Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with "Extreme Slow Scans"


  • Please log in to reply
1 reply to this topic

#1 Leech

Leech

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 17 February 2009 - 12:40 AM

DaChew told me to post it, so that trained pros can help me.
Original Thread: http://www.bleepingcomputer.com/forums/t/203627/sas-scans-same-files-over-and-over-again/

Logfile of random's system information tool 1.05 (written by random/random)
Run by James at 2009-02-16 20:44:55
Microsoft Windows Vista€ž Home Premium  Service Pack 1
System drive C: has 21 GB (9%) free of 227 GB
Total RAM: 1982 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:18 PM, on 16/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Window Hide Tool\Window Hide Tool.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Users\James\Desktop\HJT\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\James.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Presario&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Presario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Presario&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [TELUS_McciTrayApp] C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe
O4 - HKLM\..\Run: [TelusWCC_McciTrayApp] C:\Program Files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Nexon\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6003 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\User_Feed_Synchronization-{AA650201-5943-4270-9A6C-12FE4F3FF923}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-11-20 878352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31FF080D-12A3-439A-A2EF-4BA95A3148E8}]
IE to GetRight Helper - C:\Program Files\GetRight\xx2gr.dll [2007-07-18 246848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-26 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll [2008-05-16 654320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-26 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-03-27 501056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-11-20 878352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400]
"TELUS_McciTrayApp"=C:\Program Files\TELUS\TELUS Support Centre\bin\McciTrayApp.exe [2007-10-07 1462272]
"TelusWCC_McciTrayApp"=C:\Program Files\TELUS\TELUS Wireless Connection Manager\McciTrayApp.exe [2006-03-10 543232]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-29 1601304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-02-16 509784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Users\James\Program Files\DNA\btdna.exe [2008-05-13 289088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2007-10-01 1783136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-06-01 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Downloads\Download Manager\DLM.exe /windowsstart /startifwork []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
C:\Windows\KHALMNPR.EXE [2008-02-29 76304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
C:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-05-17 279912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
C:\Windows\system32\nvsvc.dll [2008-12-04 711200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung LBP SM]
C:\Windows\Samsung\LaserSMMgr\ssmmgr.exe [2003-01-13 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-01-15 1830128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
C:\Windows\vVX3000.exe [2007-04-10 709992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-08 311296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2008-08-03 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Hide Tool]
C:\Program Files\Window Hide Tool\Window Hide Tool.exe [2008-01-18 307200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2008-03-25 214360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 3 months======

2009-02-15 17:03:39 ----D---- C:\Program Files\BreakPoint Software
2009-02-15 00:33:58 ----D---- C:\Program Files\SUPERAntiSpyware
2009-02-14 09:41:04 ----D---- C:\Users\James\AppData\Roaming\Tidy Start Menu
2009-02-11 15:51:31 ----A---- C:\Windows\system32\mshtml.dll
2009-02-11 15:51:30 ----A---- C:\Windows\system32\ieframe.dll
2009-02-11 15:51:29 ----A---- C:\Windows\system32\urlmon.dll
2009-02-11 15:51:28 ----A---- C:\Windows\system32\wininet.dll
2009-02-11 15:51:28 ----A---- C:\Windows\system32\mstime.dll
2009-02-11 15:51:28 ----A---- C:\Windows\system32\msfeeds.dll
2009-02-11 15:51:28 ----A---- C:\Windows\system32\iertutil.dll
2009-02-11 15:51:27 ----A---- C:\Windows\system32\jsproxy.dll
2009-02-06 14:51:00 ----HD---- C:\$AVG8.VAULT$
2009-02-05 17:41:45 ----D---- C:\Program Files\iMaxMacro
2009-02-03 17:24:40 ----D---- C:\Program Files\Window Hide Tool
2009-02-03 16:11:13 ----D---- C:\CFLog
2009-02-02 19:08:00 ----D---- C:\Program Files\G4box
2009-01-31 11:30:03 ----D---- C:\Users\James\AppData\Roaming\dyyno-vlc
2009-01-31 11:26:18 ----D---- C:\Program Files\Dyyno
2009-01-29 17:57:56 ----A---- C:\Windows\system32\tcpipcfg.dll
2009-01-29 17:57:56 ----A---- C:\Windows\system32\netiougc.exe
2009-01-29 16:04:45 ----D---- C:\ProgramData\CheckPoint
2009-01-28 16:28:59 ----A---- C:\Windows\system32\avgrsstx.dll
2009-01-28 16:28:55 ----D---- C:\Program Files\AVG
2009-01-28 16:27:04 ----D---- C:\ProgramData\Avg8
2009-01-26 22:35:42 ----A---- C:\Windows\system32\javaws.exe
2009-01-26 22:35:42 ----A---- C:\Windows\system32\javaw.exe
2009-01-26 22:35:42 ----A---- C:\Windows\system32\java.exe
2009-01-26 14:11:02 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2009-01-26 14:10:59 ----D---- C:\Users\James\AppData\Roaming\SUPERAntiSpyware.com
2009-01-26 14:03:07 ----D---- C:\Users\James\AppData\Roaming\Malwarebytes
2009-01-26 14:03:03 ----D---- C:\ProgramData\Malwarebytes
2009-01-26 13:58:15 ----A---- C:\Windows\system32\lsdelete.exe
2009-01-26 13:45:50 ----HDC---- C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-26 13:45:41 ----D---- C:\ProgramData\Lavasoft
2009-01-26 13:45:41 ----D---- C:\Program Files\Lavasoft
2009-01-26 13:03:26 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-01-26 12:58:05 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-01-26 12:53:46 ----D---- C:\ProgramData\NOS
2009-01-26 12:53:46 ----D---- C:\Program Files\NOS
2009-01-23 19:15:36 ----D---- C:\rsit
2009-01-23 15:18:12 ----D---- C:\Users\James\AppData\Roaming\Ventrilo
2009-01-23 15:18:06 ----D---- C:\Program Files\Ventrilo
2009-01-23 15:18:05 ----A---- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-01-23 15:14:49 ----D---- C:\Program Files\VentSrv
2009-01-23 15:14:29 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-05 20:09:00 ----D---- C:\Program Files\Trend Micro
2009-01-05 18:27:18 ----N---- C:\Windows\Setup1.exe
2009-01-05 18:27:18 ----A---- C:\Windows\ST6UNST.EXE
2009-01-04 00:18:43 ----D---- C:\Program Files\OGPlanet
2009-01-01 16:03:10 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-01-01 16:03:10 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-01-01 16:03:10 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-01-01 16:03:09 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-01-01 16:03:04 ----A---- C:\Windows\system32\wersvc.dll
2009-01-01 16:03:04 ----A---- C:\Windows\system32\Faultrep.dll
2009-01-01 16:02:38 ----A---- C:\Windows\system32\connect.dll
2008-12-25 16:51:18 ----D---- C:\Users\James\AppData\Roaming\Broad Intelligence
2008-12-25 16:46:19 ----D---- C:\Program Files\MediaCoder
2008-12-18 20:05:50 ----D---- C:\Users\James\AppData\Roaming\HP
2008-12-18 20:05:35 ----D---- C:\ProgramData\WEBREG
2008-12-18 19:55:53 ----D---- C:\ProgramData\HP Product Assistant
2008-12-18 19:55:05 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2008-12-18 19:52:44 ----HD---- C:\Config.Msi
2008-12-18 19:42:19 ----A---- C:\Windows\system32\hpzids01.dll
2008-12-18 19:42:12 ----A---- C:\Windows\system32\hpz3l5mu.dll
2008-12-18 19:39:16 ----A---- C:\Windows\system32\hppldcoi.dll
2008-12-18 19:39:15 ----A---- C:\Windows\system32\hpowiax7.dll
2008-12-18 19:39:15 ----A---- C:\Windows\system32\hpovst15.dll
2008-12-18 19:39:15 ----A---- C:\Windows\system32\hpotscl6.dll
2008-12-18 19:39:15 ----A---- C:\Windows\system32\difxapi.dll
2008-12-11 00:04:09 ----A---- C:\Windows\system32\tzres.dll
2008-12-10 17:50:40 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-10 17:50:39 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-10 17:49:44 ----A---- C:\Windows\system32\gdi32.dll
2008-12-10 17:41:57 ----A---- C:\Windows\system32\shell32.dll
2008-12-10 17:41:43 ----A---- C:\Windows\explorer.exe
2008-12-10 17:41:13 ----A---- C:\Windows\system32\mf.dll
2008-12-10 17:41:12 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-10 17:41:12 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-10 17:41:11 ----A---- C:\Windows\system32\logagent.exe
2008-12-10 16:33:26 ----A---- C:\Windows\system32\dtu100.dll
2008-12-10 16:33:26 ----A---- C:\Windows\system32\dpl100.dll
2008-12-08 18:28:52 ----A---- C:\Windows\system32\dpv11.dll
2008-12-08 18:28:52 ----A---- C:\Windows\system32\dpus11.dll
2008-12-08 18:28:52 ----A---- C:\Windows\system32\dpuGUI11.dll
2008-12-08 18:28:52 ----A---- C:\Windows\system32\dpu11.dll
2008-12-04 02:42:00 ----A---- C:\Windows\system32\nvwssr.dll
2008-12-04 02:42:00 ----A---- C:\Windows\system32\nvwss.dll
2008-12-04 02:42:00 ----A---- C:\Windows\system32\nvwgf2um.dll
2008-12-04 02:42:00 ----A---- C:\Windows\system32\nvvsvc.exe
2008-12-04 02:42:00 ----A---- C:\Windows\system32\nvvitvsr.dll
2008-12-04 02:42:00 ----A---- C:\Windows\system32\nvvitvs.dll
2008-12-04 02:42:00 ----A---- C:\Windows\system32\nvudisp.exe
2008-12-04 02:42:00 ----A---- C:\Windows\system32\nvoglv32.dll
2008-12-04 02:42:00 ----A---- C:\Windows\system32\nvmoblsr.dll
2008-12-04 02:42:00 ----A---- C:\Windows\system32\nvmobls.dll
2008-12-04 02:42:00 ----A---- C:\Windows\system32\nvmccssr.dll
2008-12-04 02:42:00 ----A---- C:\Windows\system32\nvmccss.dll
2008-12-04 02:42:00 ----A---- C:\Windows\system32\nvmccsrs.dll
2008-12-04 02:42:00 ----A---- C:\Windows\system32\nvmccs.dll
2008-12-04 02:42:00 ----A---- C:\Windows\system32\nvgamesr.dll
2008-12-04 02:42:00 ----A---- C:\Windows\system32\nvgames.dll
2008-12-04 02:42:00 ----A---- C:\Windows\system32\nvdispsr.dll
2008-12-04 02:42:00 ----A---- C:\Windows\system32\nvdisps.dll
2008-12-04 02:42:00 ----A---- C:\Windows\system32\nvd3dum.dll
2008-12-04 02:42:00 ----A---- C:\Windows\system32\nvcpl.dll
2008-12-04 02:42:00 ----A---- C:\Windows\system32\nvcolor.exe
2008-12-04 02:42:00 ----A---- C:\Windows\system32\nvcod135.dll
2008-12-04 02:42:00 ----A---- C:\Windows\system32\nvcod.dll
2008-12-04 02:42:00 ----A---- C:\Windows\system32\dpinst.exe
2008-11-23 20:00:05 ----D---- C:\Users\James\AppData\Roaming\Facebook
2008-11-17 16:36:02 ----A---- C:\Windows\system32\vnetinst.dll
2008-11-17 16:35:56 ----A---- C:\Windows\system32\vmnetdhcp.exe
2008-11-17 16:35:51 ----A---- C:\Windows\system32\vmnat.exe
2008-11-17 16:35:44 ----RA---- C:\Windows\system32\vmnetbridge.dll
2008-11-17 16:35:38 ----A---- C:\Windows\system32\vnetlib.dll
2008-11-17 16:10:25 ----A---- C:\Windows\system32\wups2.dll
2008-11-17 16:10:25 ----A---- C:\Windows\system32\wucltux.dll
2008-11-17 16:10:25 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-17 16:10:25 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-17 16:09:43 ----A---- C:\Windows\system32\wups.dll
2008-11-17 16:09:43 ----A---- C:\Windows\system32\wudriver.dll
2008-11-17 16:09:43 ----A---- C:\Windows\system32\wuapi.dll
2008-11-17 16:09:33 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-17 16:09:33 ----A---- C:\Windows\system32\wuapp.exe

======List of files/folders modified in the last 3 months======

2009-02-16 20:45:07 ----D---- C:\Windows\Prefetch
2009-02-16 20:41:57 ----D---- C:\Program Files\Mozilla Firefox
2009-02-16 20:23:18 ----D---- C:\Windows
2009-02-16 18:47:51 ----D---- C:\Windows\System32
2009-02-16 18:47:46 ----D---- C:\Windows\system32\drivers
2009-02-16 11:53:43 ----D---- C:\Users\James\AppData\Roaming\OpenOffice.org2
2009-02-16 07:48:54 ----D---- C:\Windows\Minidump
2009-02-16 07:38:03 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-02-16 07:38:02 ----D---- C:\Windows\inf
2009-02-16 07:34:33 ----D---- C:\Windows\Temp
2009-02-15 21:52:09 ----SHD---- C:\Windows\Installer
2009-02-15 21:52:09 ----RD---- C:\Program Files
2009-02-15 21:51:51 ----D---- C:\Program Files\Common Files\Adobe
2009-02-15 21:51:32 ----SHD---- C:\System Volume Information
2009-02-15 11:42:13 ----D---- C:\Windows\system32\LogFiles
2009-02-15 11:41:59 ----D---- C:\Windows\Debug
2009-02-11 23:27:26 ----D---- C:\Windows\winsxs
2009-02-11 23:26:06 ----D---- C:\Windows\system32\catroot
2009-02-11 15:50:27 ----D---- C:\Windows\system32\catroot2
2009-02-08 18:55:47 ----D---- C:\Users\James\AppData\Roaming\VMware
2009-02-08 13:13:05 ----D---- C:\ProgramData\IJJIGame
2009-02-07 10:42:25 ----AD---- C:\ProgramData\TEMP
2009-02-03 15:21:12 ----A---- C:\Windows\system32\mrt.exe
2009-01-30 21:29:32 ----D---- C:\ProgramData\VMware
2009-01-30 21:29:07 ----D---- C:\Windows\Internet Logs
2009-01-30 18:18:39 ----SD---- C:\Users\James\AppData\Roaming\Microsoft
2009-01-30 15:54:31 ----D---- C:\Windows\system32\Tasks
2009-01-29 18:02:35 ----D---- C:\Windows\system32\migration
2009-01-29 17:57:20 ----D---- C:\Windows\SoftwareDistribution
2009-01-29 16:38:22 ----D---- C:\Windows\Logs
2009-01-29 16:04:45 ----HD---- C:\ProgramData
2009-01-26 22:35:29 ----A---- C:\Windows\system32\deploytk.dll
2009-01-26 22:35:24 ----D---- C:\Program Files\Java
2009-01-26 22:28:14 ----D---- C:\Program Files\Common Files
2009-01-26 22:18:57 ----D---- C:\Program Files\HP
2009-01-26 13:56:33 ----DC---- C:\Windows\system32\DRVSTORE
2009-01-26 13:51:46 ----D---- C:\Windows\Tasks
2009-01-26 12:58:15 ----D---- C:\Program Files\Adobe
2009-01-26 12:57:56 ----D---- C:\ProgramData\Adobe
2009-01-23 16:05:16 ----HD---- C:\Users\James\AppData\Roaming\ijjigame
2009-01-22 22:18:05 ----D---- C:\Downloads
2009-01-12 17:09:37 ----D---- C:\Program Files\DivX
2009-01-10 13:47:19 ----D---- C:\Program Files\WinRAR
2009-01-04 21:58:10 ----D---- C:\ProgramData\NVIDIA
2009-01-04 00:53:52 ----RSD---- C:\Windows\Fonts
2009-01-02 01:23:44 ----D---- C:\Program Files\Full Tilt Poker
2009-01-02 00:12:10 ----D---- C:\Windows\AppPatch
2009-01-01 20:18:59 ----D---- C:\Windows\Microsoft.NET
2009-01-01 20:18:57 ----RSD---- C:\Windows\assembly
2009-01-01 00:07:31 ----D---- C:\Program Files\CCleaner
2008-12-24 14:32:38 ----SD---- C:\Windows\Downloaded Program Files
2008-12-24 10:54:36 ----D---- C:\Temp
2008-12-23 20:54:12 ----D---- C:\Users\James\AppData\Roaming\Winamp
2008-12-23 20:53:02 ----D---- C:\Program Files\Winamp
2008-12-22 00:13:28 ----D---- C:\Program Files\Microsoft Games
2008-12-19 15:35:27 ----D---- C:\Windows\pss
2008-12-18 20:07:07 ----D---- C:\ProgramData\HP
2008-12-18 20:04:53 ----N---- C:\Windows\win.ini
2008-12-18 19:55:15 ----D---- C:\Windows\twain_32
2008-12-18 19:43:40 ----D---- C:\ProgramData\Hewlett-Packard
2008-12-11 13:06:21 ----D---- C:\Windows\rescache
2008-12-11 12:49:56 ----D---- C:\Windows\system32\en-US
2008-12-11 00:12:35 ----D---- C:\ProgramData\Microsoft Help
2008-12-04 02:42:00 ----A---- C:\Windows\system32\nvuninst.exe
2008-12-04 02:42:00 ----A---- C:\Windows\system32\nvsvc.dll
2008-12-04 02:42:00 ----A---- C:\Windows\system32\nvmctray.dll
2008-12-04 02:42:00 ----A---- C:\Windows\system32\nvexpbar.dll
2008-12-04 02:42:00 ----A---- C:\Windows\system32\nvcpluir.dll
2008-12-04 02:42:00 ----A---- C:\Windows\system32\nvcplui.exe
2008-12-04 02:42:00 ----A---- C:\Windows\system32\nvapi.dll
2008-12-02 23:55:53 ----A---- C:\Windows\DUMPd142.tmp
2008-12-02 23:53:59 ----D---- C:\Windows\system32\config
2008-12-02 23:53:53 ----D---- C:\Windows\system32\spool
2008-12-02 23:53:53 ----D---- C:\Users\James\AppData\Roaming\vlc
2008-12-02 23:53:52 ----D---- C:\Program Files\CA Yahoo! Anti-Spy
2008-12-02 23:53:51 ----D---- C:\Windows\system32\wbem
2008-12-02 23:53:51 ----D---- C:\Windows\registration
2008-11-29 20:26:59 ----RD---- C:\Nexon
2008-11-27 00:15:14 ----D---- C:\Program Files\Windows Photo Gallery
2008-11-27 00:15:11 ----D---- C:\Program Files\GetRight
2008-11-22 15:21:09 ----A---- C:\Windows\DUMPf739.tmp
2008-11-17 16:01:29 ----D---- C:\ProgramData\Yahoo! Companion

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Amfilter;A4Tech Mouse Filter Driver; C:\Windows\system32\DRIVERS\Amfilter.sys [2007-05-15 9216]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-01-29 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-01-29 27656]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-01-15 55024]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2008-09-18 32304]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 npkcrypt;npkcrypt; \??\C:\Nexon\Nexon\npkcrypt.sys [2008-12-17 54888]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-08-08 45568]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-30 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-30 38400]
R2 vmci;VMware vmci; \??\C:\Windows\system32\Drivers\vmci.sys [2008-09-18 54960]
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2008-09-18 31280]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2008-09-18 26288]
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [2008-09-18 857392]
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys [2008-08-25 22448]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-09 8704]
R3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\Windows\system32\DRIVERS\Amusbprt.sys [2007-05-15 14336]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-05-30 735232]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 188416]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-19 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-19 208896]
R3 maxD20081102;maxD20081102; \??\C:\Program Files\iMaxMacro\max20081102.sys [2008-12-24 19968]
R3 MouseCap;MouseCapture Driver; C:\Windows\System32\Drivers\MouseCap.sys [2005-08-08 6640]
R3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-11-16 18304]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-03-06 1059112]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-12-04 7606688]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-20 88576]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
R3 vkeyfdo;Virtual Keybord Function Driver; C:\Windows\System32\Drivers\vkeyfdo.sys [2004-02-12 11336]
R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys [2008-09-18 23216]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-19 660480]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
S2 RPSKT;Security Services Driver (x86); C:\Windows\system32\DRIVERS\rp_skt32.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-01 464384]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [2007-09-25 15152]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-20 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-20 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-20 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-09-08 176640]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-20 200704]
S3 Inspect;Comodo Firewall Network Driver; C:\Windows\system32\DRIVERS\inspect.sys []
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
S3 maxDRIVER53;maxDRIVER53; C:\Windows\system32\drivers\maxDRIVER53.sys []
S3 Moufiltr;Mouse Test Driver; C:\Windows\system32\DRIVERS\Moufiltr.sys [2005-08-06 9661]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-11-16 19712]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 npkcusb;npkcusb; \??\C:\Nexon\Nexon\npkcusb.sys [2008-12-17 24272]
S3 RTCore32;RTCore32; \??\C:\Users\James\Desktop\rmma38bin\RTCore32.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-20 73088]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-20 134016]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2008-09-18 16560]
S3 vmusb;VMware USB Client Driver; C:\Windows\System32\Drivers\vmusb.sys [2008-09-18 31280]
S3 VX3000;VX-3000; C:\Windows\system32\DRIVERS\VX3000.sys [2007-04-10 1966696]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S3 XDva219;XDva219; \??\C:\Windows\system32\XDva219.sys []
S3 XDva224;XDva224; \??\C:\Windows\system32\XDva224.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-01-29 298264]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-09-26 303104]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 npkcmsvc;npkcmsvc; C:\Nexon\Nexon\npkcmsvc.exe [2008-12-17 88728]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-12-04 203296]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-09 386560]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-02-16 950096]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe [2008-08-25 191024]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-20 21504]
S3 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2008-09-18 326192]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
S4 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S4 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2008-05-05 165416]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-16 137200]
S4 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
S4 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2007-12-05 144688]
S4 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S4 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [2008-09-18 113200]
S4 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2008-09-18 399920]

-----------------EOF-----------------

Edited by Leech, 17 February 2009 - 12:44 AM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:06 AM

Posted 28 February 2009 - 05:45 PM

Hello Leech

Welcome to BleepingComputer :thumbup2:
========================

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.
================
Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users