Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant update/install existing or new anti-virus


  • This topic is locked This topic is locked
16 replies to this topic

#1 Reecie

Reecie

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 11 February 2009 - 02:14 AM

Hello,

I've been having a really annoying issue with my laptop the past week

its running Windows Vista Home Basic edition

Advertisements keep popping up every 10minutes, google pages now open in a new window and take me to an advertisement, i have to click the back button to get to the page i was aiming for.

Cant install Spybot S&D
Cant update AVG or update ANY anti-virus or anti-spyware says no Internet connection when I can still browse the internet easily

"Your computer (IP: 60.225.242.1) generates an attacking DOS requests at our servers. This attack was provoked by the spyware/virus named 'Troj/Rustok-N'"

I have recieved this message from a website.

HiJackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:03:36 PM, on 11/02/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/...NPUplden-au.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AA8DBD6-5A30-424F-B238-D41730331642}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F59D241-6A48-4567-85FD-E88D6B53430B}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS1\Services\Tcpip\..\{1AA8DBD6-5A30-424F-B238-D41730331642}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS2\Services\Tcpip\..\{1AA8DBD6-5A30-424F-B238-D41730331642}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10026 bytes



Thank you for taking the time to assist me in this issue

Regards, Reece


BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 11 February 2009 - 03:28 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 Reecie

Reecie
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 11 February 2009 - 04:05 AM

hello fenzo,

Unfortunately im stuck on the first step because i am unable to update anything because it says my Internet Connection does not exist.

Thank you for your reply.

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 11 February 2009 - 04:52 AM

Just run Malwarebytes' then and complete the other steps too :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 Reecie

Reecie
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 11 February 2009 - 06:23 AM

Hello again fenzo and once again thank you for your reply

After several attempts to run a successful scan with GMER.exe it continues to freeze the entire computer including mouse movements when it starts scanning "\CDF"; Unsure why this is.

Looking forward to your reply

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 11 February 2009 - 07:03 AM

Post me the Malwarebytes' and RSIT reports only.. I'll look at them :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 Reecie

Reecie
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 11 February 2009 - 08:57 AM

Sorry for the delayed reply,

below are the logs you requested

Malware Bytes:

Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 6.0.6000

11/02/2009 11:54:08 PM
mbam-log-2009-02-11 (23-53-59).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 231691
Time elapsed: 1 hour(s), 51 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 9
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1aa8dbd6-5a30-424f-b238-d41730331642}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5f59d241-6a48-4567-85fd-e88d6b53430b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1aa8dbd6-5a30-424f-b238-d41730331642}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5f59d241-6a48-4567-85fd-e88d6b53430b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1aa8dbd6-5a30-424f-b238-d41730331642}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5f59d241-6a48-4567-85fd-e88d6b53430b}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


LOG.txt

Logfile of random's system information tool 1.05 (written by random/random)
Run by sarah at 2009-02-11 21:52:20
Microsoft® Windows Vista™ Home Basic
System drive C: has 22 GB (33%) free of 66 GB
Total RAM: 1013 MB (12% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:27 PM, on 11/02/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\sarah\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\sarah.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/...NPUplden-au.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AA8DBD6-5A30-424F-B238-D41730331642}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F59D241-6A48-4567-85FD-E88D6B53430B}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS1\Services\Tcpip\..\{1AA8DBD6-5A30-424F-B238-D41730331642}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS2\Services\Tcpip\..\{1AA8DBD6-5A30-424F-B238-D41730331642}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9758 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-18 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live OneCare Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2007-12-17 56360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-10-25 212992]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-04 178712]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-10-01 181544]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-28 202032]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-09-14 222504]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-11-22 1006264]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-23 80896]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"HP Health Check Scheduler"=[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-09 54840]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-10-04 480560]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-18 1261336]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]
"MSConfig"=C:\Windows\system32\msconfig.exe [2006-11-02 222208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
C:\Program Files\Windows Live\Family Safety\fssui.exe [2007-12-17 243240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-01-20 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
C:\Windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-03-14 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^sarah^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2008-09-12 384000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 3 months======

2009-02-11 20:48:04 ----A---- C:\Windows\gmer.ini
2009-02-11 20:47:50 ----A---- C:\Windows\gmer_uninstall.cmd
2009-02-11 20:47:50 ----A---- C:\Windows\gmer.exe
2009-02-11 20:47:50 ----A---- C:\Windows\gmer.dll
2009-02-11 20:32:52 ----D---- C:\rsit
2009-02-11 19:00:45 ----D---- C:\Users\sarah\AppData\Roaming\Malwarebytes
2009-02-11 19:00:31 ----D---- C:\ProgramData\Malwarebytes
2009-02-11 19:00:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-11 17:02:46 ----D---- C:\Program Files\Trend Micro
2009-02-11 02:46:12 ----D---- C:\Windows\pss
2009-02-11 02:33:11 ----D---- C:\Windows\BDOSCAN8
2009-02-10 20:53:30 ----D---- C:\Users\sarah\AppData\Roaming\vlc
2009-02-10 20:51:53 ----D---- C:\Program Files\VideoLAN
2009-02-08 03:10:57 ----D---- C:\RECYCLER
2009-02-08 03:10:41 ----D---- C:\Program Files\freshplay
2009-02-06 01:46:16 ----D---- C:\Users\sarah\AppData\Roaming\Yahoo!
2009-02-06 01:46:09 ----D---- C:\Program Files\Yahoo!
2009-02-06 01:45:58 ----D---- C:\Program Files\CCleaner
2009-02-04 00:36:33 ----D---- C:\Program Files\Common Files\DESIGNER
2009-02-04 00:32:00 ----SHD---- C:\Config.Msi
2009-01-27 19:00:26 ----D---- C:\ProgramData\FLEXnet
2009-01-27 18:47:53 ----D---- C:\Program Files\Bonjour
2009-01-27 18:30:46 ----D---- C:\Program Files\Common Files\Macrovision Shared
2009-01-21 01:38:45 ----D---- C:\Users\sarah\AppData\Roaming\MAXON
2009-01-20 14:41:38 ----D---- C:\Program Files\Common Files\Apple
2009-01-20 14:41:23 ----D---- C:\ProgramData\Apple Computer
2009-01-20 14:39:08 ----D---- C:\Program Files\Apple Software Update
2009-01-20 14:39:07 ----D---- C:\ProgramData\Apple
2009-01-20 14:34:59 ----D---- C:\Program Files\QuickTime
2009-01-14 21:05:33 ----D---- C:\Users\sarah\AppData\Roaming\OpenOffice.org
2009-01-14 21:01:14 ----D---- C:\Program Files\JRE
2009-01-14 21:01:03 ----D---- C:\Program Files\OpenOffice.org 3
2009-01-14 21:00:09 ----A---- C:\Windows\system32\javaws.exe
2009-01-14 21:00:09 ----A---- C:\Windows\system32\javaw.exe
2009-01-14 21:00:09 ----A---- C:\Windows\system32\java.exe
2009-01-14 00:48:45 ----D---- C:\Users\sarah\AppData\Roaming\DivX
2009-01-14 00:48:12 ----D---- C:\Program Files\Common Files\PX Storage Engine
2009-01-14 00:47:32 ----D---- C:\Program Files\DivX
2008-12-20 18:15:16 ----D---- C:\murcielago guides
2008-12-20 16:22:22 ----A---- C:\Windows\system32\tsccvid.dll
2008-12-20 05:53:01 ----HD---- C:\$AVG8.VAULT$
2008-12-20 02:49:25 ----D---- C:\Users\sarah\AppData\Roaming\WinRAR
2008-12-20 02:48:11 ----D---- C:\Program Files\WinRAR
2008-12-20 00:30:52 ----D---- C:\Program Files\MAXON
2008-12-20 00:10:40 ----A---- C:\Program Files\setuplog.txt
2008-12-19 03:16:50 ----A---- C:\Windows\system32\mshtml.dll
2008-12-18 23:22:54 ----D---- C:\Xfrog 4.3
2008-12-18 23:22:32 ----D---- C:\MAXON_CINEMA_4D_V10.5_UPDATE
2008-12-18 23:19:50 ----D---- C:\MAXON.CINEMA.4D.Studio.Bundle.v10.111.Multilanguage
2008-12-18 15:19:13 ----D---- C:\Users\sarah\AppData\Roaming\Autodesk
2008-12-18 14:46:31 ----D---- C:\ProgramData\Autodesk
2008-12-18 14:45:19 ----A---- C:\Windows\system32\d3dx10_34.dll
2008-12-18 14:45:19 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2008-12-18 14:45:16 ----A---- C:\Windows\system32\d3dx9_34.dll
2008-12-18 14:45:14 ----A---- C:\Windows\system32\d3dx10.dll
2008-12-18 14:45:07 ----A---- C:\Windows\system32\d3dx9_31.dll
2008-12-18 12:12:06 ----D---- C:\Autodesk
2008-12-18 11:12:52 ----D---- C:\Program Files\Microsoft Silverlight
2008-12-18 11:08:04 ----D---- C:\ProgramData\AOL
2008-12-18 10:56:06 ----A---- C:\Windows\system32\avgrsstx.dll
2008-12-18 10:55:07 ----D---- C:\Program Files\AVG
2008-12-18 10:55:06 ----D---- C:\ProgramData\avg8
2008-12-17 22:43:32 ----A---- C:\Windows\system32\d3dx9_26.dll
2008-12-17 22:26:52 ----D---- C:\Program Files\MagicISO
2008-12-17 18:45:27 ----D---- C:\Program Files\BitLord
2008-12-11 15:41:00 ----A---- C:\Windows\system32\tzres.dll
2008-12-11 10:33:26 ----A---- C:\Windows\system32\dtu100.dll
2008-12-11 10:33:26 ----A---- C:\Windows\system32\dpl100.dll
2008-12-10 16:30:28 ----A---- C:\Windows\system32\gdi32.dll
2008-12-10 16:30:15 ----A---- C:\Windows\system32\gameux.dll
2008-12-10 16:30:12 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-10 16:30:08 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-10 16:29:40 ----A---- C:\Windows\system32\shell32.dll
2008-12-10 16:29:00 ----A---- C:\Windows\explorer.exe
2008-12-10 16:28:44 ----A---- C:\Windows\system32\urlmon.dll
2008-12-10 16:28:43 ----A---- C:\Windows\system32\ieframe.dll
2008-12-10 16:28:39 ----A---- C:\Windows\system32\wininet.dll
2008-12-10 16:28:37 ----A---- C:\Windows\system32\mshtmled.dll
2008-12-10 16:28:36 ----A---- C:\Windows\system32\mstime.dll
2008-12-10 16:28:36 ----A---- C:\Windows\system32\ieapfltr.dll
2008-12-10 16:28:35 ----A---- C:\Windows\system32\ieui.dll
2008-12-10 16:28:35 ----A---- C:\Windows\system32\iernonce.dll
2008-12-10 16:28:35 ----A---- C:\Windows\system32\ie4uinit.exe
2008-12-10 16:28:35 ----A---- C:\Windows\system32\advpack.dll
2008-12-10 16:28:34 ----A---- C:\Windows\system32\iesetup.dll
2008-12-10 16:28:34 ----A---- C:\Windows\system32\iertutil.dll
2008-12-10 16:28:34 ----A---- C:\Windows\system32\dxtrans.dll
2008-12-10 16:28:33 ----A---- C:\Windows\system32\pngfilt.dll
2008-12-10 16:28:33 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-10 16:28:33 ----A---- C:\Windows\system32\ieUnatt.exe
2008-12-10 16:28:33 ----A---- C:\Windows\system32\icardie.dll
2008-12-10 16:28:33 ----A---- C:\Windows\system32\dxtmsft.dll
2008-12-10 16:28:14 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-10 16:28:14 ----A---- C:\Windows\system32\mf.dll
2008-12-10 16:28:11 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-10 16:28:10 ----A---- C:\Windows\system32\logagent.exe
2008-12-10 16:28:09 ----A---- C:\Windows\system32\rrinstaller.exe
2008-12-10 16:28:09 ----A---- C:\Windows\system32\mfps.dll
2008-12-10 16:28:09 ----A---- C:\Windows\system32\mfpmp.exe
2008-12-10 16:28:08 ----A---- C:\Windows\system32\mferror.dll
2008-12-09 12:28:52 ----A---- C:\Windows\system32\dpv11.dll
2008-12-09 12:28:52 ----A---- C:\Windows\system32\dpus11.dll
2008-12-09 12:28:52 ----A---- C:\Windows\system32\dpuGUI11.dll
2008-12-09 12:28:52 ----A---- C:\Windows\system32\dpu11.dll
2008-12-04 04:27:49 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-12-04 04:27:48 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2008-12-04 04:27:48 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2008-12-04 04:27:28 ----A---- C:\Windows\system32\msxml3.dll
2008-12-04 04:27:27 ----A---- C:\Windows\system32\msxml3r.dll
2008-12-04 04:27:23 ----A---- C:\Windows\system32\netapi32.dll
2008-12-04 04:27:15 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-12-04 04:27:15 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-12-04 04:27:14 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-12-04 04:27:10 ----A---- C:\Windows\system32\connect.dll
2008-12-04 04:25:24 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-12-04 04:25:24 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-12-04 04:24:54 ----A---- C:\Windows\system32\msxml6.dll
2008-12-04 04:24:52 ----A---- C:\Windows\system32\msxml6r.dll
2008-12-04 03:28:07 ----A---- C:\Windows\system32\wups2.dll
2008-12-04 03:28:07 ----A---- C:\Windows\system32\wucltux.dll
2008-12-04 03:28:07 ----A---- C:\Windows\system32\wuaueng.dll
2008-12-04 03:28:07 ----A---- C:\Windows\system32\wuauclt.exe
2008-12-04 03:27:22 ----A---- C:\Windows\system32\wups.dll
2008-12-04 03:27:22 ----A---- C:\Windows\system32\wudriver.dll
2008-12-04 03:27:21 ----A---- C:\Windows\system32\wuapi.dll
2008-12-04 03:26:51 ----A---- C:\Windows\system32\wuwebv.dll
2008-12-04 03:26:51 ----A---- C:\Windows\system32\wuapp.exe
2008-11-12 00:48:20 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-11-12 00:48:12 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-11-12 00:46:28 ----A---- C:\Windows\system32\NlsData0009.dll
2008-11-12 00:46:26 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-11-12 00:46:25 ----A---- C:\Windows\system32\NlsData000c.dll
2008-11-12 00:46:19 ----A---- C:\Windows\system32\NlsData000a.dll
2008-11-12 00:46:15 ----A---- C:\Windows\system32\NlsData000d.dll
2008-11-12 00:46:13 ----A---- C:\Windows\system32\NlsData0027.dll
2008-11-12 00:46:12 ----A---- C:\Windows\system32\NlsData0001.dll
2008-11-12 00:46:11 ----A---- C:\Windows\system32\NlsData0011.dll
2008-11-12 00:46:09 ----A---- C:\Windows\system32\NlsData0007.dll
2008-11-12 00:46:08 ----A---- C:\Windows\system32\NlsData003e.dll
2008-11-12 00:46:07 ----A---- C:\Windows\system32\NlsData0021.dll
2008-11-12 00:46:06 ----A---- C:\Windows\system32\NlsData002a.dll
2008-11-12 00:46:05 ----A---- C:\Windows\system32\NlsData0022.dll
2008-11-12 00:46:05 ----A---- C:\Windows\system32\NlsData0002.dll
2008-11-12 00:46:04 ----A---- C:\Windows\system32\NlsData0018.dll
2008-11-12 00:46:03 ----A---- C:\Windows\system32\NlsData000f.dll
2008-11-12 00:46:02 ----A---- C:\Windows\system32\NlsData001a.dll
2008-11-12 00:46:01 ----A---- C:\Windows\system32\NlsData0024.dll
2008-11-12 00:45:59 ----A---- C:\Windows\system32\NlsData0019.dll
2008-11-12 00:45:54 ----A---- C:\Windows\system32\NlsData0010.dll
2008-11-12 00:45:53 ----A---- C:\Windows\system32\NlsData001d.dll
2008-11-12 00:45:51 ----A---- C:\Windows\system32\NlsData0816.dll
2008-11-12 00:45:47 ----A---- C:\Windows\system32\NlsData0013.dll
2008-11-12 00:45:42 ----A---- C:\Windows\system32\NlsData0039.dll
2008-11-12 00:45:41 ----A---- C:\Windows\system32\NlsData0049.dll
2008-11-12 00:45:39 ----A---- C:\Windows\system32\NlsData0020.dll
2008-11-12 00:45:34 ----A---- C:\Windows\system32\NlsData0416.dll
2008-11-12 00:45:32 ----A---- C:\Windows\system32\NlsData0414.dll
2008-11-12 00:45:27 ----A---- C:\Windows\system32\NlsData0047.dll
2008-11-12 00:45:26 ----A---- C:\Windows\system32\NlsData004c.dll
2008-11-12 00:45:25 ----A---- C:\Windows\system32\NlsData004a.dll
2008-11-12 00:45:24 ----A---- C:\Windows\system32\NlsData081a.dll
2008-11-12 00:45:22 ----A---- C:\Windows\system32\NlsData0c1a.dll
2008-11-12 00:45:21 ----A---- C:\Windows\system32\NlsData001b.dll
2008-11-12 00:45:19 ----A---- C:\Windows\system32\NlsData0000.dll
2008-11-12 00:45:18 ----A---- C:\Windows\system32\NlsData0046.dll
2008-11-12 00:45:17 ----A---- C:\Windows\system32\NlsData0045.dll
2008-11-12 00:45:16 ----A---- C:\Windows\system32\NlsData004b.dll
2008-11-12 00:45:15 ----A---- C:\Windows\system32\NlsData004e.dll
2008-11-12 00:45:10 ----A---- C:\Windows\system32\NlsData0026.dll
2008-11-12 00:45:10 ----A---- C:\Windows\system32\NlsData0003.dll
2008-11-12 00:43:27 ----A---- C:\Windows\system32\NlsModels0011.dll
2008-11-12 00:43:23 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll
2008-11-12 00:43:18 ----A---- C:\Windows\system32\NlsLexicons081a.dll
2008-11-12 00:43:14 ----A---- C:\Windows\system32\NlsLexicons0816.dll
2008-11-12 00:43:11 ----A---- C:\Windows\system32\NlsLexicons0416.dll
2008-11-12 00:43:08 ----A---- C:\Windows\system32\NlsLexicons0414.dll
2008-11-12 00:43:05 ----A---- C:\Windows\system32\NlsLexicons004c.dll
2008-11-12 00:43:02 ----A---- C:\Windows\system32\NlsLexicons004a.dll
2008-11-12 00:42:59 ----A---- C:\Windows\system32\NlsLexicons003e.dll
2008-11-12 00:42:54 ----A---- C:\Windows\system32\NlsLexicons0027.dll
2008-11-12 00:42:50 ----A---- C:\Windows\system32\NlsLexicons0026.dll
2008-11-12 00:42:46 ----A---- C:\Windows\system32\NlsLexicons0024.dll
2008-11-12 00:42:42 ----A---- C:\Windows\system32\NlsLexicons0022.dll
2008-11-12 00:42:40 ----A---- C:\Windows\system32\NlsLexicons0021.dll
2008-11-12 00:42:37 ----A---- C:\Windows\system32\NlsLexicons001d.dll
2008-11-12 00:42:32 ----A---- C:\Windows\system32\NlsLexicons001b.dll
2008-11-12 00:42:29 ----A---- C:\Windows\system32\NlsLexicons001a.dll
2008-11-12 00:42:25 ----A---- C:\Windows\system32\NlsLexicons0019.dll
2008-11-12 00:42:22 ----A---- C:\Windows\system32\NlsLexicons0018.dll
2008-11-12 00:42:19 ----A---- C:\Windows\system32\NlsLexicons0013.dll
2008-11-12 00:42:17 ----A---- C:\Windows\system32\NlsLexicons0011.dll
2008-11-12 00:42:15 ----A---- C:\Windows\system32\NlsLexicons0010.dll
2008-11-12 00:42:13 ----A---- C:\Windows\system32\NlsLexicons000f.dll
2008-11-12 00:42:09 ----A---- C:\Windows\system32\NlsLexicons000c.dll
2008-11-12 00:42:04 ----A---- C:\Windows\system32\NlsLexicons000a.dll
2008-11-12 00:42:01 ----A---- C:\Windows\system32\NlsLexicons0002.dll
2008-11-12 00:41:55 ----A---- C:\Windows\system32\NlsLexicons0001.dll
2008-11-12 00:41:52 ----A---- C:\Windows\system32\NlsLexicons004e.dll
2008-11-12 00:41:50 ----A---- C:\Windows\system32\NlsLexicons004b.dll
2008-11-12 00:41:49 ----A---- C:\Windows\system32\NlsLexicons0049.dll
2008-11-12 00:41:48 ----A---- C:\Windows\system32\NlsLexicons0047.dll
2008-11-12 00:41:47 ----A---- C:\Windows\system32\NlsLexicons0046.dll
2008-11-12 00:41:45 ----A---- C:\Windows\system32\NlsLexicons0045.dll
2008-11-12 00:41:43 ----A---- C:\Windows\system32\NlsLexicons0039.dll
2008-11-12 00:41:42 ----A---- C:\Windows\system32\NlsLexicons0020.dll
2008-11-12 00:41:41 ----A---- C:\Windows\system32\NlsLexicons000d.dll
2008-11-12 00:41:40 ----A---- C:\Windows\system32\NlsLexicons0003.dll
2008-11-12 00:41:39 ----A---- C:\Windows\system32\NlsLexicons002a.dll
2008-11-12 00:30:34 ----A---- C:\Windows\system32\wmpeffects.dll
2008-11-12 00:27:47 ----A---- C:\Windows\system32\win32spl.dll
2008-11-12 00:27:46 ----A---- C:\Windows\system32\printcom.dll

======List of files/folders modified in the last 3 months======

2009-02-11 21:52:25 ----D---- C:\Windows\Temp
2009-02-11 20:48:04 ----D---- C:\Windows
2009-02-11 20:47:50 ----D---- C:\Windows\system32\drivers
2009-02-11 19:00:31 ----RD---- C:\Program Files
2009-02-11 19:00:31 ----HD---- C:\ProgramData
2009-02-11 18:51:01 ----SHD---- C:\System Volume Information
2009-02-11 13:00:50 ----D---- C:\Windows\inf
2009-02-11 02:33:14 ----SD---- C:\Windows\Downloaded Program Files
2009-02-11 02:21:08 ----D---- C:\Windows\Prefetch
2009-02-09 21:03:45 ----D---- C:\Users\sarah\AppData\Roaming\Adobe
2009-02-08 03:11:36 ----D---- C:\Windows\System32
2009-02-06 01:54:34 ----D---- C:\Windows\Minidump
2009-02-06 01:54:34 ----D---- C:\Windows\Debug
2009-02-04 20:18:18 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-02-04 00:39:46 ----SHD---- C:\Windows\Installer
2009-02-04 00:39:39 ----D---- C:\ProgramData\Microsoft Help
2009-02-04 00:39:14 ----D---- C:\Windows\winsxs
2009-02-04 00:37:39 ----D---- C:\Program Files\Common Files\microsoft shared
2009-02-04 00:36:33 ----D---- C:\Program Files\Common Files
2009-02-04 00:36:25 ----D---- C:\Windows\SHELLNEW
2009-02-04 00:36:11 ----RSD---- C:\Windows\Fonts
2009-01-27 20:36:05 ----SD---- C:\Users\sarah\AppData\Roaming\Microsoft
2009-01-27 18:50:41 ----D---- C:\Program Files\Adobe
2009-01-27 18:49:19 ----D---- C:\ProgramData\Adobe
2009-01-27 18:47:48 ----D---- C:\Program Files\Common Files\Adobe
2009-01-20 14:43:01 ----D---- C:\Program Files\Internet Explorer
2009-01-15 03:14:15 ----D---- C:\Windows\system32\catroot
2009-01-15 03:14:10 ----D---- C:\Program Files\Windows Mail
2009-01-14 21:03:40 ----RSD---- C:\Windows\assembly
2009-01-14 21:00:07 ----D---- C:\Program Files\Java
2009-01-14 09:49:06 ----D---- C:\Windows\system32\catroot2
2009-01-10 11:35:28 ----A---- C:\Windows\system32\mrt.exe
2008-12-22 01:04:17 ----D---- C:\Windows\system32\Macromed
2008-12-21 21:38:50 ----D---- C:\Users\sarah\AppData\Roaming\CyberLink
2008-12-19 03:11:49 ----A---- C:\Windows\win.ini
2008-12-18 11:47:16 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-18 11:47:16 ----D---- C:\Program Files\Apoint2K
2008-12-18 11:17:05 ----D---- C:\Windows\system
2008-12-18 11:06:53 ----D---- C:\Program Files\Windows Live Toolbar
2008-12-18 11:06:18 ----D---- C:\Windows\Tasks
2008-12-18 11:05:17 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-18 10:52:33 ----D---- C:\ProgramData\Symantec
2008-12-17 23:56:18 ----D---- C:\Users\sarah\AppData\Roaming\LimeWire
2008-12-17 22:43:41 ----D---- C:\Windows\Microsoft.NET
2008-12-11 16:44:26 ----D---- C:\Windows\rescache
2008-12-11 15:59:08 ----ASH---- C:\Program Files\desktop.ini
2008-12-11 15:55:19 ----D---- C:\Windows\system32\en-US
2008-12-11 15:55:18 ----D---- C:\Windows\AppPatch
2008-12-11 15:55:13 ----D---- C:\Windows\system32\migration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2008-12-18 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2008-12-18 26824]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [2007-04-03 306295]
R2 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2007-10-17 43816]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-11 8704]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-10-29 162088]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-05-31 735232]
R3 AvgWfpX;AVG Free8 Firewall Driver x86; C:\Windows\System32\Drivers\avgwfpx.sys [2008-12-18 69128]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-02-24 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-02-27 201728]
R3 DNE;Deterministic Network Enhancer Miniport; C:\Windows\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-29 9472]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-19 16768]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-20 208896]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2008-07-22 51200]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-06-23 62464]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2007-11-22 132864]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-02-24 11264]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 CVirtA;Cisco Systems VPN Adapter; C:\Windows\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 E100B;Intel® PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 gmer;gmer; C:\Windows\System32\DRIVERS\gmer.sys [2009-02-11 85969]
S3 gmer;gmer; C:\Windows\System32\DRIVERS\gmer.sys [2009-02-11 85969]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-10-11 176640]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2009-01-14 38496]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-18 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-18 231704]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-04-03 1516584]
R2 fsssvc;Windows Live OneCare Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2007-12-17 523816]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-20 65536]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-03 135168]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-04 358936]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-11 386560]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-06 110592]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-01-27 654848]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2008-01-30 165416]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]

-----------------EOF-----------------


INFO.txt

info.txt logfile of random's system information tool 1.05 2009-02-11 21:52:32

======Uninstall list======

-->"C:\Program Files\HP Games\3D Ultra Minigolf Adventures\Uninstall.exe"
-->"C:\Program Files\HP Games\7 Wonders of the Ancient World\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe"
-->"C:\Program Files\HP Games\Fish Tycoon\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest Solitaire\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Magic Academy\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Otto's Magic Blocks\Uninstall.exe"
-->"C:\Program Files\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"
-->"C:\Program Files\HP Games\Shooting Stars Pool\Uninstall.exe"
-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - Chapter 2 - The Lost Children\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office system-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
3dsmax ancillary install-->MsiExec.exe /I{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Atheros Driver Installation Program-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -l0x9 -removeonly
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Backburner-->MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
BitLord 1.1-->C:\Program Files\BitLord\uninst.exe
Business Contact Manager for Outlook 2007 SP1-->"C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {B32C4059-6E7A-41EF-AD20-56DF1872B923}
Business Contact Manager for Outlook 2007 SP1-->MsiExec.exe /X{B32C4059-6E7A-41EF-AD20-56DF1872B923}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Cisco Systems VPN Client 5.0.00.0340-->MsiExec.exe /X{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -ILEOHERza.INF
CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
ESU for Microsoft Vista-->MsiExec.exe /I{865DB1C9-D5E4-408B-B37D-9927E605BD2D}
freshplay-->"C:\Program Files\freshplay\Uninstall.exe"
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)-->C:\Windows\SQL9_KB948109_ENU\Hotfix.exe /Uninstall
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -I*.INF
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD0E2B92-3814-46F0-893B-4612EA010C7E}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP DVD Play 3.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /I{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Quick Launch Buttons 6.30 E2-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP Update-->MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
HP User Guides 0093-->MsiExec.exe /I{D7358B07-4F10-4014-9869-7999578BE8ED}
HP Wireless Assistant-->MsiExec.exe /I{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}
Intel® Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel® Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
Intel® TV Wizard-->C:\Windows\system32\TVWizudlg.exe -uninstall
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
Magic ISO Maker v5.5 (build 0273)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaRing Talk-->"C:\Program Files\MediaRing\MediaRing Talk\Uninstall.exe" "C:\Program Files\MediaRing\MediaRing Talk\install.log" -u
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies-->MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components-->MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office XP Media Content-->MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSCU for Microsoft Vista-->MsiExec.exe /I{F7F3B252-E772-48AA-93EB-7964BC326067}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 6.1-->C:\Program Files\InstallShield Installation Information\{250E9609-E830-43EB-B379-DAB7546A2422}\muveesetup.exe -removeonly -runfromtemp
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
OpenOffice.org 3.0-->MsiExec.exe /I{F44DA61E-720D-4E79-871F-F6E628B33242}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
QuickPlay SlingPlayer 0.4.4-->"C:\Program Files\HP\QuickPlay\unins000.exe"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9 -removeonly
SecureW2 EAP Suite 1.0.5 for Windows-->C:\Program Files\SecureW2\Uninstall.exe
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}
Update for Microsoft Office Access 2007 Help (KB957241)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {D670F9B9-3E84-47B5-8A4A-618B65DB1593}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Publisher 2007 Help (KB957249)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4E140A5A-4A90-404A-B955-10C2D98CD3EE}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb959141)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {CC6191C2-B0CE-473C-AD77-61EA3497D796}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare Family Safety-->MsiExec.exe /X{3403CB31-D7C1-43F4-9D2F-579758C0CF09}
Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

=====HijackThis Backups=====

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

======Security center information======

AV: AVG Anti-Virus Free (outdated)
AS: AVG Anti-Virus Free (disabled) (outdated)
AS: Windows Defender

System event log

Computer Name: Sarahs-Computer
Event Code: 10029
Message: DCOM started the service TrustedInstaller with arguments "" in order to run the server:
{752073A1-23F2-4396-85F0-8FDB879ED0ED}
Record Number: 46365
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090211113315.000000-000
Event Type: Information
User:

Computer Name: Sarahs-Computer
Event Code: 7036
Message: The Windows Modules Installer service entered the running state.
Record Number: 46366
Source Name: Service Control Manager
Time Written: 20090211113317.000000-000
Event Type: Information
User:

Computer Name: Sarahs-Computer
Event Code: 7036
Message: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.
Record Number: 46367
Source Name: Service Control Manager
Time Written: 20090211113923.000000-000
Event Type: Information
User:

Computer Name: Sarahs-Computer
Event Code: 7036
Message: The Windows Modules Installer service entered the stopped state.
Record Number: 46368
Source Name: Service Control Manager
Time Written: 20090211114317.000000-000
Event Type: Information
User:

Computer Name: Sarahs-Computer
Event Code: 1103
Message: Your computer was successfully assigned an address from the network, and it can now connect to other computers.
Record Number: 46369
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090211114816.000000-000
Event Type: Information
User:

Application event log

Computer Name: Sarahs-Computer
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.
Record Number: 13691
Source Name: usnjsvc
Time Written: 20090211112531.000000-000
Event Type: Information
User:

Computer Name: Sarahs-Computer
Event Code: 102
Message: msnmsgr (3364) \\.\C:\Users\sarah\AppData\Local\Microsoft\Messenger\reecieboy420@hotmail.com\SharingMetadata\Working\database_3F6B_60C2_1F09_68EB\dfsr.db: The database engine (6.00.6000.0000) started a new instance (0).
Record Number: 13692
Source Name: ESENT
Time Written: 20090211112532.000000-000
Event Type: Information
User:

Computer Name: Sarahs-Computer
Event Code: 300
Message: msnmsgr (3364) \\.\C:\Users\sarah\AppData\Local\Microsoft\Messenger\reecieboy420@hotmail.com\SharingMetadata\Working\database_3F6B_60C2_1F09_68EB\dfsr.db: The database engine is initiating recovery steps.
Record Number: 13693
Source Name: ESENT
Time Written: 20090211112532.000000-000
Event Type: Information
User:

Computer Name: Sarahs-Computer
Event Code: 301
Message: msnmsgr (3364) \\.\C:\Users\sarah\AppData\Local\Microsoft\Messenger\reecieboy420@hotmail.com\SharingMetadata\Working\database_3F6B_60C2_1F09_68EB\dfsr.db: The database engine has begun replaying logfile \\.\C:\Users\sarah\AppData\Local\Microsoft\Messenger\reecieboy420@hotmail.com\SharingMetadata\Working\database_3F6B_60C2_1F09_68EB\fsr.log.
Record Number: 13694
Source Name: ESENT
Time Written: 20090211112532.000000-000
Event Type: Information
User:

Computer Name: Sarahs-Computer
Event Code: 302
Message: msnmsgr (3364) \\.\C:\Users\sarah\AppData\Local\Microsoft\Messenger\reecieboy420@hotmail.com\SharingMetadata\Working\database_3F6B_60C2_1F09_68EB\dfsr.db: The database engine has successfully completed recovery steps.
Record Number: 13695
Source Name: ESENT
Time Written: 20090211112533.000000-000
Event Type: Information
User:

Security event log

Computer Name: Sarahs-Computer
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: SARAHS-COMPUTER$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x238
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 14989
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090211111849.313326-000
Event Type: Audit Success
User:

Computer Name: Sarahs-Computer
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 14990
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090211111849.313326-000
Event Type: Audit Success
User:

Computer Name: Sarahs-Computer
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: SARAHS-COMPUTER$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x238
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 14991
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090211113314.041726-000
Event Type: Audit Success
User:

Computer Name: Sarahs-Computer
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: SARAHS-COMPUTER$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x238
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 14992
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090211113314.041726-000
Event Type: Audit Success
User:

Computer Name: Sarahs-Computer
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 14993
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090211113314.041726-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\CyberLink\Power2Go\;C:\Program Files\Autodesk\Backburner\;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 22 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=1601
"NUMBER_OF_PROCESSORS"=1
"PLATFORM"=MCD
"PCBRAND"=Presario
"OnlineServices"=Online Services
"USERPART"=E:
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

Thanks once again look forward to hearing from you

Edited by Reecie, 11 February 2009 - 09:02 AM.


#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 11 February 2009 - 09:07 AM

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.


Why's "No action taken"?


Do below please...


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 Reecie

Reecie
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 11 February 2009 - 09:47 AM

Action was taken, just copied the log before I deleted the infections, sorry about that

Here is the log you asked for

ComboFix 09-02-10.03 - sarah 2009-02-12 0:29:12.1 - NTFSx86
Running from: c:\users\sarah\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\program files\freshplay
c:\program files\freshplay\Uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\freshplay
c:\programdata\Microsoft\Windows\Start Menu\Programs\freshplay\Uninstall.lnk
c:\recycler\S-4-7-24-100019957-100007421-100023462-8772.com
c:\users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\freshplay
c:\users\sarah\real.txt
c:\windows\system32\drivers\gaopdxdmcvnuvj.sys
c:\windows\system32\gaopdxtltbwmde.dll
c:\windows\system32\KBL.LOG
c:\windows\system32\x64
D:\Autorun.inf
d:\recycler\S-4-7-24-100019957-100007421-100023462-8772.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-01-11 to 2009-02-11 )))))))))))))))))))))))))))))))
.

2009-02-11 20:48 . 2009-02-11 21:05 250 --a------ c:\windows\gmer.ini
2009-02-11 20:32 . 2009-02-11 21:52 <DIR> d-------- C:\rsit
2009-02-11 19:00 . 2009-02-11 19:00 <DIR> d-------- c:\users\sarah\AppData\Roaming\Malwarebytes
2009-02-11 19:00 . 2009-02-11 19:00 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-11 19:00 . 2009-02-11 19:00 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-11 19:00 . 2009-02-11 19:00 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-11 19:00 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-11 19:00 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-11 17:02 . 2009-02-11 17:02 <DIR> d-------- c:\program files\Trend Micro
2009-02-11 02:33 . 2009-02-11 02:33 <DIR> d-------- c:\windows\BDOSCAN8
2009-02-10 20:53 . 2009-02-10 21:20 <DIR> d-------- c:\users\sarah\AppData\Roaming\vlc
2009-02-10 20:51 . 2009-02-10 20:51 <DIR> d-------- c:\program files\VideoLAN
2009-02-06 01:46 . 2009-02-06 01:46 <DIR> d-------- c:\users\sarah\AppData\Roaming\Yahoo!
2009-02-06 01:46 . 2009-02-08 14:16 <DIR> d-------- c:\program files\Yahoo!
2009-02-06 01:45 . 2009-02-06 01:46 <DIR> d-------- c:\program files\CCleaner
2009-01-27 19:00 . 2009-01-27 19:00 <DIR> d-------- c:\users\All Users\FLEXnet
2009-01-27 19:00 . 2009-01-27 19:00 <DIR> d-------- c:\programdata\FLEXnet
2009-01-27 18:47 . 2009-01-27 18:47 <DIR> d-------- c:\program files\Bonjour
2009-01-27 18:30 . 2009-01-27 18:30 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-01-21 01:38 . 2009-01-21 01:38 <DIR> d-------- c:\users\sarah\AppData\Roaming\MAXON
2009-01-20 14:41 . 2009-01-20 14:41 <DIR> d-------- c:\users\All Users\Apple Computer
2009-01-20 14:41 . 2009-01-20 14:41 <DIR> d-------- c:\programdata\Apple Computer
2009-01-20 14:41 . 2009-01-20 14:41 <DIR> d-------- c:\program files\Common Files\Apple
2009-01-20 14:39 . 2009-01-20 14:39 <DIR> d-------- c:\users\All Users\Apple
2009-01-20 14:39 . 2009-01-20 14:39 <DIR> d-------- c:\programdata\Apple
2009-01-20 14:39 . 2009-01-20 14:39 <DIR> d-------- c:\program files\Apple Software Update
2009-01-20 14:34 . 2009-01-20 14:43 <DIR> d-------- c:\program files\QuickTime
2009-01-14 21:05 . 2009-01-14 21:05 <DIR> d-------- c:\users\sarah\AppData\Roaming\OpenOffice.org
2009-01-14 21:01 . 2009-01-14 21:01 <DIR> d-------- c:\program files\OpenOffice.org 3
2009-01-14 21:01 . 2009-01-14 21:01 <DIR> d-------- c:\program files\JRE
2009-01-14 09:49 . 2008-12-16 13:14 290,304 --a------ c:\windows\System32\drivers\srv.sys
2009-01-14 00:48 . 2009-01-14 01:14 <DIR> d-------- c:\users\sarah\AppData\Roaming\DivX
2009-01-14 00:48 . 2009-01-14 00:48 <DIR> d-------- c:\program files\Common Files\PX Storage Engine
2009-01-14 00:47 . 2009-01-14 00:48 <DIR> d-------- c:\program files\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 16:00 --------- d-----w c:\programdata\avg8
2009-02-03 14:39 --------- d-----w c:\programdata\Microsoft Help
2009-01-27 08:47 --------- d-----w c:\program files\Common Files\Adobe
2009-01-27 05:23 --------- d-----w c:\programdata\Autodesk
2009-01-14 17:14 --------- d-----w c:\program files\Windows Mail
2009-01-14 11:00 --------- d-----w c:\program files\Java
2008-12-21 11:38 --------- d-----w c:\users\sarah\AppData\Roaming\CyberLink
2008-12-19 14:31 --------- d-----w c:\program files\MAXON
2008-12-19 14:10 162 ----a-w c:\program files\setuplog.txt
2008-12-18 05:21 --------- d-----w c:\users\sarah\AppData\Roaming\Autodesk
2008-12-18 01:47 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-18 01:47 --------- d-----w c:\program files\Apoint2K
2008-12-18 01:12 --------- d-----w c:\program files\Microsoft Silverlight
2008-12-18 01:08 --------- d-----w c:\programdata\AOL
2008-12-18 01:06 --------- d-----w c:\program files\Windows Live Toolbar
2008-12-18 01:05 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-18 00:56 69,128 ----a-w c:\windows\system32\drivers\avgwfpx.sys
2008-12-18 00:56 10,520 ----a-w c:\windows\System32\avgrsstx.dll
2008-12-18 00:55 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-12-18 00:55 --------- d-----w c:\program files\AVG
2008-12-18 00:52 --------- d-----w c:\programdata\Symantec
2008-12-17 13:56 --------- d-----w c:\users\sarah\AppData\Roaming\LimeWire
2008-12-17 12:27 --------- d-----w c:\program files\MagicISO
2008-12-17 08:54 --------- d-----w c:\program files\BitLord
2008-12-11 05:59 174 --sha-w c:\program files\desktop.ini
2008-12-11 00:33 86,016 ----a-w c:\windows\System32\dpl100.dll
2008-12-11 00:33 200,704 ----a-w c:\windows\System32\dtu100.dll
2008-12-09 02:28 593,920 ----a-w c:\windows\System32\dpuGUI11.dll
2008-12-09 02:28 57,344 ----a-w c:\windows\System32\dpv11.dll
2008-12-09 02:28 344,064 ----a-w c:\windows\System32\dpus11.dll
2008-12-09 02:28 294,912 ----a-w c:\windows\System32\dpu11.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-10-25 212992]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-04 178712]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-28 202032]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-14 222504]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-23 80896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-04 480560]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-18 1261336]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"MSConfig"="c:\windows\system32\msconfig.exe" [2006-11-02 222208]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^sarah^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
--a------ 2007-12-17 11:12 243240 c:\program files\Windows Live\Family Safety\fssui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-20 14:35 413696 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4200515876-3242442326-2968245761-1003]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A5EAC1B6-A448-434C-A2A9-95BAA0E2641A}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{699BBAB6-F545-414D-BE21-1EC36E99D783}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{D005DF3B-EDC7-49F8-B72A-BF4331A3ADC7}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{89E79E9C-CA00-4E28-AB53-2D8EB3A90297}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{B903178E-0E3A-4B68-B785-16A55140D2A3}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"TCP Query User{B9726F9C-004C-4C7D-96E2-424521AFE054}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{CC6B3630-351B-43D3-B2F5-6424919506EF}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{E38EF5BD-7B90-4346-B2B4-6B5D3E57A8B1}"= UDP:c:\users\sarah\Desktop\LimeWire\LimeWire.exe:LimeWire
"{C441F17C-ED37-4D04-9DE7-345777CD348C}"= TCP:c:\users\sarah\Desktop\LimeWire\LimeWire.exe:LimeWire
"{9F518833-04C5-43C3-9B9A-21F10A3FE917}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{49678CBF-3603-4737-A341-258171BD994B}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{A3058355-6B3F-443D-B9BE-C78FA6E198ED}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"{9A33E043-E8F5-4A80-B3DF-310B8907F109}"= UDP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{1ABD6EB7-5105-4C3B-8FA5-84C78551BBCD}"= TCP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor
"{15BB3E02-DF99-4F4A-BFEF-03AF3FF7AE99}"= UDP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{91E91399-C8D9-4297-AFD2-9768A8C4D177}"= TCP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager
"{4C629A8B-81C7-49D8-AB13-3AA6D9937326}"= UDP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{94ED1906-2E6E-41BC-9542-ECF669E72C93}"= TCP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server
"{5B13E3B7-EC17-4A2E-AC27-9173B8C87C62}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{92222154-D3BC-4046-A1DA-3D3FFF5E7399}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-12-18 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-18 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-18 231704]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
R2 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2008-03-29 43816]
R2 fsssvc;Windows Live OneCare Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2007-12-17 523816]
R3 AvgWfpX;AVG Free8 Firewall Driver x86;c:\windows\System32\drivers\avgwfpx.sys [2008-12-18 69128]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Presario&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-12 00:36:04
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(560)
c:\windows\system32\avgrsstx.dll

- - - - - - - > 'lsass.exe'(616)
c:\windows\system32\avgrsstx.dll
.
Completion time: 2009-02-12 0:42:30
ComboFix-quarantined-files.txt 2009-02-11 14:42:27

Pre-Run: 22,988,075,008 bytes free
Post-Run: 23,160,274,944 bytes free

214 --- E O F --- 2009-02-03 06:54:46

Edited by Reecie, 11 February 2009 - 09:51 AM.


#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 11 February 2009 - 10:33 AM

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Run HijackThis again and post these logs here..

1. ESET Online Scanner
2. HijackThis
3. How is the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 Reecie

Reecie
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 11 February 2009 - 10:34 AM

Says Cannot scan, Administrator rights required, I am logged on as administrator this account is the only user account on this computer

Edited by Reecie, 11 February 2009 - 10:51 AM.


#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 11 February 2009 - 12:08 PM

Erm.. Lets do this instead..


Please do this step before you sleep or when you don't use the computer as it will take quite a while..

Please run the Kaspersky Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

  • Click on SCAN NOW
  • Click Accept.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
  • The scan will take a while, so be patient and let it finish.

When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As
  • Next, in the Save as prompt, Save in area, select: Desktop.
  • In the File name area use KScan, or something similar.
  • In Save as type: click the drop arrow and select: Text file [*.txt]
  • Then, click: Save
Posted Image

Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 Reecie

Reecie
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 12 February 2009 - 03:16 AM

I managed to use ESET when I ran as administrator

Heres HijackThisLog and below it is ESET log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:14:43 PM, on 12/02/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/...NPUplden-au.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8749 bytes


# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3846 (20090211)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=e2abff0e52b802448133131cafe4c1f2
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-02-11 10:14:26
# local_time=2009-02-12 08:14:26 (+1000, E. Australia Standard Time)
# country="Australia"
# osver=6.0.6000 NT
# scanned=640828
# found=0
# scan_time=15638

Computer is running much better, no more advertisements or redirections, any thing else you can see out of place.

Cant thank you enough for your assistance in this matter.

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:11 PM

Posted 12 February 2009 - 03:17 AM

Looks good to me.. Lets do some cleanup...


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbup2:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#15 Reecie

Reecie
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:03:11 AM

Posted 12 February 2009 - 03:32 AM

I ran it, asked me to reboot but im not sure if it did anything, is its purpose to remove the utilities used to delete the malware?. because they are still on the desktop :|




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users