009-02-03 16:11 . 2009-02-03 16:11 25 --a------ c:\windows\mixerdef.ini
2009-02-03 16:07 . 2009-02-03 16:07 <DIR> d-------- c:\program files\OpenOffice.org 3
2009-02-03 16:02 . 2008-04-14 00:30 172,416 --a------ c:\windows\system32\drivers\kmixer.sys
2009-02-03 16:02 . 2008-04-13 22:24 142,592 --a------ c:\windows\system32\drivers\aec.sys
2009-02-03 16:02 . 2008-04-14 01:02 83,072 --a------ c:\windows\system32\drivers\wdmaud.sys
2009-02-03 16:02 . 2008-04-14 01:00 60,800 --a------ c:\windows\system32\drivers\sysaudio.sys
2009-02-03 16:02 . 2008-04-14 00:30 56,576 --a------ c:\windows\system32\drivers\swmidi.sys
2009-02-03 16:02 . 2008-04-14 00:30 52,864 --a------ c:\windows\system32\drivers\DMusic.sys
2009-02-03 16:02 . 2008-04-14 00:24 7,552 --a------ c:\windows\system32\drivers\mskssrv.sys
2009-02-03 16:02 . 2008-04-14 00:30 6,272 --a------ c:\windows\system32\drivers\splitter.sys
2009-02-03 16:02 . 2008-04-14 00:24 5,376 --a------ c:\windows\system32\drivers\mspclock.sys
2009-02-03 16:02 . 2008-04-14 00:24 4,992 --a------ c:\windows\system32\drivers\mspqm.sys
2009-02-03 16:02 . 2008-04-14 00:30 2,944 --a------ c:\windows\system32\drivers\drmkaud.sys
2009-02-03 16:01 . 2009-02-03 16:01 <DIR> d-------- c:\program files\C-Media
2009-02-03 16:00 . 2009-02-03 16:00 <DIR> d-------- c:\windows\nview
2009-02-03 16:00 . 2009-02-03 16:00 <DIR> d-------- c:\program files\Common Files\InstallShield
2009-02-03 16:00 . 2009-02-03 16:00 <DIR> d-------- C:\NVIDIA
2009-02-03 16:00 . 2006-10-22 15:06 208,896 --a------ c:\windows\system32\NVUNINST.EXE
2009-02-03 16:00 . 2006-10-22 12:22 208,896 --a------ c:\windows\system32\nvudisp.exe
2009-02-03 16:00 . 2009-02-13 12:08 88,566 --a------ c:\windows\system32\nvapps.xml
2009-02-03 16:00 . 2006-10-22 12:22 17,056 --a------ c:\windows\system32\nvdisp.nvu

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-03 10:03 --------- d-----w c:\program files\microsoft frontpage
2008-12-13 06:40 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-02-11_13.46.32.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 06:17:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\2-12-2009\ERDNT.EXE
+ 2009-02-12 05:29:12 1,306,624 ----a-w c:\windows\ERDNT\AutoBackup\2-12-2009\Users\00000001\ntuser.dat
+ 2009-02-12 05:29:14 167,936 ----a-w c:\windows\ERDNT\AutoBackup\2-12-2009\Users\00000002\UsrClass.dat
+ 2005-10-20 06:17:28 163,328 ----a-w c:\windows\ERDNT\AutoBackup\2-13-2009\ERDNT.EXE
+ 2009-02-13 06:23:20 1,376,256 ----a-w c:\windows\ERDNT\AutoBackup\2-13-2009\Users\00000001\ntuser.dat
+ 2009-02-13 06:23:20 167,936 ----a-w c:\windows\ERDNT\AutoBackup\2-13-2009\Users\00000002\UsrClass.dat
+ 2009-02-13 06:24:02 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_764.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-03 136600]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-03 1601304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]
"C-Media Mixer"="Mixer.exe" [2002-07-12 c:\windows\mixer.exe]

c:\documents and settings\Nischal\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-03 17:19 10520 c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-03 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-03 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-03 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-03 298264]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-02-12 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]

2009-02-07 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-27 06:51]
.
.
------- Supplementary Scan -------
.
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?8b76ed675e814a929dc3bb94a16eb8db
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?8b76ed675e814a929dc3bb94a16eb8db
FF - ProfilePath - c:\documents and settings\Nischal\Application Data\Mozilla\Firefox\Profiles\62wxooqw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-13 12:33:54
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-02-13 12:35:13
ComboFix-quarantined-files.txt 2009-02-13 06:50:12
ComboFix2.txt 2009-02-11 08:02:28

Pre-Run: 11,794,923,520 bytes free
Post-Run: 11,784,372,224 bytes free

206 --- E O F --- 2009-02-09 07:29:14


the ad-remove log

Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9
AVG Free 8.0
ERUNT 1.1j
Form Fill (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 11
Macromedia Shockwave Player
Map Button (Windows Live Toolbar)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.6)
NVIDIA Drivers
OneCare Advisor (Windows Live Toolbar)
OpenOffice.org 3.0
PCI Audio Driver
Popup Blocker (Windows Live Toolbar)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
Smart Menus (Windows Live Toolbar)
Tabbed Browsing (Windows Live Toolbar)
TuneUp Utilities 2007
TVAnts 1.0
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
WebFldrs XP
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows XP Service Pack 3
WinRAR archiver






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users