Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Rundll32.exe files and former malware problems


  • This topic is locked This topic is locked
17 replies to this topic

#1 Naylor

Naylor

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 12 February 2009 - 12:55 PM

DDS (Ver_09-02-01.01) - NTFSx86
Run by Steve at 17:49:51.21 on 12/02/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_02
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1065 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: ActiveArmor Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe
C:\Program Files\QuickTime Alternative\QTTask.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\Steve\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {4A368E80-174F-4872-96B5-0B27DDD11DB2} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {801ECC10-AEC2-3CEC-ADCB-D73EF73D3DF4} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [TuneUp MemOptimizer] "c:\program files\tuneup utilities 2007\MemOptimizer.exe" autostart
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [nwiz] nwiz.exe /install
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [TWCU] "c:\program files\tp-link\tl-wn310g_350g_350gdv5.0_tl-wn360gv1.0\TWCU.exe" -nogui
mRun: [QuickTime Task] "c:\program files\quicktime alternative\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg111t configuration utility\wlan111t.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\steve\applic~1\mozilla\firefox\profiles\txmfm0c6.default\
FF - prefs.js: browser.search.selectedEngine - Thottbot WoW
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\steve\application data\mozilla\firefox\profiles\txmfm0c6.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07074039.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin2.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin3.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin4.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin5.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin6.dll
FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin7.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600

============= SERVICES / DRIVERS ===============

R0 ABIT-IO;ABIT-IO;c:\windows\system32\drivers\ABIT-IO.sys [2006-12-21 4608]
R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-1-18 42376]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-16 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-7-16 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-16 107272]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-1-18 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-1-18 81288]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-16 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-16 298264]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-1-18 356920]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-1-18 1073544]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\fwservice.exe --> c:\program files\pc tools firewall plus\FWService.exe [?]
S3 ATHFMWDL;NETGEAR WG111T Bootloader driver;c:\windows\system32\drivers\athfmwdl.sys [2008-3-25 43392]
S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2008-10-28 17152]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2008-1-16 17149]
S3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2009-2-6 55840]
S3 XDva190;XDva190;\??\c:\windows\system32\xdva190.sys --> c:\windows\system32\XDva190.sys [?]

============== File Associations ===============

txtfile=c:\windows\NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-02-12 17:39 <DIR> --d----- c:\program files\Trend Micro
2009-02-10 07:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-08 17:29 <DIR> --d----- c:\documents and settings\steve\Tracing
2009-02-08 17:19 <DIR> --d----- c:\program files\Microsoft
2009-02-08 17:18 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-02-08 16:48 <DIR> --d----- c:\program files\common files\Windows Live
2009-02-07 16:11 <DIR> --d----- c:\program files\TVAnts
2009-02-06 22:53 <DIR> --d----- c:\program files\TP-LINK
2009-02-06 22:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TP-LINK
2009-02-03 20:11 <DIR> --d----- c:\program files\uTorrent
2009-01-25 15:02 839,680 a------- c:\windows\system32\lameACM.acm
2009-01-25 15:02 217,088 a------- c:\windows\system32\yv12vfw.dll
2009-01-25 15:02 118,784 a------- c:\windows\system32\ac3acm.acm
2009-01-25 15:02 414 a------- c:\windows\system32\lame_acm.xml
2009-01-25 15:02 3,596,288 a------- c:\windows\system32\qt-dx331.dll
2009-01-25 15:02 130,048 a------- c:\windows\system32\xvidvfw.dll
2009-01-25 15:02 57,344 a------- c:\windows\system32\ff_vfw.dll
2009-01-25 15:02 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2009-01-25 15:02 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-01-25 14:09 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE
2009-01-25 11:58 <DIR> --d----- c:\program files\Bethesda Softworks
2009-01-25 11:14 <DIR> --d----- c:\windows\system32\xlive
2009-01-18 18:07 <DIR> --d----- c:\docume~1\steve\applic~1\Malwarebytes
2009-01-18 18:07 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-18 18:07 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-18 18:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-18 18:07 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-18 17:12 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2009-01-18 17:12 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2009-01-18 17:12 42,376 a------- c:\windows\system32\drivers\ikfilesec.sys
2009-01-18 17:12 29,576 a------- c:\windows\system32\drivers\kcom.sys
2009-01-18 17:12 <DIR> --d----- c:\docume~1\steve\applic~1\PC Tools
2009-01-18 17:12 <DIR> --d----- c:\program files\Spyware Doctor
2009-01-18 17:12 <DIR> --d----- c:\program files\common files\Download Manager

==================== Find3M ====================

2009-01-31 12:07 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-31 12:07 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-31 12:07 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2008-12-24 19:22 31,800 a------- c:\windows\system32\xa55374140.exe
2008-12-24 19:22 31,800 a------- c:\windows\system32\xa55373953.exe
2008-12-24 19:16 31,800 a------- c:\windows\system32\xa55030921.exe
2008-12-24 19:16 31,800 a------- c:\windows\system32\xa55030750.exe
2008-12-24 19:11 28,140,808 a------- c:\windows\system32\xa54739437.exe
2008-12-24 19:11 28,140,808 a------- c:\windows\system32\xa54738437.exe
2008-12-24 19:11 31,800 a------- c:\windows\system32\xa54701375.exe
2008-12-24 19:11 31,800 a------- c:\windows\system32\xa54701203.exe
2008-12-24 19:09 31,800 a------- c:\windows\system32\xa54621656.exe
2008-12-24 19:09 31,800 a------- c:\windows\system32\xa54621468.exe
2008-12-24 19:08 28,140,808 a------- c:\windows\system32\xa54514296.exe
2008-12-24 19:08 28,140,808 a------- c:\windows\system32\xa54513468.exe
2008-12-24 19:06 31,800 a------- c:\windows\system32\xa54398984.exe
2008-12-24 19:06 31,800 a------- c:\windows\system32\xa54398796.exe
2008-12-24 19:03 28,140,808 a------- c:\windows\system32\xa54218046.exe
2008-12-24 19:03 28,140,808 a------- c:\windows\system32\xa54215687.exe
2008-12-24 19:02 28,140,808 a------- c:\windows\system32\xa54168218.exe
2008-12-24 19:02 28,140,808 a------- c:\windows\system32\xa54166421.exe
2008-12-24 18:49 28,140,808 a------- c:\windows\system32\xa53398937.exe
2008-12-24 18:49 28,140,808 a------- c:\windows\system32\xa53395703.exe
2008-12-24 18:33 31,800 a------- c:\windows\system32\xa52454625.exe
2008-12-24 18:33 31,800 a------- c:\windows\system32\xa52454421.exe
2008-12-20 23:15 826,368 a------- c:\windows\system32\wininet.dll
2008-12-11 00:33 86,016 a------- c:\windows\system32\dpl100.dll
2008-12-07 18:08 795,648 a------- c:\windows\system32\xvidcore.dll
2008-12-02 22:37 49,480 a------- c:\windows\system32\sirenacm.dll
2008-11-21 21:46 1,044,480 a------- c:\windows\system32\libdivx.dll
2008-11-21 21:46 200,704 a------- c:\windows\system32\ssldivx.dll
2008-11-21 21:45 196,608 a------- c:\windows\system32\dtu100.dll
2008-11-21 21:45 593,920 a------- c:\windows\system32\dpuGUI11.dll
2008-11-21 21:45 344,064 a------- c:\windows\system32\dpus11.dll
2008-11-21 21:45 294,912 a------- c:\windows\system32\dpu11.dll
2008-11-21 21:45 294,912 a------- c:\windows\system32\dpu10.dll
2008-11-21 21:45 57,344 a------- c:\windows\system32\dpv11.dll
2008-11-21 21:45 53,248 a------- c:\windows\system32\dpuGUI10.dll
2008-11-21 21:45 815,104 a------- c:\windows\system32\divx_xx0a.dll
2008-11-21 21:44 161,096 a------- c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 21:44 12,288 a------- c:\windows\system32\DivXWMPExtType.dll
2008-09-01 02:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090120080902\index.dat

============= FINISH: 17:51:02.85 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 13 February 2009 - 07:46 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 Naylor

Naylor
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 14 February 2009 - 03:27 AM

Malwarebytes' Anti-Malware 1.34
Database version: 1760
Windows 5.1.2600 Service Pack 3

14/02/2009 08:19:34
mbam-log-2009-02-14 (08-19-34).txt

Scan type: Full Scan (C:\|)
Objects scanned: 243102
Time elapsed: 1 hour(s), 37 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 Naylor

Naylor
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 14 February 2009 - 03:30 AM

Logfile of random's system information tool 1.05 (written by random/random)
Run by Steve at 2009-02-14 08:21:31
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 6 GB (4%) free of 153 GB
Total RAM: 2047 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:21:44, on 14/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe
C:\Program Files\QuickTime Alternative\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Documents and Settings\Steve\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Steve.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F3 - REG:win.ini: load=
F3 - REG:win.ini: run=
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {801ECC10-AEC2-3CEC-ADCB-D73EF73D3DF4} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe" -nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: TP-LINK Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files\PC Tools Firewall Plus\FWService.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 9354 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-01-31 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{801ECC10-AEC2-3CEC-ADCB-D73EF73D3DF4}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-31 1968920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-31 1968920]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-10-14 863688]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2008-09-28 463872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"nwiz"=nwiz.exe /install []
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2007-07-23 77824]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-31 1601304]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-07-16 1166216]
"TWCU"=C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe [2007-04-10 479412]
"QuickTime Task"=C:\Program Files\QuickTime Alternative\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-02-11 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2008-12-02 3882312]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"TuneUp MemOptimizer"=C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe [2007-04-27 312328]
"VeohPlugin"=C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2008-09-28 3497208]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
NETGEAR WG111T Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-01-31 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe:*:Enabled:AVG Anti-Spyware"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:Spybot - Search & Destroy"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"C:\Program Files\Sports Interactive\Football Manager 2009 Demo\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2009 Demo\fm.exe:*:Disabled:Football Manager 2009 Demo"
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Disabled:Football Manager 2008"
"C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Enabled:Football Manager 2009"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======File associations======

.txt - open - C:\WINDOWS\NOTEPAD.EXE %1

======List of files/folders created in the last 3 months======

2009-02-14 08:21:31 ----D---- C:\rsit
2009-02-12 17:57:03 ----D---- C:\Program Files\iPod
2009-02-12 17:57:02 ----D---- C:\Program Files\iTunes
2009-02-12 17:39:46 ----D---- C:\Program Files\Trend Micro
2009-02-11 07:45:54 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-10 07:10:50 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-08 17:19:11 ----D---- C:\Program Files\Microsoft
2009-02-08 17:18:39 ----D---- C:\Program Files\Windows Live SkyDrive
2009-02-08 16:48:15 ----D---- C:\Program Files\Common Files\Windows Live
2009-02-07 16:11:58 ----D---- C:\Program Files\TVAnts
2009-02-06 22:53:26 ----A---- C:\WINDOWS\system32\acs.exe
2009-02-06 22:53:19 ----RA---- C:\WINDOWS\system32\dsaNac.dll
2009-02-06 22:53:19 ----A---- C:\WINDOWS\system32\wsimd.dll
2009-02-06 22:53:19 ----A---- C:\WINDOWS\system32\wsfwDS.dll
2009-02-06 22:53:19 ----A---- C:\WINDOWS\system32\wgapi.dll
2009-02-06 22:53:19 ----A---- C:\WINDOWS\system32\wcapiU.dll
2009-02-06 22:53:19 ----A---- C:\WINDOWS\system32\wcapi.dll
2009-02-06 22:53:19 ----A---- C:\WINDOWS\system32\dsa.dll
2009-02-06 22:53:19 ----A---- C:\WINDOWS\system32\athcfg20U.dll
2009-02-06 22:53:19 ----A---- C:\WINDOWS\system32\athcfg20resU.dll
2009-02-06 22:53:18 ----A---- C:\WINDOWS\system32\athcfg20res.dll
2009-02-06 22:53:18 ----A---- C:\WINDOWS\system32\athcfg20.dll
2009-02-06 22:53:16 ----D---- C:\Program Files\TP-LINK
2009-02-06 22:51:23 ----D---- C:\Documents and Settings\All Users\Application Data\TP-LINK
2009-02-03 20:11:18 ----D---- C:\Program Files\uTorrent
2009-02-03 19:50:24 ----SHD---- C:\Config.Msi
2009-01-25 15:08:51 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-01-25 15:08:51 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-01-25 15:08:51 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-01-25 15:08:51 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-01-25 15:08:36 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2009-01-25 15:02:09 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2009-01-25 15:02:08 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2009-01-25 15:02:08 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2009-01-25 15:02:07 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2009-01-25 15:02:07 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2009-01-25 15:02:06 ----D---- C:\Program Files\K-Lite Codec Pack
2009-01-25 14:09:10 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2009-01-25 11:58:55 ----D---- C:\Documents and Settings\All Users\Application Data\Fallout3
2009-01-25 11:58:49 ----D---- C:\Program Files\Bethesda Softworks
2009-01-25 11:14:40 ----D---- C:\WINDOWS\system32\xlive
2009-01-18 18:07:56 ----D---- C:\Documents and Settings\Steve\Application Data\Malwarebytes
2009-01-18 18:07:39 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-18 18:07:38 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-18 17:12:22 ----D---- C:\Documents and Settings\Steve\Application Data\PC Tools
2009-01-18 17:12:21 ----D---- C:\Program Files\Spyware Doctor
2009-01-18 17:12:13 ----D---- C:\Program Files\Common Files\Download Manager
2009-01-17 03:45:10 ----D---- C:\Documents and Settings\Steve\Application Data\vlc
2009-01-15 03:02:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-11 21:29:40 ----D---- C:\Documents and Settings\All Users\Application Data\Graboid Inc
2009-01-11 21:29:20 ----D---- C:\Documents and Settings\Steve\Application Data\MozillaControl
2009-01-11 21:28:13 ----D---- C:\Program Files\Graboid
2009-01-06 22:00:14 ----D---- C:\Program Files\MP3Gain
2009-01-05 07:51:30 ----A---- C:\WINDOWS\IE4 Error Log.txt
2008-12-28 11:35:47 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-24 19:22:59 ----A---- C:\WINDOWS\system32\Request.txt
2008-12-24 19:22:32 ----A---- C:\WINDOWS\system32\xa55374140.exe
2008-12-24 19:22:32 ----A---- C:\WINDOWS\system32\xa55373953.exe
2008-12-24 19:16:49 ----A---- C:\WINDOWS\system32\xa55030921.exe
2008-12-24 19:16:49 ----A---- C:\WINDOWS\system32\xa55030750.exe
2008-12-24 19:11:58 ----A---- C:\WINDOWS\system32\xa54739437.exe
2008-12-24 19:11:56 ----A---- C:\WINDOWS\system32\xa54738437.exe
2008-12-24 19:11:19 ----A---- C:\WINDOWS\system32\xa54701375.exe
2008-12-24 19:11:19 ----A---- C:\WINDOWS\system32\xa54701203.exe
2008-12-24 19:09:59 ----A---- C:\WINDOWS\system32\xa54621656.exe
2008-12-24 19:09:59 ----A---- C:\WINDOWS\system32\xa54621468.exe
2008-12-24 19:08:12 ----A---- C:\WINDOWS\system32\xa54514296.exe
2008-12-24 19:08:11 ----A---- C:\WINDOWS\system32\xa54513468.exe
2008-12-24 19:06:17 ----A---- C:\WINDOWS\system32\xa54398984.exe
2008-12-24 19:06:17 ----A---- C:\WINDOWS\system32\xa54398796.exe
2008-12-24 19:03:16 ----A---- C:\WINDOWS\system32\xa54218046.exe
2008-12-24 19:03:14 ----A---- C:\WINDOWS\system32\xa54215687.exe
2008-12-24 19:02:26 ----A---- C:\WINDOWS\system32\xa54168218.exe
2008-12-24 19:02:24 ----A---- C:\WINDOWS\system32\xa54166421.exe
2008-12-24 18:49:37 ----A---- C:\WINDOWS\system32\xa53398937.exe
2008-12-24 18:49:34 ----A---- C:\WINDOWS\system32\xa53395703.exe
2008-12-24 18:33:52 ----A---- C:\WINDOWS\system32\xa52454625.exe
2008-12-24 18:33:52 ----A---- C:\WINDOWS\system32\xa52454421.exe
2008-12-10 20:50:22 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 20:49:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 20:49:08 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 20:48:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-07 19:44:12 ----D---- C:\Program Files\Common Files\DirectX
2008-12-05 07:52:40 ----D---- C:\nDoors
2008-12-03 23:48:49 ----D---- C:\Documents and Settings\Steve\Application Data\BraCa_Soft
2008-12-03 21:38:46 ----D---- C:\9dc8cd10ba97d02697bc7b144fce
2008-12-03 21:38:32 ----D---- C:\WINDOWS\SxsCaPendDel
2008-12-03 20:48:46 ----D---- C:\Program Files\BraCa Soft
2008-12-02 22:37:20 ----A---- C:\WINDOWS\system32\sirenacm.dll
2008-11-28 01:56:16 ----A---- C:\WINDOWS\iPlayer.INI
2008-11-21 21:46:10 ----A---- C:\WINDOWS\system32\ssldivx.dll
2008-11-21 21:46:10 ----A---- C:\WINDOWS\system32\libdivx.dll
2008-11-21 21:45:16 ----A---- C:\WINDOWS\system32\dtu100.dll.manifest
2008-11-21 21:45:16 ----A---- C:\WINDOWS\system32\dtu100.dll
2008-11-21 21:45:16 ----A---- C:\WINDOWS\system32\dpl100.dll.manifest
2008-11-21 21:45:16 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-11-21 21:45:12 ----A---- C:\WINDOWS\system32\dpv11.dll
2008-11-21 21:45:12 ----A---- C:\WINDOWS\system32\dpus11.dll
2008-11-21 21:45:12 ----A---- C:\WINDOWS\system32\dpuGUI11.dll
2008-11-21 21:45:12 ----A---- C:\WINDOWS\system32\dpuGUI10.dll
2008-11-21 21:45:12 ----A---- C:\WINDOWS\system32\dpu11.dll
2008-11-21 21:45:12 ----A---- C:\WINDOWS\system32\dpu10.dll
2008-11-21 21:45:08 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2008-11-21 21:45:06 ----A---- C:\WINDOWS\system32\divx.dll
2008-11-21 21:44:38 ----A---- C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-11-21 21:44:16 ----A---- C:\WINDOWS\system32\DivXWMPExtType.dll

======List of files/folders modified in the last 3 months======

2009-02-14 08:21:21 ----D---- C:\WINDOWS\Prefetch
2009-02-14 08:13:32 ----D---- C:\Documents and Settings\Steve\Application Data\uTorrent
2009-02-14 07:37:22 ----D---- C:\WINDOWS\Temp
2009-02-13 19:50:54 ----D---- C:\Program Files\Mozilla Firefox
2009-02-13 19:48:29 ----D---- C:\WINDOWS\system32\drivers
2009-02-13 19:40:35 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-13 19:40:29 ----SD---- C:\WINDOWS\Tasks
2009-02-13 19:39:04 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-02-13 08:43:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-12 22:02:55 ----AD---- C:\Documents and Settings\All Users\Application Data\Sports Interactive
2009-02-12 17:57:23 ----SHD---- C:\WINDOWS\Installer
2009-02-12 17:57:03 ----RD---- C:\Program Files
2009-02-11 20:49:50 ----D---- C:\WINDOWS
2009-02-11 20:47:39 ----D---- C:\WINDOWS\system32
2009-02-11 07:45:57 ----HD---- C:\WINDOWS\inf
2009-02-11 07:45:54 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-11 07:45:51 ----A---- C:\WINDOWS\imsins.BAK
2009-02-11 07:45:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-11 07:45:21 ----D---- C:\Program Files\Internet Explorer
2009-02-10 07:10:53 ----D---- C:\Program Files\Common Files\Apple
2009-02-10 07:09:16 ----D---- C:\Program Files\QuickTime Alternative
2009-02-08 17:20:21 ----D---- C:\Program Files\Windows Live
2009-02-08 17:20:14 ----D---- C:\WINDOWS\WinSxS
2009-02-08 17:18:56 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-02-08 17:18:56 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-02-08 17:18:21 ----RSD---- C:\WINDOWS\Fonts
2009-02-08 16:48:15 ----D---- C:\Program Files\Common Files
2009-02-06 22:53:28 ----D---- C:\WINDOWS\system32\config
2009-02-06 22:53:00 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-06 19:54:04 ----A---- C:\WINDOWS\NeroDigital.ini
2009-02-06 18:13:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-05 20:25:55 ----D---- C:\Documents and Settings\Steve\Application Data\dvdcss
2009-02-03 23:21:12 ----A---- C:\WINDOWS\system32\MRT.exe
2009-02-03 07:35:09 ----HD---- C:\$AVG8.VAULT$
2009-01-31 12:07:17 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-01-31 12:07:03 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-01-25 15:03:37 ----D---- C:\Program Files\Common Files\Real
2009-01-25 15:03:32 ----D---- C:\Documents and Settings\Steve\Application Data\Real
2009-01-25 15:01:16 ----D---- C:\Program Files\Codec Pack - All In 1
2009-01-25 14:09:59 ----D---- C:\WINDOWS\system32\DirectX
2009-01-25 11:57:42 ----RSD---- C:\WINDOWS\assembly
2009-01-25 11:44:29 ----D---- C:\Program Files\Sports Interactive
2009-01-25 11:40:12 ----D---- C:\VideoOutput
2009-01-25 11:38:54 ----D---- C:\Temp
2009-01-23 00:14:22 ----D---- C:\Program Files\Yahoo!
2009-01-18 23:14:13 ----D---- C:\Documents and Settings\Steve\Application Data\Google
2009-01-16 22:33:27 ----D---- C:\Program Files\DVD Genie
2009-01-16 21:35:14 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-01-05 21:58:14 ----D---- C:\WINDOWS\Downloaded Installations
2009-01-05 21:58:14 ----D---- C:\Program Files\Veoh Networks
2009-01-05 01:19:12 ----D---- C:\Program Files\DivX
2008-12-29 20:25:58 ----D---- C:\Program Files\SopCast
2008-12-28 11:36:25 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-20 23:15:41 ----A---- C:\WINDOWS\system32\wininet.dll
2008-12-20 23:15:40 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-12-20 23:15:40 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-12-20 23:15:39 ----A---- C:\WINDOWS\system32\url.dll
2008-12-20 23:15:38 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-12-20 23:15:38 ----A---- C:\WINDOWS\system32\occache.dll
2008-12-20 23:15:32 ----A---- C:\WINDOWS\system32\mstime.dll
2008-12-20 23:15:31 ----A---- C:\WINDOWS\system32\msrating.dll
2008-12-20 23:15:30 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-12-20 23:15:24 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-12-20 23:15:23 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-12-20 23:15:23 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-12-20 23:15:22 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-12-20 23:15:21 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-12-20 23:15:21 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-12-20 23:15:16 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-12-20 23:15:15 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-12-20 23:15:14 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-12-20 23:15:14 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-12-20 23:15:13 ----A---- C:\WINDOWS\system32\icardie.dll
2008-12-20 23:15:13 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-12-20 23:15:13 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-12-20 23:15:12 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-12-20 23:15:11 ----A---- C:\WINDOWS\system32\advpack.dll
2008-12-20 19:10:31 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-19 09:10:15 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-12-19 09:10:15 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-12-19 05:23:56 ----A---- C:\WINDOWS\system32\ieakui.dll
2008-12-15 22:01:07 ----D---- C:\Program Files\Winamp
2008-12-07 18:08:06 ----A---- C:\WINDOWS\system32\xvidcore.dll
2008-12-04 10:57:49 ----D---- C:\Program Files\TuneUp Utilities 2007
2008-12-04 04:04:24 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-03 21:39:48 ----D---- C:\WINDOWS\system32\XPSViewer
2008-12-03 21:39:46 ----D---- C:\WINDOWS\system32\en-US
2008-11-23 20:05:17 ----D---- C:\WINDOWS\Minidump
2008-11-15 00:11:25 ----D---- C:\WINDOWS\network diagnostic

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-01-31 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-01-31 27656]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-01-31 107272]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-06-02 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-06-10 81288]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-04-09 31548]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-12-21 21275]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-04-17 4262912]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2006-06-08 344064]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 NVTCP;NVIDIA TCP/IP Protocol Driver; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [2006-03-22 109568]
S3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service; C:\WINDOWS\system32\DRIVERS\WG11TND5.sys [2005-01-07 286720]
S3 arhmv3f4;arhmv3f4; C:\WINDOWS\system32\drivers\arhmv3f4.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 ATHFMWDL;NETGEAR WG111T Bootloader driver; C:\WINDOWS\System32\Drivers\ATHFMWDL.sys [2004-10-14 43392]
S3 bfturboh;BUFFALO TurboUSB for HD Filter; C:\WINDOWS\system32\drivers\bfturboh.sys [2008-02-12 17152]
S3 BOCDRIVE;BOClean Kernel Monitor.; \??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys []
S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 cmudau;C-Media USB Sound Interface; C:\WINDOWS\system32\drivers\cmudau.sys [2004-04-26 825344]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\DNINDIS5.SYS []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-04-10 25280]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2006-11-15 55840]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva190;XDva190; \??\C:\WINDOWS\system32\XDva190.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-01-31 903960]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-01-31 298264]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-02-07 20543]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2006-07-12 335872]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-03-30 131131]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-08-07 1073544]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S2 ACS;TP-LINK Configuration Service; C:\WINDOWS\system32\acs.exe [2007-02-12 364629]
S2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-03-30 65599]
S2 PCToolsFirewallPlus;PC Tools Firewall Plus; C:\Program Files\PC Tools Firewall Plus\FWService.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-10-04 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe []
S4 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2006-03-30 143360]
S4 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE []
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-01-15 266240]

-----------------EOF-----------------

#5 Naylor

Naylor
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 14 February 2009 - 03:57 AM

info.txt logfile of random's system information tool 1.05 2009-02-14 08:21:47

======Uninstall list======

-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABITEQ V1.0.2.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B18397C-473A-487B-B7A1-7B2A1A4FE245}\Setup.exe" -l0x9
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Premiere Pro 2.0-->msiexec /I {FA17A726-B229-4116-B793-A2AB1A4EAE2E}
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Alarm 2.0.4-->"C:\Program Files\Alarm\unins000.exe"
AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0009 -removeonly
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
BT Yahoo! Applications-->C:\PROGRA~1\Yahoo!\Common\uninstall.exe
BTHomeHub-->C:\Program Files.\BTHomeHub.\Uninstall.exe BTHomeHub2.0
BUFFALO INC. DISK FORMATTER-->C:\WINDOWS\UN020914.EXE /U
BUFFALO TurboUSB for FLASH/HDD-->C:\WINDOWS\UN070618.EXE /U
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DriverGuide Toolkit-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71AA4525-52F2-4841-93B6-8DF58C0CC0DA}\setup.exe"
DriverGuide Toolkit-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D13D318A-43CB-4D0C-9EF6-E1B01FF25279}\setup.exe"
Dual-Core Optimizer-->MsiExec.exe /X{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}
Fallout 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -l0x9 -removeonly
FlashMenu-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{617A4A01-200A-4761-A4E5-3977AE89E8D2}\Setup.exe" -l0x9
FLV Player 2.0, build 24-->C:\Program Files\FLV Player\uninst.exe
FMRTE-->MsiExec.exe /I{BD10681F-2764-4600-885C-62F658BB3D3F}
Football Manager 2009-->"C:\Program Files\Sports Interactive\Football Manager 2009\Uninstall_Football Manager 2009\Uninstall Football Manager 2009.exe"
Free Audio Converter CS-->C:\WINDOWS\Free Audio Converter CS Uninstaller.exe
FXhome EffectsLab Pro (remove only)-->"C:\Program Files\FXhome EffectsLab Pro\FXhome EffectsLab Pro Uninstall.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 8-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Junk Mail filter update-->MsiExec.exe /I{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}
K-Lite Mega Codec Pack 4.5.3-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft Visual Studio .NET Professional 2003 - English-->"C:\Program Files\Microsoft Visual Studio .NET 2003\Setup\Visual Studio .NET Professional 2003 - English\setup.exe" /MaintMode
MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7-->MsiExec.exe /I{FC98FBE9-E931-494C-8717-497185371033}
NETGEAR WG111T Smart Wizard Wireless Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51123D42-6B9C-4B93-900C-29F9EC5963C9}\Setup.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA ForceWare Network Access Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
NVIDIA WDM Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}\SETUP.EXE"
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SopCast 2.0.4-->C:\Program Files\SopCast\uninst.exe
Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TP-LINK Wireless Client Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0036B17C-2B0C-4D49-B50B-712F4B38B510}\setup.exe" -l0x9 -removeonly
TRUST 640U SILVERLINE HEADSET USB-->C:\WINDOWS\CmiUSB2Uninstall.exe C:\Program Files\TRUST 640U SILVERLINE HEADSET USB#TRUST 640U SILVERLINE HEADSET USB
TuneUp Utilities 2007-->MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Veoh Web Player Beta-->"C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe"
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{D9D754A1-EAC5-406C-A28B-C49B1E846711}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wireless LAN USB2.0 Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E91E8912-769D-42F0-8408-0E329443BABC}\setup.exe" -l0x9 -removeonly

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus Free
FW: ActiveArmor Firewall

System event log

Computer Name: NAYLOR
Event Code: 7035
Message: The Messenger Sharing Folders USN Journal Reader service service was successfully sent a start control.

Record Number: 15492
Source Name: Service Control Manager
Time Written: 20090201160632.000000+000
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: NAYLOR
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{984DD136-A586-4845-82DD-CA5909C7236A} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 15491
Source Name: Tcpip
Time Written: 20090201160513.000000+000
Event Type: information
User:

Computer Name: NAYLOR
Event Code: 7036
Message: The Remote Access Connection Manager service entered the running state.

Record Number: 15490
Source Name: Service Control Manager
Time Written: 20090201160503.000000+000
Event Type: information
User:

Computer Name: NAYLOR
Event Code: 4202
Message: The system detected that network adapter \DEVICE\TCPIP_{984DD136-A586-4845-82DD-CA5909C7236A} was disconnected from the network,
and the adapter's network configuration has been released. If the network
adapter was not disconnected, this may indicate that it has malfunctioned.
Please contact your vendor for updated drivers.

Record Number: 15489
Source Name: Tcpip
Time Written: 20090201160503.000000+000
Event Type: information
User:

Computer Name: NAYLOR
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the stopped state.

Record Number: 15488
Source Name: Service Control Manager
Time Written: 20090201160458.000000+000
Event Type: information
User:

Application event log

Computer Name: NAYLOR
Event Code: 1000
Message: Faulting application djvlg2072387.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00d58a90.

Record Number: 32099
Source Name: Application Error
Time Written: 20090118170725.000000+000
Event Type: error
User:

Computer Name: NAYLOR
Event Code: 1000
Message: Faulting application djvlg2072387.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00d58a90.

Record Number: 32098
Source Name: Application Error
Time Written: 20090118170725.000000+000
Event Type: error
User:

Computer Name: NAYLOR
Event Code: 1000
Message: Faulting application djvlg2072387.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00d58a90.

Record Number: 32097
Source Name: Application Error
Time Written: 20090118170724.000000+000
Event Type: error
User:

Computer Name: NAYLOR
Event Code: 1000
Message: Faulting application djvlg2072387.exe, version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00d58a90.

Record Number: 32096
Source Name: Application Error
Time Written: 20090118170714.000000+000
Event Type: error
User:

Computer Name: NAYLOR
Event Code: 1000
Message: Faulting application download_sd6.0.0.362h-sdregnow-sdsetup.exe, version 1.0.0.1, faulting module unknown, version 0.0.0.0, fault address 0x00d08fa0.

Record Number: 32095
Source Name: Application Error
Time Written: 20090118170204.000000+000
Event Type: error
User:

Security event log

Computer Name: NAYLOR
Event Code: 849
Message: An application was listed as an exception when the Windows Firewall started.



Policy origin: Local Policy

Profile used: Standard

Name: Football Manager 2008

Path: C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe

State: Disabled

Scope: All subnets

Record Number: 9052
Source Name: Security
Time Written: 20090131161656.000000+000
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: NAYLOR
Event Code: 849
Message: An application was listed as an exception when the Windows Firewall started.



Policy origin: Local Policy

Profile used: Standard

Name: Mozilla Firefox

Path: C:\Program Files\Mozilla Firefox\firefox.exe

State: Enabled

Scope: All subnets

Record Number: 9051
Source Name: Security
Time Written: 20090131161656.000000+000
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: NAYLOR
Event Code: 849
Message: An application was listed as an exception when the Windows Firewall started.



Policy origin: Local Policy

Profile used: Standard

Name: iTunes

Path: C:\Program Files\iTunes\iTunes.exe

State: Enabled

Scope: All subnets

Record Number: 9050
Source Name: Security
Time Written: 20090131161656.000000+000
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: NAYLOR
Event Code: 849
Message: An application was listed as an exception when the Windows Firewall started.



Policy origin: Local Policy

Profile used: Standard

Name: AVG Anti-Spyware

Path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

State: Enabled

Scope: All subnets

Record Number: 9049
Source Name: Security
Time Written: 20090131161656.000000+000
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: NAYLOR
Event Code: 849
Message: An application was listed as an exception when the Windows Firewall started.



Policy origin: Local Policy

Profile used: Standard

Name: Bonjour

Path: C:\Program Files\Bonjour\mDNSResponder.exe

State: Enabled

Scope: All subnets

Record Number: 9048
Source Name: Security
Time Written: 20090131161656.000000+000
Event Type: audit success
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime Alternative\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"INCLUDE"=C:\Program Files\Microsoft Visual Studio .NET 2003\SDK\v1.1\include\
"LIB"=C:\Program Files\Microsoft Visual Studio .NET 2003\SDK\v1.1\Lib\
"VS71COMNTOOLS"=C:\Program Files\Microsoft Visual Studio .NET 2003\Common7\Tools\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------

Attached Files

  • Attached File  gmer.txt   267.55KB   1 downloads


#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 14 February 2009 - 06:59 AM

IMPORTANT!! Uninstall these programs first (if present..) so that they won't interfere with our fixes..

1. Ask Toolbar
2. Lavasoft Ad-Aware
3. Spybot - Search & Destroy
4. Viewpoint (all of them..)




Please download JavaRa to your desktop and unzip it to its own folder. <<MIRROR>>
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
Then, please download and install the latest Java from HERE




NEXT


Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :services
    
    :files
    C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    C:\WINDOWS\system32\xa5???????.exe
    
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{801ECC10-AEC2-3CEC-ADCB-D73EF73D3DF4}]
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT again... Post these logs in your next reply..

1. OTMoveIt3
2. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 Naylor

Naylor
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 14 February 2009 - 08:06 AM

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86 moved successfully.
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86 moved successfully.
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} moved successfully.
C:\WINDOWS\system32\xa52454421.exe moved successfully.
C:\WINDOWS\system32\xa52454625.exe moved successfully.
C:\WINDOWS\system32\xa53395703.exe moved successfully.
C:\WINDOWS\system32\xa53398937.exe moved successfully.
C:\WINDOWS\system32\xa54166421.exe moved successfully.
C:\WINDOWS\system32\xa54168218.exe moved successfully.
C:\WINDOWS\system32\xa54215687.exe moved successfully.
C:\WINDOWS\system32\xa54218046.exe moved successfully.
C:\WINDOWS\system32\xa54398796.exe moved successfully.
C:\WINDOWS\system32\xa54398984.exe moved successfully.
C:\WINDOWS\system32\xa54513468.exe moved successfully.
C:\WINDOWS\system32\xa54514296.exe moved successfully.
C:\WINDOWS\system32\xa54621468.exe moved successfully.
C:\WINDOWS\system32\xa54621656.exe moved successfully.
C:\WINDOWS\system32\xa54701203.exe moved successfully.
C:\WINDOWS\system32\xa54701375.exe moved successfully.
C:\WINDOWS\system32\xa54738437.exe moved successfully.
C:\WINDOWS\system32\xa54739437.exe moved successfully.
C:\WINDOWS\system32\xa55030750.exe moved successfully.
C:\WINDOWS\system32\xa55030921.exe moved successfully.
C:\WINDOWS\system32\xa55373953.exe moved successfully.
C:\WINDOWS\system32\xa55374140.exe moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{801ECC10-AEC2-3CEC-ADCB-D73EF73D3DF4}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Steve\LOCALS~1\Temp\etilqs_GKu7aGGSJXpvglQLa9Di scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Steve\LOCALS~1\Temp\Perflib_Perfdata_e48.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_d64.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\TMP00000055288FAF870696ADC6 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\TMP00000058B02BA97E3651FD22 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\TMP000000609C9BB5CF71CCE971 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\TMP00000062156CE7C8EF55DDDF scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\TMP000000669B46345CEED6A78A scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Steve\Local Settings\Application Data\Mozilla\Firefox\Profiles\txmfm0c6.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Steve\Local Settings\Application Data\Mozilla\Firefox\Profiles\txmfm0c6.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Steve\Local Settings\Application Data\Mozilla\Firefox\Profiles\txmfm0c6.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Steve\Local Settings\Application Data\Mozilla\Firefox\Profiles\txmfm0c6.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Steve\Local Settings\Application Data\Mozilla\Firefox\Profiles\txmfm0c6.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Steve\Local Settings\Application Data\Mozilla\Firefox\Profiles\txmfm0c6.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02142009_130428

#8 Naylor

Naylor
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 14 February 2009 - 08:28 AM

Logfile of random's system information tool 1.05 (written by random/random)
Run by Steve at 2009-02-14 13:27:21
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 8 GB (5%) free of 153 GB
Total RAM: 2047 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:27:33, on 14/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe
C:\Program Files\QuickTime Alternative\QTTask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Steve\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Steve.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F3 - REG:win.ini: load=
F3 - REG:win.ini: run=
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe" -nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: TP-LINK Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files\PC Tools Firewall Plus\FWService.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 8965 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-01-31 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-31 1968920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-14 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-14 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-01-31 1968920]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-10-14 863688]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2008-09-28 463872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"nwiz"=nwiz.exe /install []
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2007-07-23 77824]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-31 1601304]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-07-16 1166216]
"TWCU"=C:\Program Files\TP-LINK\TL-WN310G_350G_350GDv5.0_TL-WN360Gv1.0\TWCU.exe [2007-04-10 479412]
"QuickTime Task"=C:\Program Files\QuickTime Alternative\QTTask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-14 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2008-12-02 3882312]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"TuneUp MemOptimizer"=C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe [2007-04-27 312328]
"VeohPlugin"=C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2008-09-28 3497208]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
NETGEAR WG111T Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-01-31 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe:*:Enabled:AVG Anti-Spyware"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:Spybot - Search & Destroy"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"C:\Program Files\Sports Interactive\Football Manager 2009 Demo\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2009 Demo\fm.exe:*:Disabled:Football Manager 2009 Demo"
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Disabled:Football Manager 2008"
"C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Enabled:Football Manager 2009"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======File associations======

.txt - open - C:\WINDOWS\NOTEPAD.EXE %1

======List of files/folders created in the last 3 months======

2009-02-14 13:04:28 ----D---- C:\_OTMoveIt
2009-02-14 13:03:47 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-02-14 08:24:05 ----A---- C:\WINDOWS\gmer.ini
2009-02-14 08:24:04 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-02-14 08:24:04 ----A---- C:\WINDOWS\gmer.exe
2009-02-14 08:24:04 ----A---- C:\WINDOWS\gmer.dll
2009-02-14 08:21:31 ----D---- C:\rsit
2009-02-12 17:57:02 ----D---- C:\Program Files\iTunes
2009-02-12 17:39:46 ----D---- C:\Program Files\Trend Micro
2009-02-11 07:45:54 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-08 17:19:11 ----D---- C:\Program Files\Microsoft
2009-02-08 17:18:39 ----D---- C:\Program Files\Windows Live SkyDrive
2009-02-08 16:48:15 ----D---- C:\Program Files\Common Files\Windows Live
2009-02-07 16:11:58 ----D---- C:\Program Files\TVAnts
2009-02-06 22:53:26 ----A---- C:\WINDOWS\system32\acs.exe
2009-02-06 22:53:19 ----RA---- C:\WINDOWS\system32\dsaNac.dll
2009-02-06 22:53:19 ----A---- C:\WINDOWS\system32\wsimd.dll
2009-02-06 22:53:19 ----A---- C:\WINDOWS\system32\wsfwDS.dll
2009-02-06 22:53:19 ----A---- C:\WINDOWS\system32\wgapi.dll
2009-02-06 22:53:19 ----A---- C:\WINDOWS\system32\wcapiU.dll
2009-02-06 22:53:19 ----A---- C:\WINDOWS\system32\wcapi.dll
2009-02-06 22:53:19 ----A---- C:\WINDOWS\system32\dsa.dll
2009-02-06 22:53:19 ----A---- C:\WINDOWS\system32\athcfg20U.dll
2009-02-06 22:53:19 ----A---- C:\WINDOWS\system32\athcfg20resU.dll
2009-02-06 22:53:18 ----A---- C:\WINDOWS\system32\athcfg20res.dll
2009-02-06 22:53:18 ----A---- C:\WINDOWS\system32\athcfg20.dll
2009-02-06 22:53:16 ----D---- C:\Program Files\TP-LINK
2009-02-06 22:51:23 ----D---- C:\Documents and Settings\All Users\Application Data\TP-LINK
2009-02-03 20:11:18 ----D---- C:\Program Files\uTorrent
2009-02-03 19:50:24 ----SHD---- C:\Config.Msi
2009-01-25 15:08:51 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-01-25 15:08:51 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-01-25 15:08:51 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-01-25 15:08:51 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-01-25 15:08:36 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2009-01-25 15:02:09 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2009-01-25 15:02:08 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2009-01-25 15:02:08 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2009-01-25 15:02:07 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2009-01-25 15:02:07 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2009-01-25 15:02:06 ----D---- C:\Program Files\K-Lite Codec Pack
2009-01-25 14:09:10 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2009-01-25 11:58:55 ----D---- C:\Documents and Settings\All Users\Application Data\Fallout3
2009-01-25 11:58:49 ----D---- C:\Program Files\Bethesda Softworks
2009-01-25 11:14:40 ----D---- C:\WINDOWS\system32\xlive
2009-01-18 18:07:56 ----D---- C:\Documents and Settings\Steve\Application Data\Malwarebytes
2009-01-18 18:07:39 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-18 18:07:38 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-18 17:12:22 ----D---- C:\Documents and Settings\Steve\Application Data\PC Tools
2009-01-18 17:12:21 ----D---- C:\Program Files\Spyware Doctor
2009-01-18 17:12:13 ----D---- C:\Program Files\Common Files\Download Manager
2009-01-17 03:45:10 ----D---- C:\Documents and Settings\Steve\Application Data\vlc
2009-01-15 03:02:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-11 21:29:40 ----D---- C:\Documents and Settings\All Users\Application Data\Graboid Inc
2009-01-11 21:29:20 ----D---- C:\Documents and Settings\Steve\Application Data\MozillaControl
2009-01-11 21:28:13 ----D---- C:\Program Files\Graboid
2009-01-06 22:00:14 ----D---- C:\Program Files\MP3Gain
2009-01-05 07:51:30 ----A---- C:\WINDOWS\IE4 Error Log.txt
2008-12-28 11:35:47 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-24 19:22:59 ----A---- C:\WINDOWS\system32\Request.txt
2008-12-10 20:50:22 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 20:49:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 20:49:08 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 20:48:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-07 19:44:12 ----D---- C:\Program Files\Common Files\DirectX
2008-12-05 07:52:40 ----D---- C:\nDoors
2008-12-03 23:48:49 ----D---- C:\Documents and Settings\Steve\Application Data\BraCa_Soft
2008-12-03 21:38:46 ----D---- C:\9dc8cd10ba97d02697bc7b144fce
2008-12-03 21:38:32 ----D---- C:\WINDOWS\SxsCaPendDel
2008-12-03 20:48:46 ----D---- C:\Program Files\BraCa Soft
2008-12-02 22:37:20 ----A---- C:\WINDOWS\system32\sirenacm.dll
2008-11-28 01:56:16 ----A---- C:\WINDOWS\iPlayer.INI
2008-11-21 21:46:10 ----A---- C:\WINDOWS\system32\ssldivx.dll
2008-11-21 21:46:10 ----A---- C:\WINDOWS\system32\libdivx.dll
2008-11-21 21:45:16 ----A---- C:\WINDOWS\system32\dtu100.dll.manifest
2008-11-21 21:45:16 ----A---- C:\WINDOWS\system32\dtu100.dll
2008-11-21 21:45:16 ----A---- C:\WINDOWS\system32\dpl100.dll.manifest
2008-11-21 21:45:16 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-11-21 21:45:12 ----A---- C:\WINDOWS\system32\dpv11.dll
2008-11-21 21:45:12 ----A---- C:\WINDOWS\system32\dpus11.dll
2008-11-21 21:45:12 ----A---- C:\WINDOWS\system32\dpuGUI11.dll
2008-11-21 21:45:12 ----A---- C:\WINDOWS\system32\dpuGUI10.dll
2008-11-21 21:45:12 ----A---- C:\WINDOWS\system32\dpu11.dll
2008-11-21 21:45:12 ----A---- C:\WINDOWS\system32\dpu10.dll
2008-11-21 21:45:08 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2008-11-21 21:45:06 ----A---- C:\WINDOWS\system32\divx.dll
2008-11-21 21:44:38 ----A---- C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-11-21 21:44:16 ----A---- C:\WINDOWS\system32\DivXWMPExtType.dll

======List of files/folders modified in the last 3 months======

2009-02-14 13:26:15 ----D---- C:\Program Files\Mozilla Firefox
2009-02-14 13:24:54 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-02-14 13:24:51 ----D---- C:\WINDOWS\Temp
2009-02-14 13:12:44 ----SD---- C:\WINDOWS\Tasks
2009-02-14 13:09:54 ----D---- C:\WINDOWS\system32\drivers
2009-02-14 13:08:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-14 13:04:38 ----D---- C:\WINDOWS\system32
2009-02-14 13:03:54 ----SHD---- C:\WINDOWS\Installer
2009-02-14 13:03:35 ----A---- C:\WINDOWS\system32\javaws.exe
2009-02-14 13:03:35 ----A---- C:\WINDOWS\system32\javaw.exe
2009-02-14 13:03:35 ----A---- C:\WINDOWS\system32\java.exe
2009-02-14 13:03:32 ----D---- C:\Program Files\Java
2009-02-14 13:03:18 ----D---- C:\Program Files\Common Files\Apple
2009-02-14 13:03:07 ----RD---- C:\Program Files
2009-02-14 12:58:55 ----D---- C:\WINDOWS
2009-02-14 12:58:46 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-14 12:58:45 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-14 12:47:47 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-14 10:36:49 ----D---- C:\Documents and Settings\Steve\Application Data\uTorrent
2009-02-14 10:26:31 ----AD---- C:\Documents and Settings\All Users\Application Data\Sports Interactive
2009-02-14 08:21:21 ----D---- C:\WINDOWS\Prefetch
2009-02-11 07:45:57 ----HD---- C:\WINDOWS\inf
2009-02-11 07:45:54 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-11 07:45:51 ----A---- C:\WINDOWS\imsins.BAK
2009-02-11 07:45:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-11 07:45:21 ----D---- C:\Program Files\Internet Explorer
2009-02-10 07:09:16 ----D---- C:\Program Files\QuickTime Alternative
2009-02-08 17:20:21 ----D---- C:\Program Files\Windows Live
2009-02-08 17:20:14 ----D---- C:\WINDOWS\WinSxS
2009-02-08 17:18:56 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-02-08 17:18:56 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-02-08 17:18:21 ----RSD---- C:\WINDOWS\Fonts
2009-02-08 16:48:15 ----D---- C:\Program Files\Common Files
2009-02-06 22:53:28 ----D---- C:\WINDOWS\system32\config
2009-02-06 22:53:00 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-06 19:54:04 ----A---- C:\WINDOWS\NeroDigital.ini
2009-02-06 18:13:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-05 20:25:55 ----D---- C:\Documents and Settings\Steve\Application Data\dvdcss
2009-02-03 23:21:12 ----A---- C:\WINDOWS\system32\MRT.exe
2009-02-03 07:35:09 ----HD---- C:\$AVG8.VAULT$
2009-01-31 12:07:17 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-01-31 12:07:03 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-01-25 15:03:37 ----D---- C:\Program Files\Common Files\Real
2009-01-25 15:03:32 ----D---- C:\Documents and Settings\Steve\Application Data\Real
2009-01-25 15:01:16 ----D---- C:\Program Files\Codec Pack - All In 1
2009-01-25 14:09:59 ----D---- C:\WINDOWS\system32\DirectX
2009-01-25 11:57:42 ----RSD---- C:\WINDOWS\assembly
2009-01-25 11:44:29 ----D---- C:\Program Files\Sports Interactive
2009-01-25 11:40:12 ----D---- C:\VideoOutput
2009-01-25 11:38:54 ----D---- C:\Temp
2009-01-23 00:14:22 ----D---- C:\Program Files\Yahoo!
2009-01-18 23:14:13 ----D---- C:\Documents and Settings\Steve\Application Data\Google
2009-01-16 22:33:27 ----D---- C:\Program Files\DVD Genie
2009-01-16 21:35:14 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-01-05 21:58:14 ----D---- C:\WINDOWS\Downloaded Installations
2009-01-05 21:58:14 ----D---- C:\Program Files\Veoh Networks
2009-01-05 01:19:12 ----D---- C:\Program Files\DivX
2008-12-29 20:25:58 ----D---- C:\Program Files\SopCast
2008-12-28 11:36:25 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-20 23:15:41 ----A---- C:\WINDOWS\system32\wininet.dll
2008-12-20 23:15:40 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-12-20 23:15:40 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-12-20 23:15:39 ----A---- C:\WINDOWS\system32\url.dll
2008-12-20 23:15:38 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-12-20 23:15:38 ----A---- C:\WINDOWS\system32\occache.dll
2008-12-20 23:15:32 ----A---- C:\WINDOWS\system32\mstime.dll
2008-12-20 23:15:31 ----A---- C:\WINDOWS\system32\msrating.dll
2008-12-20 23:15:30 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-12-20 23:15:24 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-12-20 23:15:23 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-12-20 23:15:23 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-12-20 23:15:22 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-12-20 23:15:21 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-12-20 23:15:21 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-12-20 23:15:16 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-12-20 23:15:15 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-12-20 23:15:14 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-12-20 23:15:14 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-12-20 23:15:13 ----A---- C:\WINDOWS\system32\icardie.dll
2008-12-20 23:15:13 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-12-20 23:15:13 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-12-20 23:15:12 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-12-20 23:15:11 ----A---- C:\WINDOWS\system32\advpack.dll
2008-12-20 19:10:31 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-19 09:10:15 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-12-19 09:10:15 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-12-19 05:23:56 ----A---- C:\WINDOWS\system32\ieakui.dll
2008-12-15 22:01:07 ----D---- C:\Program Files\Winamp
2008-12-07 18:08:06 ----A---- C:\WINDOWS\system32\xvidcore.dll
2008-12-04 10:57:49 ----D---- C:\Program Files\TuneUp Utilities 2007
2008-12-04 04:04:24 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-03 21:39:48 ----D---- C:\WINDOWS\system32\XPSViewer
2008-12-03 21:39:46 ----D---- C:\WINDOWS\system32\en-US
2008-11-23 20:05:17 ----D---- C:\WINDOWS\Minidump
2008-11-15 00:11:25 ----D---- C:\WINDOWS\network diagnostic

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-01-31 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-01-31 27656]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-01-31 107272]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-06-02 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-06-10 81288]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-04-09 31548]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-12-21 21275]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-04-17 4262912]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2006-06-08 344064]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 NVTCP;NVIDIA TCP/IP Protocol Driver; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [2006-03-22 109568]
S3 a1r0ttws;a1r0ttws; C:\WINDOWS\system32\drivers\a1r0ttws.sys []
S3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service; C:\WINDOWS\system32\DRIVERS\WG11TND5.sys [2005-01-07 286720]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 ATHFMWDL;NETGEAR WG111T Bootloader driver; C:\WINDOWS\System32\Drivers\ATHFMWDL.sys [2004-10-14 43392]
S3 bfturboh;BUFFALO TurboUSB for HD Filter; C:\WINDOWS\system32\drivers\bfturboh.sys [2008-02-12 17152]
S3 BOCDRIVE;BOClean Kernel Monitor.; \??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys []
S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 cmudau;C-Media USB Sound Interface; C:\WINDOWS\system32\drivers\cmudau.sys [2004-04-26 825344]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\DNINDIS5.SYS []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-02-14 85969]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-04-10 25280]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2006-11-15 55840]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva190;XDva190; \??\C:\WINDOWS\system32\XDva190.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-01-31 903960]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-01-31 298264]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-02-07 20543]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-14 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2006-07-12 335872]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-03-30 131131]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-08-07 1073544]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S2 ACS;TP-LINK Configuration Service; C:\WINDOWS\system32\acs.exe [2007-02-12 364629]
S2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-03-30 65599]
S2 PCToolsFirewallPlus;PC Tools Firewall Plus; C:\Program Files\PC Tools Firewall Plus\FWService.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-10-04 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe []
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe []
S4 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2006-03-30 143360]
S4 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE []
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-01-15 266240]

-----------------EOF-----------------

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 14 February 2009 - 09:32 AM

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 Naylor

Naylor
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 14 February 2009 - 10:07 AM

Iexplore.exe cannot be found :thumbup2:

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 14 February 2009 - 10:51 AM

Please download SystemLook from jpshortstuff and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click the SystemLook and copy/paste the following into the box
    ::filefind
    iexplore.exe
  • Hit the Look button. Let it finish the scan
  • A log will then pop-up to your Desktop.. Post the content of the log here in your next reply

Edited by fenzodahl512, 14 February 2009 - 10:52 AM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 Naylor

Naylor
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 14 February 2009 - 11:02 AM

SystemLook v1.0 by jpshortstuff (11.02.09)
Log created at 16:02 on 14/02/2009 by Steve (Administrator - Elevation successful)

Invalid Context: :filefind

No Context: iexplore.exe

-=End Of File=-

#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 14 February 2009 - 01:24 PM

Sorry, my mistake.. run SystemLook again with this code.. Post the report here

:filefind
iexplore.exe


Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#14 Naylor

Naylor
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:25 AM

Posted 14 February 2009 - 02:34 PM

SystemLook v1.0 by jpshortstuff (11.02.09)
Log created at 19:29 on 14/02/2009 by Steve (Administrator - Elevation successful)

========== filefind ==========

Searching for "iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe --a--- 634024 bytes <04:11 21/12/2006> <05:25 19/12/2008>
C:\WINDOWS\$hf_mig$\KB931768-IE7\SP2QFE\iexplore.exe --a--- 625152 bytes <22:25 09/05/2007> <06:51 28/02/2007>
C:\WINDOWS\$hf_mig$\KB933566-IE7\SP2QFE\iexplore.exe --a--- 625152 bytes <14:20 24/04/2007> <14:20 24/04/2007>
C:\WINDOWS\$hf_mig$\KB937143-IE7\SP2QFE\iexplore.exe --a--- 625152 bytes <09:16 27/06/2007> <09:16 27/06/2007>
C:\WINDOWS\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe --a--- 625152 bytes <10:12 17/08/2007> <10:12 17/08/2007>
C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe --a--- 625664 bytes <08:16 10/10/2007> <08:16 10/10/2007>
C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe --a--- 625664 bytes <08:34 06/12/2007> <08:34 06/12/2007>
C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe --a--- 625664 bytes <10:35 09/04/2008> <09:40 22/02/2008>
C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe --a--- 625664 bytes <05:21 11/06/2008> <08:02 22/04/2008>
C:\WINDOWS\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe --a--- 625664 bytes <11:57 13/08/2008> <08:23 23/06/2008>
C:\WINDOWS\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe --a--- 635848 bytes <05:56 23/08/2008> <05:56 23/08/2008>
C:\WINDOWS\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe --a--- 633632 bytes <19:59 10/12/2008> <06:34 15/10/2008>
C:\WINDOWS\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe --a--- 634024 bytes <03:02 11/02/2009> <05:25 19/12/2008>
C:\WINDOWS\ie7updates\KB928090-IE7\iexplore.exe -----c 622080 bytes <03:01 16/02/2007> <12:04 17/10/2006>
C:\WINDOWS\ie7updates\KB931768-IE7\iexplore.exe -----c 623616 bytes <02:01 10/05/2007> <18:08 08/01/2007>
C:\WINDOWS\ie7updates\KB933566-IE7\iexplore.exe -----c 623616 bytes <21:08 13/06/2007> <08:00 21/02/2007>
C:\WINDOWS\ie7updates\KB937143-IE7\iexplore.exe -----c 625152 bytes <18:47 15/08/2007> <14:26 24/04/2007>
C:\WINDOWS\ie7updates\KB939653-IE7\iexplore.exe -----c 625152 bytes <13:11 10/10/2007> <08:27 27/06/2007>
C:\WINDOWS\ie7updates\KB942615-IE7\iexplore.exe -----c 625152 bytes <00:04 12/12/2007> <10:21 17/08/2007>
C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe -----c 625152 bytes <23:59 14/02/2008> <10:59 10/10/2007>
C:\WINDOWS\ie7updates\KB947864-IE7\iexplore.exe -----c 625664 bytes <02:02 10/04/2008> <11:01 06/12/2007>
C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe -----c 625664 bytes <02:03 12/06/2008> <08:55 29/02/2008>
C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe -----c 625664 bytes <17:47 13/08/2008> <07:40 22/04/2008>
C:\WINDOWS\ie7updates\KB956390-IE7\iexplore.exe -----c 625664 bytes <02:00 18/10/2008> <09:20 23/06/2008>
C:\WINDOWS\ie7updates\KB958215-IE7\iexplore.exe -----c 635848 bytes <20:50 10/12/2008> <05:56 23/08/2008>
C:\WINDOWS\ie7updates\KB961260-IE7\iexplore.exe -----c 633632 bytes <07:44 11/02/2009> <07:06 15/10/2008>
C:\WINDOWS\ie7\iexplore.exe --a--c 93184 bytes <06:57 21/12/2006> <12:00 28/02/2006>
C:\WINDOWS\ServicePackFiles\i386\iexplore.exe ------ 93184 bytes <16:13 30/08/2008> <00:12 14/04/2008>
C:\WINDOWS\SoftwareDistribution\Download\21b9c2f7b1db683e3d83bfb825d32092\SP2GDR\iexplore.exe --a--- 634024 bytes <03:02 11/02/2009> <05:25 19/12/2008>
C:\WINDOWS\SoftwareDistribution\Download\21b9c2f7b1db683e3d83bfb825d32092\SP2QFE\iexplore.exe --a--- 634024 bytes <03:02 11/02/2009> <05:25 19/12/2008>
C:\WINDOWS\system32\dllcache\iexplore.exe --a--c 634024 bytes <04:11 21/12/2006> <05:25 19/12/2008>

-=End Of File=-

#15 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 14 February 2009 - 02:47 PM

Well, you have IExplore.exe in the right place... How did you post here?.. Do you use Firefox or IE? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users