Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

adware and slow performance


  • This topic is locked This topic is locked
11 replies to this topic

#1 cflip

cflip

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 08 February 2009 - 07:06 PM

annoying popups with firefox
annoying slower performance
and the works =\






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:05:43 PM, on 2/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Airlink101\AWLH5026\WLService.exe
C:\Program Files\Airlink101\AWLH5026\AWLH5026.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\GIGABYTE\VGA Utility Manager\G-VGA.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\DAEMON Tools Lite\YASU.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\set769.tmp
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GIGABYTE\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [94e72d98] rundll32.exe "C:\WINDOWS\system32\qynjwoir.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
O20 - AppInit_DLLs: ekeqat.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MIMO XR TM PCI Adapter WLService (MIMO XR TM PCI WLService) - Unknown owner - C:\Program Files\Airlink101\AWLH5026\WLService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9913 bytes

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 11 February 2009 - 06:57 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 cflip

cflip
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 13 February 2009 - 05:16 PM

Malwarebytes' Anti-Malware 1.34
Database version: 1759
Windows 5.1.2600 Service Pack 3

2/13/2009 1:41:56 PM
mbam-log-2009-02-13 (13-41-56).txt

Scan type: Full Scan (C:\|)
Objects scanned: 301003
Time elapsed: 2 hour(s), 11 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 17
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 40

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\iifdcBRH.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\qyrcidtl.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\loesfj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\vtUlIbAR.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2628f0fe-73e4-4c3d-bdf2-4be7dd65a8b6} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{2628f0fe-73e4-4c3d-bdf2-4be7dd65a8b6} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65af5dc4-33f4-4866-ba8e-cbd4823e6a1d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{65af5dc4-33f4-4866-ba8e-cbd4823e6a1d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtulibar (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{65af5dc4-33f4-4866-ba8e-cbd4823e6a1d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1b4aad01-9db2-69a6-1e14-63af59d20fa8} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\94e72d98 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\iifdcbrh -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\iifdcbrh -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\iifdcBRH.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\HRBcdfii.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\HRBcdfii.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\loesfj.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vtUlIbAR.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\emhqcrmu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\umrcqhme.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fwixkvfu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ufvkxiwf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qyrcidtl.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ltdicryq.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3GO6ZR80\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\83WE4KJ1\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C76ABCDE-02DE-4991-AC49-286B4D9261E7}\RP1329\A0951108.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C76ABCDE-02DE-4991-AC49-286B4D9261E7}\RP1332\A0952156.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C76ABCDE-02DE-4991-AC49-286B4D9261E7}\RP1332\A0952158.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C76ABCDE-02DE-4991-AC49-286B4D9261E7}\RP1355\A0955130.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ixjevynf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oognxoec.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qkabjtfy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wivasppg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bjjbrtxt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mnvvov.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnnLcbb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ultxqirv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\epedaocv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ckyopr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blnfcdee.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\frcdhvig.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tcptjmeu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atpkohll.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ybbxfs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zsqfmm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcaqjib.dll.ren (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ekeqat.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuvULEwU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRLdaAq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hgGywTjg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJAPHBT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssqRICrr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Edited by cflip, 13 February 2009 - 05:17 PM.


#4 cflip

cflip
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 13 February 2009 - 05:20 PM

Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrator at 2009-02-13 13:49:09
Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (3%) free of 153 GB
Total RAM: 1023 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:49:17 PM, on 2/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Airlink101\AWLH5026\WLService.exe
C:\Program Files\Airlink101\AWLH5026\AWLH5026.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\GIGABYTE\VGA Utility Manager\G-VGA.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\antimalware stuff\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: {e99e} - {8ad1313d-5318-4683-86e3-a2e82c7b4bfd} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GIGABYTE\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
O20 - AppInit_DLLs: yuqikv.dll loesfj.dll
O20 - Winlogon Notify: efcAQjIB - efcAQjIB.dll (file missing)
O20 - Winlogon Notify: qoMdETMD - qoMdETMD.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MIMO XR TM PCI Adapter WLService (MIMO XR TM PCI WLService) - Unknown owner - C:\Program Files\Airlink101\AWLH5026\WLService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10647 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8ad1313d-5318-4683-86e3-a2e82c7b4bfd}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-16 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-16 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-16 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2008-11-03 463872]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-16 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-03 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2004-10-22 53248]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]
"nwiz"=nwiz.exe /install []
"VGAUtil"=C:\Program Files\GIGABYTE\VGA Utility Manager\G-VGA.exe [2008-03-08 544768]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-04-23 228088]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-03-13 1443072]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-27 68856]
"LogitechSoftwareUpdate"=C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-09-11 218032]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-27 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^MagicDisc.lnk]
C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2007-09-04 557568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
C:\Documents and Settings\Administrator\Local Settings\Temp\{33914301-42B7-4E71-A5DD-FB98C4971865}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe /remind /language=ENU /PRNM=RollerCoaster Tycoon 3/PRMP=RCT3/SKUN=PCXX/GTYP=STRY []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2
"SSScsiSV"=3
"SPTISRV"=3
"SonicStage Back-End Service"=3
"PnkBstrB"=2
"PnkBstrA"=2
"iPod Service"=3
"AVP"=3
"AVG Anti-Spyware Guard"=2
"Apple Mobile Device"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="yuqikv.dll loesfj.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcAQjIB]
efcAQjIB.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qoMdETMD]
qoMdETMD.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\GIGABYTE\VGA Utility Manager\G-VGA.exe"="C:\Program Files\GIGABYTE\VGA Utility Manager\G-VGA.exe:*:Enabled:Menu"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\Steam\steamapps\s0m1_f0r_sum_rzn@msn.com\half-life\hl.exe"="C:\Program Files\Steam\steamapps\s0m1_f0r_sum_rzn@msn.com\half-life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\SEGA\PhantasyStarOnline\Pso.EXE"="C:\Program Files\SEGA\PhantasyStarOnline\Pso.EXE:*:Enabled:Pso"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam Client"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Nexon\MapleStory\MapleStory.exe"="C:\Nexon\MapleStory\MapleStory.exe:*:Enabled:MapleStory"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe"="C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9"
"C:\Program Files\Steam\steamapps\s0m1_f0r_sum_rzn@msn.com\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\s0m1_f0r_sum_rzn@msn.com\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\s0m1_f0r_sum_rzn@msn.com\day of defeat source\hl2.exe"="C:\Program Files\Steam\steamapps\s0m1_f0r_sum_rzn@msn.com\day of defeat source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Solid State Networks Browser Plugin"
"C:\Program Files\Steam\steamapps\s0m1_f0r_sum_rzn@msn.com\source sdk base\hl2.exe"="C:\Program Files\Steam\steamapps\s0m1_f0r_sum_rzn@msn.com\source sdk base\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\s0m1_f0r_sum_rzn@msn.com\diprip warm up\hl2.exe"="C:\Program Files\Steam\steamapps\s0m1_f0r_sum_rzn@msn.com\diprip warm up\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe"="C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe:*:Enabled:MediaManager9 Module"
"C:\Program Files\Java\jdk1.6.0_02\jre\bin\java.exe"="C:\Program Files\Java\jdk1.6.0_02\jre\bin\java.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:left4dead"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\EA GAMES\Mirror's Edge\Binaries\MirrorsEdge.exe"="C:\Program Files\EA GAMES\Mirror's Edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Sierra Entertainment\FEAR Perseus Mandate\FEARXP2.exe"="C:\Program Files\Sierra Entertainment\FEAR Perseus Mandate\FEARXP2.exe:*:Enabled:FEARXP2"
"C:\Program Files\Sierra\FEAR\FEAR.exe"="C:\Program Files\Sierra\FEAR\FEAR.exe:*:Enabled:FEAR"
"C:\Program Files\Sierra\FEAR\FEARMP.exe"="C:\Program Files\Sierra\FEAR\FEARMP.exe:*:Enabled:FEAR"
"C:\Program Files\Sierra\FEAR\FEARXP\FEARXP.exe"="C:\Program Files\Sierra\FEAR\FEARXP\FEARXP.exe:*:Enabled:FEARXP"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe"="C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\AutoRun.exe


======File associations======

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver2.exe","%1"

======List of files/folders created in the last 3 months======

2009-02-13 13:49:09 ----D---- C:\rsit
2009-02-13 09:58:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-13 00:42:59 ----A---- C:\WINDOWS\system32\msexcr.ini
2009-02-11 15:58:43 ----A---- C:\WINDOWS\system32\fjsddh.dll
2009-02-11 15:58:41 ----A---- C:\WINDOWS\system32\hjfjcyro.dll
2009-02-11 15:56:45 ----SH---- C:\WINDOWS\system32\soweijcf.ini
2009-02-11 06:57:18 ----A---- C:\WINDOWS\system32\pjtgjh.dll
2009-02-11 06:57:14 ----A---- C:\WINDOWS\system32\kriywdtc.dll
2009-02-11 06:51:18 ----SH---- C:\WINDOWS\system32\etqddllc.ini
2009-02-10 06:54:16 ----A---- C:\WINDOWS\system32\ugmkwrab.dll
2009-02-10 00:16:42 ----SH---- C:\WINDOWS\system32\wkpbeicr.ini
2009-02-10 00:16:39 ----A---- C:\WINDOWS\system32\lemmnd.dll
2009-02-10 00:16:37 ----A---- C:\WINDOWS\system32\cjeunefx.dll
2009-02-09 00:14:43 ----SH---- C:\WINDOWS\system32\bpvqcpbk.ini
2009-02-08 15:28:55 ----D---- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
2009-02-08 15:28:54 ----D---- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Pro
2009-02-08 15:27:47 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2009-02-08 15:27:27 ----D---- C:\Program Files\DAEMON Tools Lite
2009-02-08 15:20:06 ----D---- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
2009-02-08 12:52:18 ----D---- C:\Program Files\Sierra Entertainment
2009-02-08 11:53:23 ----D---- C:\Program Files\Sierra
2009-02-07 17:38:05 ----SH---- C:\WINDOWS\system32\riowjnyq.ini
2009-02-06 19:28:23 ----A---- C:\WINDOWS\system32\qomdetmd.dll.ren
2009-02-06 13:30:23 ----A---- C:\WINDOWS\system32\fijldk.dll
2009-02-06 13:30:20 ----A---- C:\WINDOWS\system32\eytfjtly.dll
2009-02-06 13:30:17 ----A---- C:\WINDOWS\system32\gmjuffaj.dll
2009-02-05 13:34:41 ----A---- C:\WINDOWS\system32\onrwwp.dll
2009-02-05 13:34:39 ----A---- C:\WINDOWS\system32\jemniibp.dll
2009-02-05 13:31:44 ----SH---- C:\WINDOWS\system32\bsupilcs.ini
2009-02-04 19:31:41 ----SH---- C:\WINDOWS\system32\ciwilfee.ini
2009-02-03 19:31:30 ----D---- C:\Program Files\uTorrent
2009-02-03 19:30:25 ----SH---- C:\WINDOWS\system32\fboydisa.ini
2009-01-31 17:24:27 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-24 12:30:42 ----D---- C:\Program Files\Bethesda Softworks
2009-01-24 12:25:51 ----D---- C:\WINDOWS\system32\xlive
2009-01-17 15:26:56 ----D---- C:\Program Files\ThreatFire
2009-01-17 13:08:26 ----D---- C:\Program Files\EsetOnlineScanner
2009-01-16 20:48:11 ----SHD---- C:\RECYCLER
2009-01-15 19:46:44 ----D---- C:\WINDOWS\temp
2009-01-15 03:00:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-10 03:01:32 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-01-10 03:01:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-01-10 03:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-01-09 12:04:14 ----A---- C:\WINDOWS\resetlog.txt
2009-01-08 22:33:21 ----A---- C:\Boot.bak
2009-01-08 22:33:14 ----RASHD---- C:\cmdcons
2009-01-08 22:31:27 ----D---- C:\WINDOWS\ERDNT
2009-01-06 20:33:01 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-01-06 20:32:49 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-04 14:47:33 ----D---- C:\Documents and Settings\Administrator\Application Data\Uniblue
2009-01-04 12:15:55 ----D---- C:\Documents and Settings\Administrator\Application Data\HouseCall 6.6
2009-01-04 00:48:55 ----D---- C:\Program Files\Trend Micro
2009-01-04 00:27:29 ----D---- C:\Documents and Settings\All Users\Application Data\SITEguard
2009-01-04 00:22:13 ----D---- C:\Program Files\Common Files\iS3
2009-01-04 00:22:10 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2009-01-03 21:30:03 ----A---- C:\WINDOWS\system32\9fc4e9e6-.txt
2009-01-03 20:44:15 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-01-03 14:51:25 ----D---- C:\WINDOWS\Prefetch
2009-01-03 14:42:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-01-03 14:41:43 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-01-03 14:40:41 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-01-03 14:39:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-01-03 14:38:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-01-03 14:37:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-01-03 14:36:01 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-01-03 14:34:56 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-01-03 14:33:49 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-01-03 14:32:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-01-03 14:31:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-01-03 14:30:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-01-03 14:29:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-01-03 14:28:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-01-03 14:27:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2009-01-03 14:27:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-01-03 14:26:13 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-01-03 14:25:16 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-01-03 14:23:27 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-01-03 14:17:58 ----D---- C:\Program Files\Messenger
2009-01-03 14:17:45 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-01-03 14:17:45 ----N---- C:\WINDOWS\system32\comsdupd.exe
2009-01-03 14:17:44 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-01-03 14:17:40 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2009-01-03 14:17:40 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-01-03 14:17:40 ----N---- C:\WINDOWS\system32\ati3duag.dll
2009-01-03 14:17:40 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-01-03 14:17:40 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2009-01-03 14:17:40 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-01-03 14:17:40 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2009-01-03 14:17:40 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-01-03 14:17:39 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-01-03 14:17:39 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-01-03 14:17:39 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-01-03 14:17:39 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-01-03 14:17:39 ----N---- C:\WINDOWS\system32\credssp.dll
2009-01-03 14:17:39 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-01-03 14:17:39 ----N---- C:\WINDOWS\system32\azroles.dll
2009-01-03 14:17:38 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-01-03 14:17:38 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-01-03 14:17:38 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-01-03 14:17:38 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-01-03 14:17:38 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-01-03 14:17:38 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-01-03 14:17:38 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-01-03 14:17:38 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-01-03 14:17:38 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-01-03 14:17:38 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-01-03 14:17:38 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-01-03 14:17:38 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-01-03 14:17:38 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-01-03 14:17:38 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-01-03 14:17:37 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-01-03 14:17:36 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-01-03 14:17:36 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-01-03 14:17:36 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-01-03 14:17:36 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-01-03 14:17:36 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-01-03 14:17:36 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-01-03 14:17:35 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-01-03 14:17:35 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-01-03 14:17:35 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-01-03 14:17:35 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-01-03 14:17:35 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2009-01-03 14:17:34 ----N---- C:\WINDOWS\system32\onex.dll
2009-01-03 14:17:34 ----N---- C:\WINDOWS\system32\napstat.exe
2009-01-03 14:17:34 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-01-03 14:17:34 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-01-03 14:17:34 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-01-03 14:17:34 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-01-03 14:17:34 ----N---- C:\WINDOWS\system32\mssha.dll
2009-01-03 14:17:33 ----N---- C:\WINDOWS\system32\slserv.exe
2009-01-03 14:17:33 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-01-03 14:17:33 ----N---- C:\WINDOWS\system32\slgen.dll
2009-01-03 14:17:33 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-01-03 14:17:33 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-01-03 14:17:33 ----N---- C:\WINDOWS\system32\setupn.exe
2009-01-03 14:17:33 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-01-03 14:17:33 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-01-03 14:17:33 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-01-03 14:17:33 ----N---- C:\WINDOWS\system32\qutil.dll
2009-01-03 14:17:33 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-01-03 14:17:33 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-01-03 14:17:33 ----N---- C:\WINDOWS\system32\qagent.dll
2009-01-03 14:17:32 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-01-03 14:17:32 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-01-03 14:17:31 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-01-03 14:17:30 ----N---- C:\WINDOWS\slrundll.exe
2009-01-03 14:17:26 ----D---- C:\WINDOWS\system32\scripting
2009-01-03 14:17:20 ----D---- C:\WINDOWS\l2schemas
2009-01-03 14:17:19 ----D---- C:\WINDOWS\system32\en
2009-01-03 14:17:19 ----D---- C:\WINDOWS\system32\bits
2009-01-03 14:13:19 ----D---- C:\WINDOWS\ServicePackFiles
2009-01-03 14:01:21 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-01-03 09:16:27 ----D---- C:\Program Files\Overture 4.0 ?????
2009-01-03 09:15:33 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-31 13:42:31 ----A---- C:\WINDOWS\system32\viscomdvdimg.dll
2008-12-31 13:42:30 ----A---- C:\WINDOWS\system32\mfc71d.dll
2008-12-31 13:42:29 ----A---- C:\WINDOWS\system32\msvcr71d.dll
2008-12-31 13:42:28 ----D---- C:\Program Files\Videos To DVD
2008-12-30 13:49:22 ----D---- C:\Program Files\HmelyoffLabs
2008-12-23 22:26:20 ----D---- C:\Program Files\iPod
2008-12-23 22:26:14 ----D---- C:\Program Files\iTunes
2008-12-23 22:26:14 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-23 22:21:02 ----D---- C:\Program Files\QuickTime
2008-12-11 09:39:24 ----D---- C:\Program Files\Virtual Earth 3D
2008-12-10 03:02:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 03:02:20 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 03:01:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2008-12-10 03:01:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2008-12-05 16:38:52 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2008-12-03 22:12:00 ----D---- C:\Program Files\Hamachi
2008-11-21 13:47:56 ----A---- C:\WINDOWS\system32\DivXsm.exe
2008-11-21 13:47:52 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-11-21 13:46:10 ----A---- C:\WINDOWS\system32\ssldivx.dll
2008-11-21 13:46:10 ----A---- C:\WINDOWS\system32\libdivx.dll
2008-11-21 13:45:16 ----AC---- C:\WINDOWS\system32\dtu100.dll
2008-11-21 13:45:16 ----AC---- C:\WINDOWS\system32\dpl100.dll
2008-11-21 13:45:16 ----A---- C:\WINDOWS\system32\dtu100.dll.manifest
2008-11-21 13:45:16 ----A---- C:\WINDOWS\system32\dpl100.dll.manifest
2008-11-21 13:45:12 ----AC---- C:\WINDOWS\system32\dpu11.dll
2008-11-21 13:45:12 ----AC---- C:\WINDOWS\system32\dpu10.dll
2008-11-21 13:45:12 ----A---- C:\WINDOWS\system32\dpv11.dll
2008-11-21 13:45:12 ----A---- C:\WINDOWS\system32\dpus11.dll
2008-11-21 13:45:12 ----A---- C:\WINDOWS\system32\dpuGUI11.dll
2008-11-21 13:45:12 ----A---- C:\WINDOWS\system32\dpuGUI10.dll
2008-11-21 13:45:08 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2008-11-21 13:45:08 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2008-11-21 13:45:08 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2008-11-21 13:45:08 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2008-11-21 13:45:06 ----A---- C:\WINDOWS\system32\DivX.dll
2008-11-21 13:44:38 ----A---- C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-11-21 13:44:16 ----A---- C:\WINDOWS\system32\DivXWMPExtType.dll
2008-11-16 19:09:26 ----A---- C:\CAlgebraCAlgebra.txt
2008-11-15 07:15:36 ----D---- C:\WINDOWS\NV18563864.TMP
2008-11-14 03:01:58 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2008-11-14 03:01:39 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$

======List of files/folders modified in the last 3 months======

2009-02-13 13:48:26 ----D---- C:\Program Files\Mozilla Firefox
2009-02-13 13:47:23 ----D---- C:\WINDOWS\system32
2009-02-13 13:46:27 ----D---- C:\WINDOWS\system32\drivers
2009-02-13 13:45:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-13 09:58:54 ----RD---- C:\Program Files
2009-02-12 22:33:58 ----D---- C:\Documents and Settings\Administrator\Application Data\MSN6
2009-02-12 20:07:07 ----A---- C:\WINDOWS\LEXSTAT.INI
2009-02-11 23:06:09 ----D---- C:\Nexon
2009-02-11 20:01:18 ----SHD---- C:\WINDOWS\Installer
2009-02-11 20:01:18 ----D---- C:\Config.Msi
2009-02-09 00:14:16 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-09 00:11:46 ----D---- C:\WINDOWS
2009-02-08 17:05:05 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-08 16:06:37 ----D---- C:\WINDOWS\system32\DirectX
2009-02-08 16:06:36 ----RSD---- C:\WINDOWS\assembly
2009-02-08 01:12:50 ----D---- C:\Documents and Settings\Administrator\Application Data\uTorrent
2009-02-07 23:03:13 ----D---- C:\Program Files\StepMania
2009-02-07 19:45:45 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2009-02-07 19:39:56 ----D---- C:\Program Files\Spyware Terminator
2009-02-07 19:33:45 ----D---- C:\Documents and Settings\Administrator\Application Data\Spyware Terminator
2009-02-07 14:31:40 ----HD---- C:\WINDOWS\inf
2009-02-03 19:30:56 ----D---- C:\Program Files\Azureus
2009-02-03 19:30:51 ----D---- C:\Documents and Settings\Administrator\Application Data\Azureus
2009-02-01 03:02:32 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-31 17:31:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-25 08:11:17 ----D---- C:\Program Files\EA GAMES
2009-01-25 08:09:15 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-25 08:08:46 ----D---- C:\Program Files\AGEIA Technologies
2009-01-21 16:27:35 ----D---- C:\Documents and Settings\Administrator\Application Data\Hamachi
2009-01-19 18:46:11 ----D---- C:\Program Files\Steam
2009-01-18 18:43:21 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-18 18:37:59 ----D---- C:\Program Files\Bonjour
2009-01-17 13:08:16 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-16 23:50:29 ----D---- C:\Program Files\Google
2009-01-15 19:41:50 ----A---- C:\WINDOWS\system.ini
2009-01-15 19:39:52 ----D---- C:\WINDOWS\AppPatch
2009-01-15 19:39:52 ----D---- C:\Program Files\Common Files
2009-01-15 03:00:25 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-11 20:25:23 ----SD---- C:\WINDOWS\Tasks
2009-01-10 03:01:37 ----A---- C:\WINDOWS\imsins.BAK
2009-01-08 22:42:27 ----D---- C:\WINDOWS\system32\config
2009-01-08 22:33:21 ----RASH---- C:\boot.ini
2009-01-04 11:19:25 ----D---- C:\Program Files\MSN Messenger
2009-01-03 14:54:59 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-03 14:54:04 ----AC---- C:\WINDOWS\OEWABLog.txt
2009-01-03 14:51:49 ----AC---- C:\WINDOWS\setuplog.txt
2009-01-03 14:50:41 ----D---- C:\WINDOWS\system32\Setup
2009-01-03 14:50:40 ----D---- C:\WINDOWS\system32\wbem
2009-01-03 14:50:38 ----RSD---- C:\WINDOWS\Fonts
2009-01-03 14:28:35 ----D---- C:\WINDOWS\security
2009-01-03 14:18:11 ----D---- C:\WINDOWS\WinSxS
2009-01-03 14:17:44 ----D---- C:\WINDOWS\system32\inetsrv
2009-01-03 14:17:43 ----D---- C:\WINDOWS\network diagnostic
2009-01-03 14:17:43 ----D---- C:\WINDOWS\ime
2009-01-03 14:17:43 ----D---- C:\WINDOWS\Help
2009-01-03 14:17:30 ----D---- C:\WINDOWS\system32\en-US
2009-01-03 14:17:29 ----D---- C:\WINDOWS\system32\usmt
2009-01-03 14:17:19 ----D---- C:\WINDOWS\PeerNet
2009-01-03 14:17:19 ----D---- C:\Program Files\Movie Maker
2009-01-03 14:12:53 ----D---- C:\WINDOWS\system32\Restore
2009-01-03 14:12:52 ----D---- C:\WINDOWS\system32\npp
2009-01-03 14:12:52 ----D---- C:\WINDOWS\mui
2009-01-03 14:12:50 ----D---- C:\WINDOWS\msagent
2009-01-03 14:12:48 ----D---- C:\WINDOWS\srchasst
2009-01-03 14:12:38 ----D---- C:\Program Files\NetMeeting
2009-01-03 14:12:36 ----D---- C:\WINDOWS\system32\Com
2009-01-03 14:12:32 ----D---- C:\Program Files\Windows Media Player
2009-01-03 14:12:31 ----D---- C:\Program Files\Windows NT
2009-01-03 14:12:31 ----D---- C:\Program Files\Outlook Express
2009-01-03 14:12:25 ----D---- C:\Program Files\Common Files\System
2009-01-03 14:11:55 ----D---- C:\WINDOWS\system32\oobe
2009-01-03 14:11:50 ----D---- C:\WINDOWS\system
2009-01-03 14:05:53 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-01-03 14:01:18 ----D---- C:\WINDOWS\ehome
2009-01-03 02:28:16 ----D---- C:\WINDOWS\SoftwareDistribution
2009-01-02 14:42:51 ----D---- C:\Program Files\Starcraft
2008-12-29 18:10:40 ----D---- C:\Documents and Settings\Administrator\Application Data\Move Networks
2008-12-25 13:51:27 ----D---- C:\Program Files\DivX
2008-12-23 22:26:18 ----D---- C:\Program Files\Common Files\Apple
2008-12-23 22:15:54 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-15 13:46:27 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-13 10:12:15 ----D---- C:\Program Files\Electronic Arts
2008-12-12 22:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 16:00:13 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-12-10 03:01:52 ----D---- C:\Program Files\Internet Explorer
2008-12-08 17:16:06 ----D---- C:\WINDOWS\Minidump
2008-12-05 16:38:56 ----D---- C:\Program Files\AIM6
2008-12-05 16:38:54 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-05 16:37:42 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-11-30 18:02:56 ----D---- C:\Program Files\Veoh Networks
2008-11-23 15:01:42 ----D---- C:\Program Files\NewTech Infosystems
2008-11-21 13:47:48 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2008-11-21 13:47:48 ----C---- C:\WINDOWS\system32\pxinsa64.exe
2008-11-21 13:47:48 ----C---- C:\WINDOWS\system32\pxhpinst.exe
2008-11-16 19:09:26 ----D---- C:\CALGEBRA
2008-11-16 01:21:29 ----D---- C:\WINDOWS\nview
2008-11-15 01:00:52 ----D---- C:\Program Files\SystemRequirementsLab
2008-11-15 01:00:52 ----D---- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 37760]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-03-13 29704]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 33800]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-04-09 31548]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-11-13 20747]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2004-07-16 16512]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-03-13 40456]
R2 npkcrypt;npkcrypt; \??\C:\Program Files\Wizet\MapleStory\npkcrypt.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 GPCIDrv;GPCIDrv; \??\C:\WINDOWS\GPCIDrv.sys []
R3 GVTDrv;GVTDrv; \??\C:\WINDOWS\system32\Drivers\GVTDrv.sys []
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-12-03 25280]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2007-09-05 92544]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-09-18 6144]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2005-11-02 10368]
R3 PID_0920;Logitech QuickCam Express(PID_0920); C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2005-01-31 163328]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888]
R3 RT61;Airlink101 MIMO XR PCI Adapter Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2006-01-19 363008]
R3 tbcspud;Santa Cruz Driver; C:\WINDOWS\system32\drivers\tbcspud.sys [2002-04-17 144768]
R3 tbcwdm;Santa Cruz WDM Driver; C:\WINDOWS\system32\drivers\tbcwdm.sys [2002-04-17 545088]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-14 48128]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-10-26 4124352]
S3 aowl6vtn;aowl6vtn; C:\WINDOWS\system32\drivers\aowl6vtn.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-14 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\DNINDIS5.SYS []
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 hwmouser;Hanwang Technology CO.LTD HID Tablet Device; C:\WINDOWS\system32\DRIVERS\hwpad.sys [2005-05-23 29256]
S3 kaspersky1;kaspersky1; \??\C:\Documents and Settings\Administrator\Desktop\omg\kaspersky.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-14 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 npkcusb;npkcusb; \??\C:\Nexon\MapleStory\npkcusb.sys []
S3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys [2006-11-07 22272]
S3 S3chipid;S3chipid; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{2B43252C-A1E3-4C47-927C-9F2C276D3515}\S3chipid.sys []
S3 saruenGang;saruenGang; \??\C:\Documents and Settings\Administrator\Desktop\Zenos Engine\saruenGang.sys []
S3 sejt1;sejt1; \??\C:\Documents and Settings\Administrator\Desktop\AkumaEngine33\sejt.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 StreamSurge;StreamSurge Driver (miniport); C:\WINDOWS\system32\DRIVERS\ss.sys []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2004-12-07 172672]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service; C:\WINDOWS\system32\DRIVERS\WPN111.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xp1;xp1; \??\C:\Documents and Settings\Administrator\Desktop\xpengine\xp.sys []
S3 zenos1;zenos1; \??\C:\Documents and Settings\Administrator\Desktop\ms\zenos\zenos.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-03-13 472320]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-11-05 307200]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MIMO XR TM PCI WLService;MIMO XR TM PCI Adapter WLService; C:\Program Files\Airlink101\AWLH5026\WLService.exe [2006-03-16 49152]
R2 npkcmsvc;npkcmsvc; C:\Nexon\Mabinogi\npkcmsvc.exe [2007-08-02 80528]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-10-06 66872]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-09-09 570880]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-04-22 359160]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2007-04-23 310008]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-04-23 166648]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-09-12 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-03-13 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-05-23 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-16 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-04-22 88824]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-04-23 1010424]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Mbiicvic;Mbiicvic; C:\WINDOWS\system32\drivers\tcpip6.sys [2008-06-20 225856]
S4 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]

-----------------EOF-----------------

#5 cflip

cflip
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 13 February 2009 - 05:24 PM

info.txt logfile of random's system information tool 1.05 2009-02-13 13:49:21

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}
-->MsiExec.exe /I{07159635-9DFE-4105-BFC0-2817DB540C68}
-->MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}
-->MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
-->MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}
-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
-->MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
-->VTUninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Timer'
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Audition 3.0-->msiexec /I {53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Download Manager 2.0 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Dreamweaver CS3-->C:\Program Files\Common Files\Adobe\Installers\435a6af7459cb02a9c1138113a26e93\Setup.exe
Adobe Dreamweaver CS3-->MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\5bc0f8414ec36c555a3e7e5ec2e225e\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}
Adobe Extension Manager CS3-->MsiExec.exe /I{2A539CD9-0F75-4875-9A32-E06DD93C4114}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Reader Chinese Traditional Fonts-->MsiExec.exe /I{AC76BA86-7AD7-2448-0000-705000000001}
Adobe Reader Korean Fonts-->MsiExec.exe /I{AC76BA86-7AD7-5670-0000-7E8A45000001}
Adobe Setup-->MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{D504303A-717D-414C-BA9F-FE01093E2EF8}
Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AIM 6-->C:\Program Files\AIM6\uninst.exe
Airlink101 MIMO XR PCI Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69510772-D60E-4CA2-BDD6-4C6322950BB8}\Setup.exe" -l0x9
AMX Mod X Installer 1.76d-->C:\Program Files\AMX Mod X\uninst.exe
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audiosurf-->"C:\Program Files\Steam\steam.exe" steam://uninstall/12900
BlackBerry Desktop Software 4.2.2-->MsiExec.exe /i{9B449C1A-4F64-4ED4-8C96-31B222E8377F}
BlackBerry Desktop Software 4.2.2-->MsiExec.exe /I{9B449C1A-4F64-4ED4-8C96-31B222E8377F}
BlueJ 2.5.0-->"C:\BlueJ\uninst\unins000.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10
Day of Defeat: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/300
Day of Defeat-->"C:\Program Files\Steam\steam.exe" steam://uninstall/30
dBpowerAMP Music Converter-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
DeepBurner v1.8.0.224-->"C:\Program Files\Astonsoft\DeepBurner\Uninstall.exe" "C:\Program Files\Astonsoft\DeepBurner\install.log"
Direct Show Ogg Vorbis Filter (remove only)-->"C:\WINDOWS\system32\OggDSuninst.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Driver Detective-->C:\Program Files\InstallShield Installation Information\{621C02EA-AAFF-4026-A903-165D59529A16}\setup.exe -runfromtemp -l0x0409
DriverAgent by eSupport.com-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove
ESET NOD32 Antivirus-->MsiExec.exe /I{86A6E235-C08F-4A14-B14C-793C7D8844A0}
ESET Online Scanner-->C:\WINDOWS\system32\OnlineScannerUninstaller.exe
FEAR Extraction Point-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{909BBDB7-BABE-434C-9124-863A9F8D1CF8}\setup.exe" -l0x9 -removeonly
FEAR Perseus Mandate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D0BB1D1-E9FB-49E9-A9C1-09C00F38DA0C}\setup.exe" -l0x9 -removeonly
FEAR-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B653229-9854-4989-B780-D978F5F13EAB}\setup.exe" -l0x9 /zU -removeonly
ffdshow [rev 1874] [2008-02-28]-->"C:\Program Files\Replay Converter\unins000.exe"
Fidelity Active Trader Pro®-->MsiExec.exe /X{916007E7-1A1D-4278-BCC9-E90EFF35B232}
Free Videos To DVD V2.1-->"C:\Program Files\Videos To DVD\unins000.exe"
Game Cam v1.4-->MsiExec.exe /I{EBE7050B-7988-4BC3-BBFD-5C6828859483}
GIGABYTE VGA Utility Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5F739F79-450F-458C-BB8A-05AFA8A81E7E}\setup.exe" -l0x9 -uninst -removeonly
GoldWave v5.20-->"C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.20" "C:\Program Files\GoldWave\unstall.log"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
Half-Life-->"C:\Program Files\Steam\steam.exe" steam://uninstall/70
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
HLTooLz-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\HLTooLz\ST6UNST.LOG"
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HouseCall 6.6-->"C:\Documents and Settings\Administrator\Application Data\HouseCall 6.6\uninstaller.exe"
iTunes Art Importer-->MsiExec.exe /I{D8D8B308-B172-43DB-96F1-6A3F84851D61}
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java DB 10.2.2.0-->MsiExec.exe /X{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Development Kit 6 Update 2-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160020}
Lame ACM MP3 Codec-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_LameMP3 132 C:\WINDOWS\INF\LameACM.inf
Left 4 Dead-->"C:\Program Files\Steam\steam.exe" steam://uninstall/500
Lexmark 510 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBZUN5C.EXE -dLexmark 510 Series
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech QuickCam Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x9
Logitech® Camera Driver-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
MagicDisc 2.5.79-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapleStory-->MsiExec.exe /I{3062D9D0-0EF0-4F0D-9575-26013FF60FC9}
Marsu-Fix-->C:\WINDOWS\Marsu-Fix Uninstaller.exe
MathPlayer-->C:\Program Files\Design Science\MathPlayer\Setup.exe -u
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Outlook Connector for MSN-->MsiExec.exe /X{DC4DD556-DD03-422A-926B-470746D8B50D}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Express 9-->C:\WINDOWS\system32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0900}
Microsoft Picture It! Library 9-->C:\WINDOWS\system32\msiexec.exe /i {9F7FC79B-3059-4264-9450-39EB368E3220}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mirror's Edge™-->MsiExec.exe /X{AEDBD563-24BB-4EE3-8366-A654DAC2D988}
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MPlugin-->"C:\Program Files\InstallShield Installation Information\{6102D63A-9387-4FC8-98E4-181121F8C0BA}\setup.exe" -runfromtemp -l0x0009 -removeonly
MS Legend v62-->MsiExec.exe /X{C4CF4DA9-570F-44EE-9EBC-849F2B4BAD18}
MSN Encarta Plus Support Files-->MsiExec.exe /I{00000000-785F-478A-BAA2-87F1A136068C}
MSN Money Investment Toolbox-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:5
MSN-->C:\Program Files\MSN\MsnInstaller\msniadm.exe /Action:ARP
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Natural Selection 3.2-->"c:\program files\steam\steamapps\s0m1_f0r_sum_rzn@msn.com\half-life\unins000.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX v8.10.17-->MsiExec.exe /X{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}
OpenMG Limited Patch 4.7-07-14-05-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-14-05-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.7.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
Overture 4.0 ?????-->MsiExec.exe /I{64C3D5BE-47B3-4085-B6D5-585D2677145A}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Phantasy Star Online-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{778D5912-DF4A-4019-A654-3505151D0756} /l1033
Photo Story 3 for Windows-->MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
PSP ISO Compressor-->MsiExec.exe /X{D47087E7-AA15-4D1D-8C0A-60F7E446D597}
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Roxio Media Manager-->MsiExec.exe /X{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}
S3 S3Display-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'
S3 S3Gamma2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'
S3 S3Info2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'
S3 S3Overlay-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sony DVD Architect Pro 4.5-->MsiExec.exe /X{042961FE-BE09-48AB-81FB-C0D4093043A1}
Sony Media Manager 2.2-->MsiExec.exe /X{71A41426-C7A4-4DCF-A9ED-C5B4B105ED1D}
Sony Vegas Pro 8.0-->MsiExec.exe /X{1246FF64-3035-4A92-8FE6-A968275495EB}
Source SDK Base-->"C:\Program Files\Steam\steam.exe" steam://uninstall/215
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Steam-->C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
StepMania (remove only)-->"C:\Program Files\StepMania\uninstall.exe"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
The Core Media Player 4.0-->"C:\Program Files\CoreCodec\The Core Media Player\uninstall-tcmp4.exe"
The Sims 2 Nightlife-->C:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe
The Sims 2 University-->C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Typing of The Dead US-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7CE0803C-CA6A-4D7A-8FB8-055EBB4AF141}\SETUP.EXE"
Total Video Converter 3.01-->"C:\Program Files\Total Video Converter\unins000.exe"
Turtle Beach Santa Cruz Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A4D58580-EA01-11D3-9318-008048B86EFE}\setup.exe"
Turtle Beach Santa Cruz-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{CD5A6B33-586E-42BA-A962-7D60C2766EBF} /l1033
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Veoh Web Player Beta-->"C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe"
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
VIA/S3G Display Driver-->c:\PROGRA~1\VIA\UChromeP\s3minset.exe /u c:\PROGRA~1\VIA\UChromeP\UChromeP.uns
VIA/S3G Display Driver-->VTsetvga.exe -s -rRundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\system32\hg201hp.inf
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Virtual Earth 3D (Beta)-->MsiExec.exe /I{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xbox 360 Controller for Windows-->"C:\WINDOWS\$NtUninstall_Xbox_360_CC_Driver$\spuninst\spuninst.exe"
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
Xvid 1.1.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
XviD MPEG4 Video Codec (remove only)-->"C:\WINDOWS\system32\xvid-uninstall.exe"

======Security center information======

AV: ESET NOD32 Antivirus 3.0

System event log

Computer Name: TEHPWNAGE
Event Code: 7001
Message: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 115719
Source Name: Service Control Manager
Time Written: 20090206214317.000000-480
Event Type: error
User:

Computer Name: TEHPWNAGE
Event Code: 7001
Message: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 115718
Source Name: Service Control Manager
Time Written: 20090206214317.000000-480
Event Type: error
User:

Computer Name: TEHPWNAGE
Event Code: 7001
Message: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 115717
Source Name: Service Control Manager
Time Written: 20090206214317.000000-480
Event Type: error
User:

Computer Name: TEHPWNAGE
Event Code: 7001
Message: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 115716
Source Name: Service Control Manager
Time Written: 20090206214317.000000-480
Event Type: error
User:

Computer Name: TEHPWNAGE
Event Code: 7001
Message: The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 115715
Source Name: Service Control Manager
Time Written: 20090206214317.000000-480
Event Type: error
User:

Application event log

Computer Name: TEHPWNAGE
Event Code: 301
Message: msnmsgr (1916) \\.\C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\takfatfat@msn.com\SharingMetadata\Working\database_FA94_E76F_94E7_2D37\dfsr.db: The database engine has begun replaying logfile \\.\C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\takfatfat@msn.com\SharingMetadata\Working\database_FA94_E76F_94E7_2D37\fsr0065E.log.

Record Number: 2293
Source Name: ESENT
Time Written: 20081204125821.000000-480
Event Type: information
User:

Computer Name: TEHPWNAGE
Event Code: 301
Message: msnmsgr (1916) \\.\C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\takfatfat@msn.com\SharingMetadata\Working\database_FA94_E76F_94E7_2D37\dfsr.db: The database engine has begun replaying logfile \\.\C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\takfatfat@msn.com\SharingMetadata\Working\database_FA94_E76F_94E7_2D37\fsr0065D.log.

Record Number: 2292
Source Name: ESENT
Time Written: 20081204125821.000000-480
Event Type: information
User:

Computer Name: TEHPWNAGE
Event Code: 301
Message: msnmsgr (1916) \\.\C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\takfatfat@msn.com\SharingMetadata\Working\database_FA94_E76F_94E7_2D37\dfsr.db: The database engine has begun replaying logfile \\.\C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\takfatfat@msn.com\SharingMetadata\Working\database_FA94_E76F_94E7_2D37\fsr0065C.log.

Record Number: 2291
Source Name: ESENT
Time Written: 20081204125821.000000-480
Event Type: information
User:

Computer Name: TEHPWNAGE
Event Code: 301
Message: msnmsgr (1916) \\.\C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\takfatfat@msn.com\SharingMetadata\Working\database_FA94_E76F_94E7_2D37\dfsr.db: The database engine has begun replaying logfile \\.\C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\takfatfat@msn.com\SharingMetadata\Working\database_FA94_E76F_94E7_2D37\fsr0065B.log.

Record Number: 2290
Source Name: ESENT
Time Written: 20081204125821.000000-480
Event Type: information
User:

Computer Name: TEHPWNAGE
Event Code: 301
Message: msnmsgr (1916) \\.\C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\takfatfat@msn.com\SharingMetadata\Working\database_FA94_E76F_94E7_2D37\dfsr.db: The database engine has begun replaying logfile \\.\C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\takfatfat@msn.com\SharingMetadata\Working\database_FA94_E76F_94E7_2D37\fsr0065A.log.

Record Number: 2289
Source Name: ESENT
Time Written: 20081204125821.000000-480
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

Attached Files

  • Attached File  gmer.txt   38.14KB   6 downloads


#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 13 February 2009 - 05:42 PM

IMPORTANT!! Uninstall these programs first (if present..) so that they won't interfere with our fixes..

1. Ask Toolbar
2. Lavasoft Ad-Aware
3. Spybot - Search & Destroy
4. Viewpoint (all of them..)




Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :services
    
    :files
    C:\WINDOWS\system32\msexcr.ini
    C:\WINDOWS\system32\fjsddh.dll
    C:\WINDOWS\system32\hjfjcyro.dll
    C:\WINDOWS\system32\soweijcf.ini
    C:\WINDOWS\system32\pjtgjh.dll
    C:\WINDOWS\system32\kriywdtc.dll
    C:\WINDOWS\system32\etqddllc.ini
    C:\WINDOWS\system32\ugmkwrab.dll
    C:\WINDOWS\system32\wkpbeicr.ini
    C:\WINDOWS\system32\lemmnd.dll
    C:\WINDOWS\system32\cjeunefx.dll
    C:\WINDOWS\system32\bpvqcpbk.ini
    C:\WINDOWS\system32\riowjnyq.ini
    C:\WINDOWS\system32\qomdetmd.dll.ren
    C:\WINDOWS\system32\fijldk.dll
    C:\WINDOWS\system32\eytfjtly.dll
    C:\WINDOWS\system32\gmjuffaj.dll
    C:\WINDOWS\system32\onrwwp.dll
    C:\WINDOWS\system32\jemniibp.dll
    C:\WINDOWS\system32\bsupilcs.ini
    C:\WINDOWS\system32\fboydisa.ini
    C:\WINDOWS\system32\ciwilfee.ini
    C:\WINDOWS\system32\9fc4e9e6-.txt
    C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8ad1313d-5318-4683-86e3-a2e82c7b4bfd}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"=""
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcAQjIB]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qoMdETMD]'
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT again... Post these logs in your next reply..

1. OTMoveIt3
2. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 cflip

cflip
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 21 February 2009 - 03:33 PM

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
File/Folder C:\WINDOWS\system32\msexcr.ini not found.
File/Folder C:\WINDOWS\system32\fjsddh.dll not found.
File/Folder C:\WINDOWS\system32\hjfjcyro.dll not found.
File/Folder C:\WINDOWS\system32\soweijcf.ini not found.
File/Folder C:\WINDOWS\system32\pjtgjh.dll not found.
File/Folder C:\WINDOWS\system32\kriywdtc.dll not found.
File/Folder C:\WINDOWS\system32\etqddllc.ini not found.
File/Folder C:\WINDOWS\system32\ugmkwrab.dll not found.
File/Folder C:\WINDOWS\system32\wkpbeicr.ini not found.
File/Folder C:\WINDOWS\system32\lemmnd.dll not found.
File/Folder C:\WINDOWS\system32\cjeunefx.dll not found.
File/Folder C:\WINDOWS\system32\bpvqcpbk.ini not found.
File/Folder C:\WINDOWS\system32\riowjnyq.ini not found.
File/Folder C:\WINDOWS\system32\qomdetmd.dll.ren not found.
File/Folder C:\WINDOWS\system32\fijldk.dll not found.
File/Folder C:\WINDOWS\system32\eytfjtly.dll not found.
File/Folder C:\WINDOWS\system32\gmjuffaj.dll not found.
File/Folder C:\WINDOWS\system32\onrwwp.dll not found.
File/Folder C:\WINDOWS\system32\jemniibp.dll not found.
File/Folder C:\WINDOWS\system32\bsupilcs.ini not found.
File/Folder C:\WINDOWS\system32\fboydisa.ini not found.
File/Folder C:\WINDOWS\system32\ciwilfee.ini not found.
File/Folder C:\WINDOWS\system32\9fc4e9e6-.txt not found.
File/Folder C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8ad1313d-5318-4683-86e3-a2e82c7b4bfd}\\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcAQjIB\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qoMdETMD]\\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_dtdWUufqctKni6lc2fpf scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\7glv5du2.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\7glv5du2.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\7glv5du2.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\7glv5du2.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\7glv5du2.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\7glv5du2.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02212009_123103

Files moved on Reboot...
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_dtdWUufqctKni6lc2fpf not found!
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\7glv5du2.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\7glv5du2.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\7glv5du2.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\7glv5du2.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\7glv5du2.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\7glv5du2.default\XUL.mfl moved successfully.

Edited by cflip, 21 February 2009 - 03:38 PM.


#8 cflip

cflip
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 21 February 2009 - 03:40 PM

Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrator at 2009-02-21 12:39:11
Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (3%) free of 153 GB
Total RAM: 1023 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:16 PM, on 2/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Airlink101\AWLH5026\WLService.exe
C:\Program Files\Airlink101\AWLH5026\AWLH5026.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\GIGABYTE\VGA Utility Manager\G-VGA.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\antimalware stuff\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GIGABYTE\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
O20 - Winlogon Notify: qoMdETMD - qoMdETMD.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MIMO XR TM PCI Adapter WLService (MIMO XR TM PCI WLService) - Unknown owner - C:\Program Files\Airlink101\AWLH5026\WLService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 10121 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-16 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-16 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-16 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2008-11-03 463872]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-16 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-03 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2004-10-22 53248]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]
"nwiz"=nwiz.exe /install []
"VGAUtil"=C:\Program Files\GIGABYTE\VGA Utility Manager\G-VGA.exe [2008-03-08 544768]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-04-23 228088]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-03-13 1443072]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-27 68856]
"LogitechSoftwareUpdate"=C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-09-11 218032]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-27 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^MagicDisc.lnk]
C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2007-09-04 557568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
C:\Documents and Settings\Administrator\Local Settings\Temp\{33914301-42B7-4E71-A5DD-FB98C4971865}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe /remind /language=ENU /PRNM=RollerCoaster Tycoon 3/PRMP=RCT3/SKUN=PCXX/GTYP=STRY []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2
"SSScsiSV"=3
"SPTISRV"=3
"SonicStage Back-End Service"=3
"PnkBstrB"=2
"PnkBstrA"=2
"iPod Service"=3
"AVP"=3
"AVG Anti-Spyware Guard"=2
"Apple Mobile Device"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qoMdETMD]
qoMdETMD.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\GIGABYTE\VGA Utility Manager\G-VGA.exe"="C:\Program Files\GIGABYTE\VGA Utility Manager\G-VGA.exe:*:Enabled:Menu"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\Steam\steamapps\s0m1_f0r_sum_rzn@msn.com\half-life\hl.exe"="C:\Program Files\Steam\steamapps\s0m1_f0r_sum_rzn@msn.com\half-life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\SEGA\PhantasyStarOnline\Pso.EXE"="C:\Program Files\SEGA\PhantasyStarOnline\Pso.EXE:*:Enabled:Pso"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam Client"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Nexon\MapleStory\MapleStory.exe"="C:\Nexon\MapleStory\MapleStory.exe:*:Enabled:MapleStory"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe"="C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9"
"C:\Program Files\Steam\steamapps\s0m1_f0r_sum_rzn@msn.com\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\s0m1_f0r_sum_rzn@msn.com\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\s0m1_f0r_sum_rzn@msn.com\day of defeat source\hl2.exe"="C:\Program Files\Steam\steamapps\s0m1_f0r_sum_rzn@msn.com\day of defeat source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Solid State Networks Browser Plugin"
"C:\Program Files\Steam\steamapps\s0m1_f0r_sum_rzn@msn.com\source sdk base\hl2.exe"="C:\Program Files\Steam\steamapps\s0m1_f0r_sum_rzn@msn.com\source sdk base\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\s0m1_f0r_sum_rzn@msn.com\diprip warm up\hl2.exe"="C:\Program Files\Steam\steamapps\s0m1_f0r_sum_rzn@msn.com\diprip warm up\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe"="C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe:*:Enabled:MediaManager9 Module"
"C:\Program Files\Java\jdk1.6.0_02\jre\bin\java.exe"="C:\Program Files\Java\jdk1.6.0_02\jre\bin\java.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:left4dead"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\EA GAMES\Mirror's Edge\Binaries\MirrorsEdge.exe"="C:\Program Files\EA GAMES\Mirror's Edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Sierra Entertainment\FEAR Perseus Mandate\FEARXP2.exe"="C:\Program Files\Sierra Entertainment\FEAR Perseus Mandate\FEARXP2.exe:*:Enabled:FEARXP2"
"C:\Program Files\Sierra\FEAR\FEAR.exe"="C:\Program Files\Sierra\FEAR\FEAR.exe:*:Enabled:FEAR"
"C:\Program Files\Sierra\FEAR\FEARMP.exe"="C:\Program Files\Sierra\FEAR\FEARMP.exe:*:Enabled:FEAR"
"C:\Program Files\Sierra\FEAR\FEARXP\FEARXP.exe"="C:\Program Files\Sierra\FEAR\FEARXP\FEARXP.exe:*:Enabled:FEARXP"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe"="C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

======File associations======

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver2.exe","%1"

======List of files/folders created in the last 3 months======

2009-02-17 23:25:56 ----HDC---- C:\WINDOWS\ie8
2009-02-15 22:32:43 ----D---- C:\_OTMoveIt
2009-02-13 13:50:40 ----A---- C:\WINDOWS\gmer.ini
2009-02-13 13:50:39 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-02-13 13:50:39 ----A---- C:\WINDOWS\gmer.exe
2009-02-13 13:50:39 ----A---- C:\WINDOWS\gmer.dll
2009-02-13 13:49:09 ----D---- C:\rsit
2009-02-13 09:58:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-08 15:28:55 ----D---- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
2009-02-08 15:28:54 ----D---- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Pro
2009-02-08 15:27:47 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2009-02-08 15:27:27 ----D---- C:\Program Files\DAEMON Tools Lite
2009-02-08 15:20:06 ----D---- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
2009-02-08 12:52:18 ----D---- C:\Program Files\Sierra Entertainment
2009-02-08 11:53:23 ----D---- C:\Program Files\Sierra
2009-02-03 19:31:30 ----D---- C:\Program Files\uTorrent
2009-01-24 12:30:42 ----D---- C:\Program Files\Bethesda Softworks
2009-01-24 12:25:51 ----D---- C:\WINDOWS\system32\xlive
2009-01-17 15:26:56 ----D---- C:\Program Files\ThreatFire
2009-01-17 13:08:26 ----D---- C:\Program Files\EsetOnlineScanner
2009-01-16 20:48:11 ----SHD---- C:\RECYCLER
2009-01-15 19:46:44 ----D---- C:\WINDOWS\temp
2009-01-15 03:00:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-15 02:22:00 ----N---- C:\WINDOWS\system32\msrating.dll.mui
2009-01-15 02:21:44 ----N---- C:\WINDOWS\system32\mshta.exe.mui
2009-01-15 02:19:22 ----N---- C:\WINDOWS\system32\ie4uinit.exe.mui
2009-01-15 02:19:02 ----N---- C:\WINDOWS\system32\iedkcs32.dll.mui
2009-01-10 03:01:32 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-01-10 03:01:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-01-10 03:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-01-09 12:04:14 ----A---- C:\WINDOWS\resetlog.txt
2009-01-08 22:33:21 ----A---- C:\Boot.bak
2009-01-08 22:33:14 ----RASHD---- C:\cmdcons
2009-01-08 22:31:27 ----D---- C:\WINDOWS\ERDNT
2009-01-06 20:33:01 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-01-06 20:32:49 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-04 14:47:33 ----D---- C:\Documents and Settings\Administrator\Application Data\Uniblue
2009-01-04 12:15:55 ----D---- C:\Documents and Settings\Administrator\Application Data\HouseCall 6.6
2009-01-04 00:48:55 ----D---- C:\Program Files\Trend Micro
2009-01-04 00:27:29 ----D---- C:\Documents and Settings\All Users\Application Data\SITEguard
2009-01-04 00:22:13 ----D---- C:\Program Files\Common Files\iS3
2009-01-04 00:22:10 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2009-01-03 20:44:15 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-01-03 14:51:25 ----D---- C:\WINDOWS\Prefetch
2009-01-03 14:42:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-01-03 14:41:43 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-01-03 14:40:41 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-01-03 14:39:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-01-03 14:38:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-01-03 14:37:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-01-03 14:36:01 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-01-03 14:34:56 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-01-03 14:33:49 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-01-03 14:32:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-01-03 14:31:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-01-03 14:30:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-01-03 14:29:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-01-03 14:28:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-01-03 14:27:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2009-01-03 14:27:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-01-03 14:26:13 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-01-03 14:25:16 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-01-03 14:23:27 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-01-03 14:17:58 ----D---- C:\Program Files\Messenger
2009-01-03 14:17:45 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-01-03 14:17:45 ----N---- C:\WINDOWS\system32\comsdupd.exe
2009-01-03 14:17:44 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-01-03 14:17:40 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2009-01-03 14:17:40 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-01-03 14:17:40 ----N---- C:\WINDOWS\system32\ati3duag.dll
2009-01-03 14:17:40 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-01-03 14:17:40 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2009-01-03 14:17:40 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-01-03 14:17:40 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2009-01-03 14:17:40 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-01-03 14:17:39 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-01-03 14:17:39 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-01-03 14:17:39 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-01-03 14:17:39 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-01-03 14:17:39 ----N---- C:\WINDOWS\system32\credssp.dll
2009-01-03 14:17:39 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-01-03 14:17:39 ----N---- C:\WINDOWS\system32\azroles.dll
2009-01-03 14:17:38 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-01-03 14:17:38 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-01-03 14:17:38 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-01-03 14:17:38 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-01-03 14:17:38 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-01-03 14:17:38 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-01-03 14:17:38 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-01-03 14:17:38 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-01-03 14:17:38 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-01-03 14:17:38 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-01-03 14:17:38 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-01-03 14:17:38 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-01-03 14:17:38 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-01-03 14:17:38 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-01-03 14:17:37 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-01-03 14:17:36 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-01-03 14:17:36 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-01-03 14:17:36 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-01-03 14:17:36 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-01-03 14:17:36 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-01-03 14:17:36 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-01-03 14:17:35 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-01-03 14:17:35 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-01-03 14:17:35 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-01-03 14:17:35 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-01-03 14:17:35 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2009-01-03 14:17:34 ----N---- C:\WINDOWS\system32\onex.dll
2009-01-03 14:17:34 ----N---- C:\WINDOWS\system32\napstat.exe
2009-01-03 14:17:34 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-01-03 14:17:34 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-01-03 14:17:34 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-01-03 14:17:34 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-01-03 14:17:34 ----N---- C:\WINDOWS\system32\mssha.dll
2009-01-03 14:17:33 ----N---- C:\WINDOWS\system32\slserv.exe
2009-01-03 14:17:33 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-01-03 14:17:33 ----N---- C:\WINDOWS\system32\slgen.dll
2009-01-03 14:17:33 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-01-03 14:17:33 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-01-03 14:17:33 ----N---- C:\WINDOWS\system32\setupn.exe
2009-01-03 14:17:33 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-01-03 14:17:33 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-01-03 14:17:33 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-01-03 14:17:33 ----N---- C:\WINDOWS\system32\qutil.dll
2009-01-03 14:17:33 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-01-03 14:17:33 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-01-03 14:17:33 ----N---- C:\WINDOWS\system32\qagent.dll
2009-01-03 14:17:32 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-01-03 14:17:32 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-01-03 14:17:31 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-01-03 14:17:30 ----N---- C:\WINDOWS\slrundll.exe
2009-01-03 14:17:26 ----D---- C:\WINDOWS\system32\scripting
2009-01-03 14:17:20 ----D---- C:\WINDOWS\l2schemas
2009-01-03 14:17:19 ----D---- C:\WINDOWS\system32\en
2009-01-03 14:17:19 ----D---- C:\WINDOWS\system32\bits
2009-01-03 14:13:19 ----D---- C:\WINDOWS\ServicePackFiles
2009-01-03 14:01:21 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-01-03 09:16:27 ----D---- C:\Program Files\Overture 4.0 ?????
2009-01-03 09:15:33 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-31 13:42:31 ----A---- C:\WINDOWS\system32\viscomdvdimg.dll
2008-12-31 13:42:30 ----A---- C:\WINDOWS\system32\mfc71d.dll
2008-12-31 13:42:29 ----A---- C:\WINDOWS\system32\msvcr71d.dll
2008-12-31 13:42:28 ----D---- C:\Program Files\Videos To DVD
2008-12-30 13:49:22 ----D---- C:\Program Files\HmelyoffLabs
2008-12-23 22:26:20 ----D---- C:\Program Files\iPod
2008-12-23 22:26:14 ----D---- C:\Program Files\iTunes
2008-12-23 22:21:02 ----D---- C:\Program Files\QuickTime
2008-12-11 09:39:24 ----D---- C:\Program Files\Virtual Earth 3D
2008-12-10 03:02:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 03:02:20 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 03:01:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2008-12-10 03:01:03 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2008-12-05 16:38:52 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2008-12-03 22:12:00 ----D---- C:\Program Files\Hamachi

======List of files/folders modified in the last 3 months======

2009-02-21 12:37:33 ----D---- C:\Program Files\Mozilla Firefox
2009-02-21 12:37:15 ----D---- C:\WINDOWS\system32
2009-02-21 12:34:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-21 12:06:40 ----D---- C:\Documents and Settings\Administrator\Application Data\uTorrent
2009-02-20 23:30:18 ----D---- C:\WINDOWS\system32\drivers
2009-02-20 23:14:53 ----D---- C:\Program Files\Spyware Terminator
2009-02-20 23:14:53 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2009-02-20 23:05:45 ----D---- C:\Documents and Settings\Administrator\Application Data\Spyware Terminator
2009-02-20 22:49:25 ----D---- C:\WINDOWS
2009-02-20 22:05:40 ----A---- C:\WINDOWS\LEXSTAT.INI
2009-02-19 23:21:59 ----D---- C:\Documents and Settings\Administrator\Application Data\MSN6
2009-02-17 23:39:51 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-17 23:29:47 ----D---- C:\WINDOWS\system32\en-US
2009-02-17 23:29:46 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-17 23:29:46 ----HD---- C:\WINDOWS\inf
2009-02-17 23:29:46 ----D---- C:\WINDOWS\Media
2009-02-17 23:29:46 ----D---- C:\WINDOWS\Help
2009-02-17 23:29:46 ----D---- C:\Program Files\Internet Explorer
2009-02-16 21:42:13 ----D---- C:\Program Files\StepMania
2009-02-16 18:42:11 ----D---- C:\Documents and Settings\Administrator\Application Data\Move Networks
2009-02-15 22:31:26 ----RD---- C:\Program Files
2009-02-15 22:31:21 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-02-11 23:06:09 ----D---- C:\Nexon
2009-02-11 20:01:18 ----SHD---- C:\WINDOWS\Installer
2009-02-11 20:01:18 ----D---- C:\Config.Msi
2009-02-08 17:05:05 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-08 16:06:37 ----D---- C:\WINDOWS\system32\DirectX
2009-02-08 16:06:36 ----RSD---- C:\WINDOWS\assembly
2009-02-03 19:30:56 ----D---- C:\Program Files\Azureus
2009-02-03 19:30:51 ----D---- C:\Documents and Settings\Administrator\Application Data\Azureus
2009-02-01 03:02:32 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-25 08:11:17 ----D---- C:\Program Files\EA GAMES
2009-01-25 08:09:15 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-25 08:08:46 ----D---- C:\Program Files\AGEIA Technologies
2009-01-21 16:27:35 ----D---- C:\Documents and Settings\Administrator\Application Data\Hamachi
2009-01-19 18:46:11 ----D---- C:\Program Files\Steam
2009-01-18 18:43:21 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-18 18:37:59 ----D---- C:\Program Files\Bonjour
2009-01-17 13:08:16 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-16 23:50:29 ----D---- C:\Program Files\Google
2009-01-15 19:41:50 ----A---- C:\WINDOWS\system.ini
2009-01-15 19:39:52 ----D---- C:\WINDOWS\AppPatch
2009-01-15 19:39:52 ----D---- C:\Program Files\Common Files
2009-01-15 03:00:57 ----A---- C:\WINDOWS\imsins.BAK
2009-01-15 03:00:25 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-15 02:22:22 ----A---- C:\WINDOWS\system32\ieframe.dll.mui
2009-01-15 02:19:22 ----A---- C:\WINDOWS\system32\advpack.dll.mui
2009-01-15 02:17:22 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-01-15 02:13:18 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-01-15 02:12:12 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-01-15 02:06:48 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-01-15 02:06:22 ----A---- C:\WINDOWS\system32\WinFXDocObj.exe
2009-01-15 02:06:08 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-01-15 02:06:00 ----A---- C:\WINDOWS\system32\url.dll
2009-01-15 02:05:42 ----A---- C:\WINDOWS\system32\wininet.dll
2009-01-15 02:05:34 ----A---- C:\WINDOWS\system32\occache.dll
2009-01-15 02:05:34 ----A---- C:\WINDOWS\system32\msrating.dll
2009-01-15 02:05:34 ----A---- C:\WINDOWS\system32\licmgr10.dll
2009-01-15 02:04:28 ----A---- C:\WINDOWS\system32\corpol.dll
2009-01-15 02:04:16 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-01-15 02:03:58 ----A---- C:\WINDOWS\system32\jscript.dll
2009-01-15 02:03:50 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-01-15 02:03:42 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-01-15 02:03:36 ----A---- C:\WINDOWS\system32\vbscript.dll
2009-01-15 02:03:32 ----A---- C:\WINDOWS\system32\admparse.dll
2009-01-15 02:03:28 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-01-15 02:03:20 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-01-15 02:03:18 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-01-15 02:03:18 ----A---- C:\WINDOWS\system32\iesetup.dll
2009-01-15 02:03:14 ----A---- C:\WINDOWS\system32\inseng.dll
2009-01-15 02:03:14 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-01-15 02:03:12 ----A---- C:\WINDOWS\system32\advpack.dll
2009-01-15 02:02:50 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-01-15 02:02:40 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-01-15 02:02:20 ----A---- C:\WINDOWS\system32\mstime.dll
2009-01-15 02:01:52 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-01-15 02:01:42 ----A---- C:\WINDOWS\system32\msfeedssync.exe
2009-01-15 02:01:40 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-01-15 02:01:40 ----A---- C:\WINDOWS\system32\icardie.dll
2009-01-15 02:01:26 ----A---- C:\WINDOWS\system32\imgutil.dll
2009-01-15 02:01:22 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-01-15 02:01:18 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-01-15 02:01:16 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-01-15 02:01:06 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-01-15 02:00:46 ----A---- C:\WINDOWS\system32\mshtmler.dll
2009-01-15 02:00:38 ----A---- C:\WINDOWS\system32\mshta.exe
2009-01-15 01:50:50 ----A---- C:\WINDOWS\system32\ieui.dll
2009-01-15 01:50:38 ----A---- C:\WINDOWS\system32\msls31.dll
2009-01-15 01:35:10 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-01-11 20:25:23 ----SD---- C:\WINDOWS\Tasks
2009-01-08 22:42:27 ----D---- C:\WINDOWS\system32\config
2009-01-08 22:33:21 ----RASH---- C:\boot.ini
2009-01-04 11:19:25 ----D---- C:\Program Files\MSN Messenger
2009-01-03 14:54:59 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-03 14:54:04 ----AC---- C:\WINDOWS\OEWABLog.txt
2009-01-03 14:51:49 ----AC---- C:\WINDOWS\setuplog.txt
2009-01-03 14:50:41 ----D---- C:\WINDOWS\system32\Setup
2009-01-03 14:50:40 ----D---- C:\WINDOWS\system32\wbem
2009-01-03 14:50:38 ----RSD---- C:\WINDOWS\Fonts
2009-01-03 14:28:35 ----D---- C:\WINDOWS\security
2009-01-03 14:18:11 ----D---- C:\WINDOWS\WinSxS
2009-01-03 14:17:44 ----D---- C:\WINDOWS\system32\inetsrv
2009-01-03 14:17:43 ----D---- C:\WINDOWS\network diagnostic
2009-01-03 14:17:43 ----D---- C:\WINDOWS\ime
2009-01-03 14:17:29 ----D---- C:\WINDOWS\system32\usmt
2009-01-03 14:17:19 ----D---- C:\WINDOWS\PeerNet
2009-01-03 14:17:19 ----D---- C:\Program Files\Movie Maker
2009-01-03 14:12:53 ----D---- C:\WINDOWS\system32\Restore
2009-01-03 14:12:52 ----D---- C:\WINDOWS\system32\npp
2009-01-03 14:12:52 ----D---- C:\WINDOWS\mui
2009-01-03 14:12:50 ----D---- C:\WINDOWS\msagent
2009-01-03 14:12:48 ----D---- C:\WINDOWS\srchasst
2009-01-03 14:12:38 ----D---- C:\Program Files\NetMeeting
2009-01-03 14:12:36 ----D---- C:\WINDOWS\system32\Com
2009-01-03 14:12:32 ----D---- C:\Program Files\Windows Media Player
2009-01-03 14:12:31 ----D---- C:\Program Files\Windows NT
2009-01-03 14:12:31 ----D---- C:\Program Files\Outlook Express
2009-01-03 14:12:25 ----D---- C:\Program Files\Common Files\System
2009-01-03 14:11:55 ----D---- C:\WINDOWS\system32\oobe
2009-01-03 14:11:50 ----D---- C:\WINDOWS\system
2009-01-03 14:05:53 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-01-03 14:01:18 ----D---- C:\WINDOWS\ehome
2009-01-03 02:28:16 ----D---- C:\WINDOWS\SoftwareDistribution
2009-01-02 14:42:51 ----D---- C:\Program Files\Starcraft
2008-12-25 13:51:27 ----D---- C:\Program Files\DivX
2008-12-23 22:26:18 ----D---- C:\Program Files\Common Files\Apple
2008-12-23 22:15:54 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-15 13:46:27 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-13 10:12:15 ----D---- C:\Program Files\Electronic Arts
2008-12-12 16:00:13 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-12-08 17:16:06 ----D---- C:\WINDOWS\Minidump
2008-12-05 16:38:56 ----D---- C:\Program Files\AIM6
2008-12-05 16:37:42 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-11-30 18:02:56 ----D---- C:\Program Files\Veoh Networks
2008-11-23 15:01:42 ----D---- C:\Program Files\NewTech Infosystems

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 37760]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-03-13 29704]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 33800]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-04-09 31548]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-11-13 20747]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2004-07-16 16512]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-03-13 40456]
R2 npkcrypt;npkcrypt; \??\C:\Program Files\Wizet\MapleStory\npkcrypt.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 GPCIDrv;GPCIDrv; \??\C:\WINDOWS\GPCIDrv.sys []
R3 GVTDrv;GVTDrv; \??\C:\WINDOWS\system32\Drivers\GVTDrv.sys []
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-12-03 25280]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2007-09-05 92544]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-09-18 6144]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2005-11-02 10368]
R3 PID_0920;Logitech QuickCam Express(PID_0920); C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2005-01-31 163328]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888]
R3 RT61;Airlink101 MIMO XR PCI Adapter Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2006-01-19 363008]
R3 tbcspud;Santa Cruz Driver; C:\WINDOWS\system32\drivers\tbcspud.sys [2002-04-17 144768]
R3 tbcwdm;Santa Cruz WDM Driver; C:\WINDOWS\system32\drivers\tbcwdm.sys [2002-04-17 545088]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-14 48128]
S3 a9funiis;a9funiis; C:\WINDOWS\system32\drivers\a9funiis.sys []
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-10-26 4124352]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-14 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\DNINDIS5.SYS []
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-02-13 85969]
S3 hwmouser;Hanwang Technology CO.LTD HID Tablet Device; C:\WINDOWS\system32\DRIVERS\hwpad.sys [2005-05-23 29256]
S3 kaspersky1;kaspersky1; \??\C:\Documents and Settings\Administrator\Desktop\omg\kaspersky.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-14 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 npkcusb;npkcusb; \??\C:\Nexon\MapleStory\npkcusb.sys []
S3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys [2006-11-07 22272]
S3 S3chipid;S3chipid; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{2B43252C-A1E3-4C47-927C-9F2C276D3515}\S3chipid.sys []
S3 saruenGang;saruenGang; \??\C:\Documents and Settings\Administrator\Desktop\Zenos Engine\saruenGang.sys []
S3 sejt1;sejt1; \??\C:\Documents and Settings\Administrator\Desktop\AkumaEngine33\sejt.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 StreamSurge;StreamSurge Driver (miniport); C:\WINDOWS\system32\DRIVERS\ss.sys []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2004-12-07 172672]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service; C:\WINDOWS\system32\DRIVERS\WPN111.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xp1;xp1; \??\C:\Documents and Settings\Administrator\Desktop\xpengine\xp.sys []
S3 zenos1;zenos1; \??\C:\Documents and Settings\Administrator\Desktop\ms\zenos\zenos.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-03-13 472320]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-11-05 307200]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MIMO XR TM PCI WLService;MIMO XR TM PCI Adapter WLService; C:\Program Files\Airlink101\AWLH5026\WLService.exe [2006-03-16 49152]
R2 npkcmsvc;npkcmsvc; C:\Nexon\Mabinogi\npkcmsvc.exe [2007-08-02 80528]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-10-06 66872]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-09-09 570880]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-04-22 359160]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2007-04-23 310008]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-04-23 166648]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-09-12 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-03-13 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-05-23 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-16 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-04-22 88824]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-04-23 1010424]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Mbiicvic;Mbiicvic; C:\WINDOWS\system32\drivers\tcpip6.sys [2008-06-20 225856]
S4 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
S4 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]

-----------------EOF-----------------

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 21 February 2009 - 04:33 PM

Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O20 - Winlogon Notify: qoMdETMD - qoMdETMD.dll (file missing)

Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.



Note: BitDefender Online Scan can only be used with Internet Explorer..

Lets do an online scan with BitDefender Online Scanner
  • Click on I Agree
  • Please install the Add-ons if requested
  • Click on Start Scan
  • Let it update its virus definition.. It will then automatically scan all your files and folders..
  • If infections found, it will attempt to disinfect/delete the infection..
  • After the scan finish, click on More Detail >>
  • Go to Detected Problems tab and click on Click here to export the scan report
  • Save the report as result.html on your Desktop. Copy the whole content of result.html and paste it in Notepad
  • Save the result in the Notepad and post the contents here in your next reply


How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 cflip

cflip
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 22 February 2009 - 03:09 PM

BitDefender Online Scanner







Scan report generated at: Sun, Feb 22, 2009 - 00:25:32









Scan path: C:\;D:\;E:\;F:\;















Statistics

Time


03:46:44

Files


675797

Folders


17327

Boot Sectors


0

Archives


9922

Packed Files


46938







Results

Identified Viruses


8

Infected Files


16

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


16







Engines Info

Virus Definitions


2680365

Engine build


AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Scan plugins


17

Archive plugins


45

Unpack plugins


7

E-mail plugins


6

System plugins


4







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Program Files\Game Cam v1.4\game.cam.v1.4-patch.exe


Infected with: Trojan.Generic.1173196

C:\Program Files\Game Cam v1.4\game.cam.v1.4-patch.exe


Deleted

C:\System Volume Information\_restore{C76ABCDE-02DE-4991-AC49-286B4D9261E7}\RP1285\A0933903.dll


Infected with: Trojan.Vundo.GGM

C:\System Volume Information\_restore{C76ABCDE-02DE-4991-AC49-286B4D9261E7}\RP1285\A0933903.dll


Disinfection failed

C:\System Volume Information\_restore{C76ABCDE-02DE-4991-AC49-286B4D9261E7}\RP1285\A0933903.dll


Deleted

C:\System Volume Information\_restore{C76ABCDE-02DE-4991-AC49-286B4D9261E7}\RP1285\A0933906.dll


Infected with: Trojan.Vundo.GEZ

C:\System Volume Information\_restore{C76ABCDE-02DE-4991-AC49-286B4D9261E7}\RP1285\A0933906.dll


Disinfection failed

C:\System Volume Information\_restore{C76ABCDE-02DE-4991-AC49-286B4D9261E7}\RP1285\A0933906.dll


Deleted

C:\System Volume Information\_restore{C76ABCDE-02DE-4991-AC49-286B4D9261E7}\RP1291\A0935200.exe


Infected with: Trojan.Generic.1326652

C:\System Volume Information\_restore{C76ABCDE-02DE-4991-AC49-286B4D9261E7}\RP1291\A0935200.exe


Deleted

C:\System Volume Information\_restore{C76ABCDE-02DE-4991-AC49-286B4D9261E7}\RP1293\A0935364.exe


Infected with: Trojan.Generic.1326172

C:\System Volume Information\_restore{C76ABCDE-02DE-4991-AC49-286B4D9261E7}\RP1293\A0935364.exe


Deleted

C:\System Volume Information\_restore{C76ABCDE-02DE-4991-AC49-286B4D9261E7}\RP1298\A0936784.exe


Infected with: Trojan.Generic.1358427

C:\System Volume Information\_restore{C76ABCDE-02DE-4991-AC49-286B4D9261E7}\RP1298\A0936784.exe


Deleted

C:\System Volume Information\_restore{C76ABCDE-02DE-4991-AC49-286B4D9261E7}\RP1335\A0953336.dll


Infected with: Gen:Trojan.Heur.564E44

C:\System Volume Information\_restore{C76ABCDE-02DE-4991-AC49-286B4D9261E7}\RP1335\A0953336.dll


Disinfection failed

C:\System Volume Information\_restore{C76ABCDE-02DE-4991-AC49-286B4D9261E7}\RP1335\A0953336.dll


Deleted

C:\System Volume Information\_restore{C76ABCDE-02DE-4991-AC49-286B4D9261E7}\RP1336\A0953372.dll


Infected with: Gen:Trojan.Heur.564E44

C:\System Volume Information\_restore{C76ABCDE-02DE-4991-AC49-286B4D9261E7}\RP1336\A0953372.dll


Disinfection failed

C:\System Volume Information\_restore{C76ABCDE-02DE-4991-AC49-286B4D9261E7}\RP1336\A0953372.dll


Deleted

C:\System Volume Information\_restore{C76ABCDE-02DE-4991-AC49-286B4D9261E7}\RP1362\A0956299.dll


Infected with: Gen:Trojan.Heur.564E44

C:\System Volume Information\_restore{C76ABCDE-02DE-4991-AC49-286B4D9261E7}\RP1362\A0956299.dll


Disinfection failed

C:\System Volume Information\_restore{C76ABCDE-02DE-4991-AC49-286B4D9261E7}\RP1362\A0956299.dll


Deleted

C:\System Volume Information\_restore{C76ABCDE-02DE-4991-AC49-286B4D9261E7}\RP1363\A0956335.dll


Infected with: Gen:Trojan.Heur.564E44

C:\System Volume Information\_restore{C76ABCDE-02DE-4991-AC49-286B4D9261E7}\RP1363\A0956335.dll


Disinfection failed

C:\System Volume Information\_restore{C76ABCDE-02DE-4991-AC49-286B4D9261E7}\RP1363\A0956335.dll


Deleted

C:\System Volume Information\_restore{C76ABCDE-02DE-4991-AC49-286B4D9261E7}\RP1365\A0958510.exe


Infected with: Trojan.Generic.888360

C:\System Volume Information\_restore{C76ABCDE-02DE-4991-AC49-286B4D9261E7}\RP1365\A0958510.exe


Deleted

C:\System Volume Information\_restore{C76ABCDE-02DE-4991-AC49-286B4D9261E7}\RP1371\A0959887.exe


Infected with: Trojan.Generic.1173196

C:\System Volume Information\_restore{C76ABCDE-02DE-4991-AC49-286B4D9261E7}\RP1371\A0959887.exe


Deleted

C:\_OTMoveIt\MovedFiles\02152009_223243\WINDOWS\system32\fjsddh.dll


Infected with: Gen:Trojan.Heur.564E44

C:\_OTMoveIt\MovedFiles\02152009_223243\WINDOWS\system32\fjsddh.dll


Disinfection failed

C:\_OTMoveIt\MovedFiles\02152009_223243\WINDOWS\system32\fjsddh.dll


Deleted

C:\_OTMoveIt\MovedFiles\02152009_223243\WINDOWS\system32\hjfjcyro.dll


Infected with: Gen:Trojan.Heur.564E44

C:\_OTMoveIt\MovedFiles\02152009_223243\WINDOWS\system32\hjfjcyro.dll


Disinfection failed

C:\_OTMoveIt\MovedFiles\02152009_223243\WINDOWS\system32\hjfjcyro.dll


Deleted

C:\_OTMoveIt\MovedFiles\02152009_223243\WINDOWS\system32\kriywdtc.dll


Infected with: Gen:Trojan.Heur.564E44

C:\_OTMoveIt\MovedFiles\02152009_223243\WINDOWS\system32\kriywdtc.dll


Disinfection failed

C:\_OTMoveIt\MovedFiles\02152009_223243\WINDOWS\system32\kriywdtc.dll


Deleted

C:\_OTMoveIt\MovedFiles\02152009_223243\WINDOWS\system32\pjtgjh.dll


Infected with: Gen:Trojan.Heur.564E44

C:\_OTMoveIt\MovedFiles\02152009_223243\WINDOWS\system32\pjtgjh.dll


Disinfection failed

C:\_OTMoveIt\MovedFiles\02152009_223243\WINDOWS\system32\pjtgjh.dll


Deleted





















seems to be running fine

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:05 AM

Posted 22 February 2009 - 04:26 PM

Looks good to me.. Lets do some cleanup...


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Let's clean your Restore Points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous Restore Points which are likely to be infected)
To create a new Restore Point.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK. This will flush your old System Restore.
  • Then please UNCHECK the Turn off System Restore.
  • Click again on Apply, and then click OK. This will create a new Restore Point
System Restore will now be active again

If you are using Windows Vista, please go HERE for tutorial on how to use, disable and enable System Restore

Then please create a fresh Restore Point... Please visit this webpage if you do not know how..

If you are using Windows Vista, please visit this webpage for more information.





Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware



Read these links about safe internet surfing..

http://www.pcpitstop.com/spycheck/safesurfing.asp
http://bluefive.pair.com/practice_safe_surfing.htm



Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbup2:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 cflip

cflip
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 27 February 2009 - 09:00 PM

seems pretty good

thank you very much for your time
much appreciated




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users