Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Remote control?


  • This topic is locked This topic is locked
10 replies to this topic

#1 Celsus

Celsus

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:59 AM

Posted 23 April 2009 - 05:09 AM

Redirected from this topic: http://www.bleepingcomputer.com/forums/t/220948/internet-browsers-crash-randomly-programs-dont-load-on-startup-computer-slowdown/

I can't post a DDS log, because I can't get DDS to run on my compter (even with script blockers disabled and a couple of workarounds). However, I can get HJT to work, so here's my log:

==============================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:01:32, on 23/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=33568
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: SWF Capture tool - C:\Program Files\Eltima Software\Flash Decompiler\iebt.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
O11 - Options group: [JAVA_IBM] Java (IBM)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8584 bytes


==============================


It's quite a frustrating and worrying problem, so I'd appreciate any help you could give me!


Celsus

Edited by Celsus, 23 April 2009 - 05:11 AM.


BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:02:59 AM

Posted 05 May 2009 - 06:42 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

//If you cannot post a DDS log then a new HJT?




Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine.
Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 Celsus

Celsus
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:59 AM

Posted 06 May 2009 - 02:54 PM

I'm still experiencing problems, so I'd still be grateful if you could help me out.

Everything I've tried so far is in the forum post I linked to.
The only thing I did differently was to uninstall MCAfee (which I believe had become damaged) and install AVG free / Zonealarm instead.




Problems:


Internet browsers crash randomly, sometimes very often, sometimes hardly ever
Malwarebytes and AVG free will not update automatically
No problems will launch on the taskbar at startup, including Zonealarm (AVG resident shield still works)
Computer goes extremely slowly when connected to the internet.


Here's my latest log:

====================================


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:48:50, on 06/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [McAfee Update] C:\DOCUME~1\Seb\LOCALS~1\Temp\mcupdate_1240736668.exe /insfin C:\DOCUME~1\Seb\LOCALS~1\Temp\mcupdate_1240736668.ini /syncfin
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: $McRebootA5E6DEAA56$.lnk = C:\WINDOWS\system32\cmd.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: SWF Capture tool - C:\Program Files\Eltima Software\Flash Decompiler\iebt.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
O11 - Options group: [JAVA_IBM] Java (IBM)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8015 bytes

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:59 AM

Posted 07 May 2009 - 04:52 AM

Hi Celsus,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.

I see from the log you are using a registry cleaner. It is even set to run at start up. Here at BC we do not recommend using registry cleaners as it might irreversibly damage your computer.
  • Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [McAfee Update] C:\DOCUME~1\Seb\LOCALS~1\Temp\mcupdate_1240736668.exe /insfin C:\DOCUME~1\Seb\LOCALS~1\Temp\mcupdate_1240736668.ini /syncfin
    O4 - Global Startup: $McRebootA5E6DEAA56$.lnk = C:\WINDOWS\system32\cmd.exe


    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

  • You have still some leftovers from an incomplete uninstalled McAfee AntiVirus on your computer.
    To remove McAfee AntiVirus I recommend you to use McAfee Consumer Product Removal tool (MCPR.exe).

    For download and instruction to use McAfee Consumer Product Removal tool click on majorgeeks.com

  • Optional:Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

    http://www.clickz.com/news/article.php/3561546

    I suggest you uninstall the following program via Add or Remove Programs if your are using it:

    Viewpoint, Viewpoint Manager, Viewpoint Media Player.

    If you uninstalled it also remove the folder in bold: C:\Program Files\Viewpoint

  • This is just a test. Go to Start => Run => type cmd and click OK. If a black command window opens close it and tell me about it.

  • To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Set the list of files/folders created to 3 Months and click Continue at the disclaimer screen.
    • Once it has finished, two logs will open.
    • log.txt (<<will be maximized)
    • info.txt (<<will be minimized).
  • Please copy and paste the content of just log.txt to your reply. No need for info.txt

    Note 1: If you have difficulty finding the log, the logs is in this folder: C:\rsit

    Note 2: The tool takes not more than one minute to scan the system.

You might want to save this page on your favorites, so you can find it again when you return.

#5 Celsus

Celsus
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:59 AM

Posted 07 May 2009 - 09:16 AM

Hello farbar! Thank you for responding to my query. I have followed your instructions.


When I try to run "cmd" the screen resets, and the icons on the taskbar reload. Nothing else happens, and no window opens.


Here is the log.txt file from RSIT:


====================================



Logfile of random's system information tool 1.06 (written by random/random)
Run by Seb at 2009-05-07 15:04:03
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 1 GB (4%) free of 34 GB
Total RAM: 502 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:04:28, on 07/05/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Seb\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Seb.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [VoipStunt] "C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: SWF Capture tool - C:\Program Files\Eltima Software\Flash Decompiler\iebt.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)
O11 - Options group: [JAVA_IBM] Java (IBM)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7477 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Norton Security Online - Run Full System Scan - Seb.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
AOLSearchHook Class - C:\Program Files\AIM Search\AOLSearch.dll [2008-06-06 111968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-09-02 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
ST - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
MSNToolBandBHO - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll [2006-01-17 282624]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"=C:\WINDOWS\system32\S3Tray2.exe [2001-10-12 69632]
"TrackPointSrv"=C:\WINDOWS\system32\tp4serv.exe [2003-11-13 94208]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-07-30 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-07-30 118784]
"TP4EX"=C:\WINDOWS\system32\tp4ex.exe [2002-09-04 53248]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2003-12-25 208896]
"UC_Start"=C:\Program Files\IBM\Updater\\ucstartup.exe [2004-06-25 36864]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-09-02 127035]
"QCWLICON"=C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE [2005-03-18 86016]
"BMMGAG"=RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor []
"BMMLREF"=C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE [2004-07-29 20480]
"BMMMONWND"=C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll [2004-07-29 395776]
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2004-02-05 897024]
"TPHOTKEY"=C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe [2005-03-04 94208]
"IBMPRC"=C:\IBMTOOLS\UTILS\ibmprc.exe [2004-03-19 90112]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-10-11 180269]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-16 981384]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-04-29 1932568]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\CTFMON.EXE [2008-04-14 15360]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
"VoipStunt"=C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe -nosplash -minimized []
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-03-27 24103720]
"FreeRAM XP"=C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe [2006-03-23 1591808]
"Uniblue RegistryBooster 2009"=C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2007-04-03 165784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages]
C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe [2004-07-22 442368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-02-01 385024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
C:\WINDOWS\vsnpstd3.exe [2006-09-18 843776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-10-11 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
C:\WINDOWS\tsnpstd3.exe [2007-03-30 262144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UC_SMB]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipStunt]
C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe -nosplash -minimized []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"S24EventMonitor"=2
"RegSrvc"=2
"EvtEng"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-04-29 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-07-30 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\QConGina]
C:\WINDOWS\system32\QConGina.dll [2005-03-18 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\WINDOWS\system32\tphklock.dll [2004-08-13 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=pwdmon
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%ProgramFiles%\IBM\Updater\jre\bin\javaw.exe"="%ProgramFiles%\IBM\Updater\jre\bin\javaw.exe:*:enabled:Java launcher"
"%ProgramFiles%\IBM\Updater\jre\bin\java.exe"="%ProgramFiles%\IBM\Updater\jre\bin\java.exe:*:enabled:Java launcher"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IBM\Updater\jre\bin\java.exe"="C:\Program Files\IBM\Updater\jre\bin\java.exe:*:Enabled:Java launcher "
"C:\Program Files\IBM\Updater\jre\bin\javaw.exe"="C:\Program Files\IBM\Updater\jre\bin\javaw.exe:*:Enabled:Java launcher "
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe"="C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe:*:Enabled:VoipStunt"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%ProgramFiles%\IBM\Updater\jre\bin\javaw.exe"="%ProgramFiles%\IBM\Updater\jre\bin\javaw.exe:*:enabled:Java launcher"
"%ProgramFiles%\IBM\Updater\jre\bin\java.exe"="%ProgramFiles%\IBM\Updater\jre\bin\java.exe:*:enabled:Java launcher"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IBM\Updater\jre\bin\java.exe"="C:\Program Files\IBM\Updater\jre\bin\java.exe:*:Enabled:Java launcher "
"C:\Program Files\IBM\Updater\jre\bin\javaw.exe"="C:\Program Files\IBM\Updater\jre\bin\javaw.exe:*:Enabled:Java launcher "
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-05-07 15:04:03 ----D---- C:\rsit
2009-04-29 16:14:49 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-04-29 16:14:18 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-04-27 19:22:10 ----HD---- C:\$AVG8.VAULT$
2009-04-27 11:24:56 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-04-27 11:24:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-04-26 21:50:01 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-04-26 18:54:45 ----D---- C:\Games
2009-04-26 14:37:04 ----D---- C:\WINDOWS\Prefetch
2009-04-26 13:47:47 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-04-26 13:47:20 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
2009-04-26 13:47:01 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-26 13:46:33 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-04-26 13:46:21 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-26 13:46:04 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-04-26 13:45:51 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-04-26 13:45:37 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-26 13:45:24 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-04-26 13:45:09 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-04-26 13:44:57 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-04-26 13:44:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-04-26 13:44:14 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-04-26 13:44:01 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-04-26 13:43:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-04-26 13:43:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-04-26 13:43:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-04-26 13:42:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-26 13:42:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2009-04-26 13:41:55 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-04-26 13:41:40 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-04-26 13:41:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-04-26 13:41:06 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2009-04-26 13:40:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-04-26 13:40:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-04-26 13:40:26 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-26 13:40:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-04-26 13:39:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-04-26 13:39:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-04-26 13:39:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2009-04-26 13:39:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-04-26 13:39:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-04-26 13:38:47 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-04-26 13:38:30 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2009-04-26 13:38:18 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-04-26 13:38:08 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-04-26 13:37:54 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-26 13:30:04 ----D---- C:\WINDOWS\system32\scripting
2009-04-26 13:29:54 ----D---- C:\WINDOWS\l2schemas
2009-04-26 13:29:52 ----D---- C:\WINDOWS\system32\en
2009-04-26 13:29:49 ----D---- C:\WINDOWS\system32\bits
2009-04-26 13:19:56 ----D---- C:\WINDOWS\ServicePackFiles
2009-04-26 13:13:05 ----D---- C:\WINDOWS\network diagnostic
2009-04-26 13:04:05 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-04-26 10:20:02 ----A---- C:\WINDOWS\system32\vsregexp.dll
2009-04-26 10:19:53 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2009-04-26 10:19:53 ----A---- C:\WINDOWS\system32\zlcomm.dll
2009-04-26 10:19:32 ----A---- C:\WINDOWS\system32\vswmi.dll
2009-04-26 10:19:28 ----A---- C:\WINDOWS\system32\zpeng25.dll
2009-04-26 10:19:28 ----A---- C:\WINDOWS\system32\vsxml.dll
2009-04-26 10:19:27 ----D---- C:\WINDOWS\system32\ZoneLabs
2009-04-26 10:19:27 ----D---- C:\Program Files\Zone Labs
2009-04-26 10:19:27 ----A---- C:\WINDOWS\system32\vspubapi.dll
2009-04-26 10:19:26 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2009-04-26 10:17:48 ----A---- C:\WINDOWS\system32\vsdata.dll
2009-04-26 10:17:47 ----A---- C:\WINDOWS\system32\vsutil.dll
2009-04-26 10:17:47 ----A---- C:\WINDOWS\system32\vsinit.dll
2009-04-26 10:11:04 ----D---- C:\Program Files\AVG
2009-04-24 08:12:03 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-04-24 08:11:15 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-04-24 08:09:49 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-04-24 08:09:49 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-04-24 08:08:46 ----N---- C:\WINDOWS\system32\setupn.exe
2009-04-24 08:08:25 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-04-24 08:08:18 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-04-24 08:08:15 ----N---- C:\WINDOWS\system32\qutil.dll
2009-04-24 08:08:11 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-04-24 08:08:11 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-04-24 08:08:11 ----N---- C:\WINDOWS\system32\qagent.dll
2009-04-24 08:07:54 ----N---- C:\WINDOWS\system32\onex.dll
2009-04-24 08:07:11 ----N---- C:\WINDOWS\system32\napstat.exe
2009-04-24 08:07:11 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-04-24 08:07:11 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-04-24 08:06:57 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-04-24 08:06:57 ----N---- C:\WINDOWS\system32\mssha.dll
2009-04-24 08:05:36 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-04-24 08:05:35 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-04-24 08:05:35 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-04-24 08:05:34 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-04-24 08:04:35 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-04-24 08:04:31 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-04-24 08:04:26 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-04-24 08:04:26 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-04-24 08:04:25 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-04-24 08:04:23 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-04-24 08:02:48 ----A---- C:\WINDOWS\003093_.tmp
2009-04-24 08:02:28 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-04-24 08:02:28 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-04-24 08:02:27 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-04-24 08:02:27 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-04-24 08:02:27 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-04-24 08:02:26 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-04-24 08:02:26 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-04-24 08:02:25 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-04-24 08:02:03 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-04-24 08:02:02 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-04-24 08:02:02 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-04-24 08:02:02 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-04-24 08:02:01 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-04-24 08:02:01 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-04-24 08:02:01 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-04-24 08:01:50 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-04-24 08:01:50 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-04-24 08:01:46 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-04-24 08:01:27 ----N---- C:\WINDOWS\system32\credssp.dll
2009-04-24 08:00:47 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-04-24 08:00:44 ----N---- C:\WINDOWS\system32\azroles.dll
2009-04-24 07:59:49 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-04-23 10:59:26 ----D---- C:\Program Files\Trend Micro
2009-04-22 20:19:24 ----D---- C:\Program Files\Cobian Backup 8
2009-04-22 14:38:36 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-20 17:47:08 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-20 17:46:44 ----D---- C:\Program Files\SUPERAntiSpyware
2009-04-20 17:46:44 ----D---- C:\Documents and Settings\Seb\Application Data\SUPERAntiSpyware.com
2009-04-20 13:39:04 ----D---- C:\Documents and Settings\Seb\Application Data\Malwarebytes
2009-04-20 13:38:44 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-20 13:38:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-20 11:12:21 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2009-04-20 11:11:48 ----HDC---- C:\WINDOWS\$NtUninstallKB961373_0$
2009-04-20 11:10:40 ----HDC---- C:\WINDOWS\$NtUninstallKB961118_0$
2009-04-20 11:02:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2009-04-20 11:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-04-20 11:00:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2009-04-20 10:59:52 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2009-04-20 10:58:52 ----HDC---- C:\WINDOWS\$NtUninstallKB963027_0$
2009-04-20 10:58:02 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2009-04-20 09:42:58 ----D---- C:\Program Files\CleanUp!
2009-04-20 09:41:31 ----D---- C:\Program Files\a-squared Free
2009-04-20 08:57:51 ----D---- C:\Documents and Settings\Seb\Application Data\Uniblue
2009-04-20 08:38:41 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-19 15:00:28 ----D---- C:\Program Files\YourWare Solutions
2009-04-07 11:21:03 ----D---- C:\WINDOWS\system32\XPSViewer
2009-04-07 11:20:47 ----D---- C:\Program Files\MSBuild
2009-04-07 11:20:39 ----D---- C:\WINDOWS\system32\en-US
2009-04-07 11:20:24 ----D---- C:\Program Files\Reference Assemblies
2009-04-07 11:18:53 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-04-07 11:18:52 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-04-07 11:18:52 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-04-07 11:01:44 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2009-04-07 11:01:19 ----D---- C:\Program Files\MSXML 6.0
2009-04-07 10:59:05 ----D---- C:\Program Files\Wizards of the Coast
2009-04-01 20:59:22 ----D---- C:\Documents and Settings\Seb\Application Data\Skype
2009-04-01 20:57:27 ----RD---- C:\Program Files\Skype
2009-04-01 20:56:20 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-03-27 12:32:27 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-03-27 12:31:57 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2009-03-27 12:31:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958690_0$
2009-03-23 23:07:06 ----D---- C:\WINDOWS\GAMES
2009-03-23 21:03:21 ----A---- C:\WINDOWS\KNP.INI
2009-03-23 00:21:16 ----D---- C:\Program Files\SUZ2
2009-03-16 11:42:14 ----D---- C:\Program Files\Driving Test Success - All Tests (2007-2008)
2009-03-16 11:42:14 ----D---- C:\Documents and Settings\All Users\Application Data\Driving Test Success
2009-03-15 02:15:16 ----D---- C:\Documents and Settings\Seb\Application Data\Broad Intelligence
2009-03-15 02:14:38 ----D---- C:\Program Files\MediaCoder
2009-03-15 01:55:46 ----D---- C:\Program Files\Theorica Divx ;-) Codecs
2009-03-15 01:54:07 ----A---- C:\WINDOWS\huffyuv.ini
2009-03-15 01:50:30 ----D---- C:\Documents and Settings\Seb\Application Data\DivX
2009-03-12 11:10:20 ----D---- C:\Program Files\Samson
2009-03-11 20:05:27 ----D---- C:\Program Files\Western Digital
2009-03-11 09:22:09 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-03-11 09:21:34 ----HDC---- C:\WINDOWS\$NtUninstallKB958215_0$
2009-03-11 09:21:10 ----HDC---- C:\WINDOWS\$NtUninstallKB960714_0$
2009-03-11 09:21:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-03-11 09:20:52 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2009-03-11 09:20:43 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-03-11 09:20:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-03-11 09:20:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2009-03-11 09:20:12 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2009-03-11 09:19:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2009-02-13 19:16:41 ----D---- C:\Fraps

======List of files/folders modified in the last 3 months======

2009-05-07 15:02:59 ----D---- C:\WINDOWS\Temp
2009-05-07 15:01:54 ----D---- C:\WINDOWS\Internet Logs
2009-05-07 15:00:48 ----D---- C:\Program Files\Mozilla Firefox
2009-05-07 14:56:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-07 14:53:42 ----SD---- C:\WINDOWS\Tasks
2009-05-07 14:51:53 ----D---- C:\WINDOWS\system32
2009-05-07 14:49:51 ----RD---- C:\Program Files
2009-05-07 14:49:51 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-05-06 11:51:27 ----D---- C:\WINDOWS
2009-05-06 11:25:09 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-05-05 00:16:52 ----A---- C:\WINDOWS\system.ini
2009-04-30 14:52:03 ----SHD---- C:\WINDOWS\Installer
2009-04-30 14:52:02 ----D---- C:\Config.Msi
2009-04-29 16:14:49 ----D---- C:\WINDOWS\system32\drivers
2009-04-27 11:25:02 ----HD---- C:\WINDOWS\inf
2009-04-27 11:24:59 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-04-27 11:24:43 ----A---- C:\WINDOWS\imsins.BAK
2009-04-27 07:38:16 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-26 21:50:03 ----D---- C:\WINDOWS\WinSxS
2009-04-26 14:40:23 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-26 14:39:54 ----AC---- C:\WINDOWS\OEWABLog.txt
2009-04-26 14:38:08 ----AC---- C:\WINDOWS\setuplog.txt
2009-04-26 14:35:42 ----D---- C:\WINDOWS\system32\Setup
2009-04-26 14:35:42 ----D---- C:\WINDOWS\AppPatch
2009-04-26 14:35:41 ----D---- C:\WINDOWS\system32\wbem
2009-04-26 14:35:40 ----RSD---- C:\WINDOWS\Fonts
2009-04-26 13:49:32 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-26 13:43:28 ----D---- C:\WINDOWS\security
2009-04-26 13:38:21 ----D---- C:\Program Files\Messenger
2009-04-26 13:30:51 ----D---- C:\WINDOWS\ime
2009-04-26 13:30:51 ----D---- C:\WINDOWS\Help
2009-04-26 13:30:06 ----D---- C:\WINDOWS\system32\usmt
2009-04-26 13:29:54 ----D---- C:\Program Files\Internet Explorer
2009-04-26 13:29:48 ----D---- C:\WINDOWS\peernet
2009-04-26 13:29:48 ----D---- C:\Program Files\Movie Maker
2009-04-26 13:19:37 ----D---- C:\WINDOWS\system32\Restore
2009-04-26 13:19:36 ----D---- C:\WINDOWS\system32\npp
2009-04-26 13:19:33 ----D---- C:\WINDOWS\msagent
2009-04-26 13:19:26 ----D---- C:\WINDOWS\srchasst
2009-04-26 13:19:12 ----D---- C:\Program Files\NetMeeting
2009-04-26 13:19:07 ----D---- C:\WINDOWS\system32\Com
2009-04-26 13:18:59 ----D---- C:\Program Files\Windows Media Player
2009-04-26 13:18:55 ----D---- C:\Program Files\Windows NT
2009-04-26 13:18:54 ----D---- C:\Program Files\Outlook Express
2009-04-26 13:18:42 ----D---- C:\Program Files\Common Files\System
2009-04-26 13:17:45 ----AD---- C:\WINDOWS\system32\oobe
2009-04-26 13:17:38 ----D---- C:\WINDOWS\system
2009-04-26 13:10:28 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-04-26 13:04:01 ----D---- C:\WINDOWS\EHome
2009-04-26 10:10:48 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-04-22 22:27:38 ----AC---- C:\WINDOWS\ntbtlog.txt
2009-04-22 14:43:21 ----RD---- C:\WINDOWS\Web
2009-04-21 07:29:13 ----SHD---- C:\RECYCLER
2009-04-21 07:03:21 ----D---- C:\Documents and Settings
2009-04-20 19:04:47 ----D---- C:\Program Files\Common Files
2009-04-20 17:00:46 ----D---- C:\WINDOWS\SoftwareDistribution
2009-04-20 12:33:12 ----SD---- C:\Documents and Settings\Seb\Application Data\Microsoft
2009-04-20 09:46:24 ----D---- C:\WINDOWS\system32\NtmsData
2009-04-20 09:46:21 ----D---- C:\WINDOWS\repair
2009-04-20 09:44:03 ----D---- C:\tmp
2009-04-19 22:25:31 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-11 10:35:26 ----A---- C:\WINDOWS\ModemLog_IBM Integrated 56K Modem.txt
2009-04-09 13:24:30 ----D---- C:\Program Files\The Way
2009-04-07 21:25:30 ----D---- C:\WINDOWS\Microsoft.NET
2009-04-07 21:25:27 ----RSD---- C:\WINDOWS\assembly
2009-04-07 11:19:41 ----D---- C:\WINDOWS\system32\spool
2009-04-06 15:57:24 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-01 20:35:25 ----D---- C:\Program Files\Common Files\AOL
2009-03-21 15:06:58 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-03-15 10:00:35 ----D---- C:\Program Files\DivX
2009-03-06 15:22:18 ----A---- C:\WINDOWS\system32\pdh.dll
2009-03-03 00:04:03 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-02-22 15:46:02 ----D---- C:\Program Files\CamStudio
2009-02-20 09:11:01 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-02-20 09:10:59 ----A---- C:\WINDOWS\system32\wininet.dll
2009-02-20 09:10:59 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-02-20 09:10:57 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-02-09 13:10:49 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-02-09 13:10:48 ----A---- C:\WINDOWS\system32\rpcss.dll
2009-02-09 13:10:48 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-02-09 13:10:48 ----A---- C:\WINDOWS\system32\advapi32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2005-03-18 11520]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-04-29 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-04-29 27656]
R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2001-08-18 12160]
R1 IBMTPCHK;IBMTPCHK; C:\WINDOWS\System32\drivers\IBMBLDID.SYS [2005-03-18 2432]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
R1 Smapint;Smapint; C:\WINDOWS\System32\drivers\Smapint.sys [2004-07-29 14848]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 TDSMAPI;TDSMAPI; C:\WINDOWS\System32\drivers\TDSMAPI.SYS [2004-07-29 9341]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\drivers\TPHKDRV.sys [2004-09-07 16370]
R1 TPPWR;TPPWR; C:\WINDOWS\System32\drivers\Tppwr.sys [2004-07-29 16384]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2004-07-15 7168]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-16 353672]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.6.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-09-11 17119]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-07-14 40448]
R2 EGATHDRV;IBM Access Support; \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS []
R2 ibmfilter;ibmfilter; \??\C:\WINDOWS\system32\drivers\ibmfilter.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 PMEM;PMEM; \??\C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS []
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-10-15 11354]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-09-02 25723]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-09-02 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-09-02 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-09-02 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-09-02 86202]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-09-02 14715]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-09-02 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-09-02 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-09-02 100603]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-04-07 116176]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2005-06-29 110080]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-07-22 1041152]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-07-22 197888]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-07-30 724989]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys [2004-02-26 11344]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-06-23 266880]
R3 Tp4Track;IBM PS/2 TrackPoint Driver; C:\WINDOWS\System32\DRIVERS\tp4track.sys [2003-11-13 13904]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2008-01-07 2216064]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-07-22 676096]
S1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys []
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S2 CVPNDRVA;Cisco Systems IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 atr08fmh;atr08fmh; C:\WINDOWS\system32\drivers\atr08fmh.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2005-05-17 5315]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-09-17 145408]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2006-10-02 10345]
S3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2004-08-04 606684]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\System32\DRIVERS\nscirda.sys [2008-04-13 28672]
S3 psadd;IBM PSA Access Driver; \??\C:\WINDOWS\system32\Drivers\psadd.sys []
S3 QCNDISIF;QCNDISIF; C:\WINDOWS\System32\drivers\qcndisif.SYS [2005-03-18 12288]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 S3SSavage;S3SSavage; C:\WINDOWS\System32\DRIVERS\s3ssavm.sys [2001-11-01 95104]
S3 SamsonLLDriver;Samson LL Driver; C:\WINDOWS\System32\Drivers\SamsonLLDriver.sys [2006-12-12 56832]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-04-13 10246144]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SWWDM_multi;Samson Audio (WDM); C:\WINDOWS\system32\drivers\SWAudWDM.sys [2006-12-12 25088]
S3 TwoTrack;IBM PS/2 TrackPoint Filter Driver; C:\WINDOWS\System32\DRIVERS\TwoTrack.sys [2001-08-17 11520]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-04-29 298264]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 IBM Rapid Restore Ultra Service;IBM Rapid Restore Ultra Service; C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe [2004-03-19 339968]
R2 IBMPMSVC;IBM PM Service; C:\WINDOWS\System32\ibmpmsvc.exe [2004-02-26 57344]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-02-25 303104]
R2 QCONSVC;QCONSVC; C:\WINDOWS\System32\QCONSVC.EXE [2005-03-18 77824]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2003-07-12 32768]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-22 38912]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-16 2402184]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PsaSrv;IBM PSA Access Driver Control; C:\WINDOWS\system32\PsaSrv.exe []
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
S4 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe []
S4 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-02-18 86016]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-02-18 139264]
S4 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-02-18 360521]

-----------------EOF-----------------

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:59 AM

Posted 07 May 2009 - 09:55 AM

Thanks for the feedback.
  • We need to go to the registry but I guess the registry editor is also disabled.
    • Go to C:\Windows folder and find regedit.exe then rename it to copy.exe (to do that right-click regedit32.exe and select rename).
    • Double-click copy.exe to run it. The registry editor opens.
    • In the left pane navigate to the following sub-key:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
    • Highlight Drivers32 sub-key and under File menu select Export...
    • Give a name like drivers32 and save the file to the desktop. You get driver32.reg on the desktop.
    • Rename the driver32.reg to driver32.txt then open it and post the content to your reply.
  • Go to Start => Run => copy and paste the following line in the run box and click OK. A log file opens, please post the content of it:

    C:\rsit\info.txt


#7 Celsus

Celsus
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:59 AM

Posted 07 May 2009 - 12:00 PM

1) Driver32.txt:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"="midimap.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.trspch"="tssoft32.acm"
"vidc.cvid"="iccvid.dll"
"vidc.iv31"="ir32_32.dll"
"vidc.iv32"="ir32_32.dll"
"VIDC.IYUV"="iyuv_32.dll"
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"VIDC.UYVY"="msyuv.dll"
"VIDC.YUY2"="msyuv.dll"
"VIDC.YVU9"="iyvu9_32.dll"
"VIDC.YVYU"="msyuv.dll"
"wavemapper"="msacm32.drv"
"msacm.msg723"="msg723.acm"
"vidc.M263"="msh263.drv"
"vidc.M261"="msh261.drv"
"msacm.msaudio1"="msaud32.acm"
"msacm.sl_anet"="sl_anet.acm"
"wave"="wdmaud.drv"
"midi"="wdmaud.drv"
"mixer"="wdmaud.drv"
"msacm.siren"="sirenacm.dll"
"wave1"="wdmaud.drv"
"midi1"="wdmaud.drv"
"mixer1"="wdmaud.drv"
"aux"="wdmaud.drv"
"wave2"="wdmaud.drv"
"midi2"="wdmaud.drv"
"mixer2"="wdmaud.drv"
"aux1"="wdmaud.drv"
"MSVideo8"="VfWWDM32.dll"
"wave3"="wdmaud.drv"
"midi3"="wdmaud.drv"
"mixer3"="wdmaud.drv"
"aux2"="wdmaud.drv"
"wave4"="wdmaud.drv"
"midi4"="wdmaud.drv"
"mixer4"="wdmaud.drv"
"aux3"="wdmaud.drv"
"vidc.iv50"="ir50_32.dll"
"msacm.iac2"="C:\\WINDOWS\\system32\\iac25_32.ax"
"vidc.iv41"="ir41_32.ax"
"vidc.tscc"="tsccvid.dll"
"VIDC.FPS1"="frapsvid.dll"
"wave5"="wdmaud.drv"
"midi5"="wdmaud.drv"
"mixer5"="wdmaud.drv"
"aux4"="wdmaud.drv"
"wave6"="wdmaud.drv"
"midi6"="wdmaud.drv"
"mixer6"="wdmaud.drv"
"VIDC.HFYU"="huffyuv.dll"
"msacm.l3acm"="L3codeca.acm"
"vidc.DIV3"="DivXc32.dll"
"vidc.DIV4"="DivXc32f.dll"
"msacm.divxa32"="DivXa32.acm"
"vidc.mpg4"="mpg4c32.dll"
"vidc.mp42"="mpg4c32.dll"
"vidc.mp43"="mpg4c32.dll"
"vidc.xvid"="xvidvfw.dll"
"vidc.ffds"="ff_vfw.dll"
"vidc.fvfw"="ff_vfw.dll"
"msacm.avis"="ff_acm.acm"
"vidc.i263"="C:\\WINDOWS\\system32\\i263_32.drv"
"vidc.i420"="C:\\WINDOWS\\system32\\i263_32.drv"
"msacm.imc"="C:\\WINDOWS\\system32\\imc32.acm"
"aux5"="C:\\WINDOWS\\system32\\..\\yrmouj.bdy"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP]
"wave"="rdpsnd.dll"
"MaxBandwidth"=dword:000056b9
"wavemapper"="msacm32.drv"
"EnableMP3Codec"=dword:00000001
"midimapper"="midimap.dll"


===============================

2) C:\rsit\info.txt

info.txt logfile of random's system information tool 1.06 2009-05-07 15:04:34

======Uninstall list======

“u”E?O?`??“V?O?O“u?{?“?o?[?`-->C:\WINDOWS\IsUn0411.exe -f"c:\documents and settings\seb\desktop\cn\Game\Uninst.isu"
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.EXE" -l0x9 ControlPanelAnyText
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.EXE" -l0x9 ControlPanel
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.42-->"C:\Program Files\7-Zip\Uninstall.exe"
Access IBM Message Center-->MsiExec.exe /X{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5}
Access IBM-->MsiExec.exe /X{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Advanced MP3/WMA Recorder 5.6-->C:\PROGRA~1\XAUDIO~1\ADVANC~1\UNWISE.EXE C:\PROGRA~1\XAUDIO~1\ADVANC~1\INSTALL.LOG
Advanced MP3/WMA Recorder-->C:\PROGRA~1\XAUDIO~1\ADVANC~1\UNWISE.EXE C:\PROGRA~1\XAUDIO~1\ADVANC~1\INSTALL.LOG
Advanced WMA Workshop version 2.1-->"C:\Program Files\LitexMedia\Advanced WMA Workshop\unins000.exe"
AIM Search-->C:\Program Files\AIM Search\uninstaller.exe AIM Search
AIM Toolbar 5.0-->"C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Audacity 1.2.4-->"C:\Program Files\Audacity\unins000.exe"
Audacity Recovery Utility-->"C:\Program Files\Audacity Recovery Utility\unins000.exe"
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AviTricks Pro version 3.10-->"C:\Program Files\Bobyte\AviTricks Pro\unins000.exe"
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CamStudio-->C:\Program Files\CamStudio\uninstall.exe
Character Builder-->MsiExec.exe /I{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}
Citrix ICA Client-->C:\WINDOWS\ISUNINST.EXE -fC:\PROGRA~1\Citrix\ICACLI~1\Uninst.isu -cC:\PROGRA~1\Citrix\ICACLI~1\uninstpn.dll
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
Cobian Backup 8-->C:\Program Files\Cobian Backup 8\cbUninstall.exe
Core FTP LE 1.3c-->C:\PROGRA~1\CoreFTP\UNWISE.EXE C:\PROGRA~1\CoreFTP\INSTALL.LOG
Democracy 2-->"C:\Program Files\Democracy2\unins000.exe"
Driving Test Success - All Tests (2007-2008)-->"C:\Program Files\Driving Test Success - All Tests (2007-2008)\unins000.exe"
elementaler-->C:\WINDOWS\eiunin21.exe "C:\Program Files\elementaler\install.DAT"
ffdshow [rev 2033] [2008-07-05]-->"C:\Program Files\Theorica Divx ;-) Codecs\unins000.exe"
Flash Decompiler-->"C:\Program Files\Eltima Software\Flash Decompiler\unins000.exe"
FoxyTunes for Firefox-->"C:\PROGRA~1\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Gargoyle-->"C:\Program Files\Gargoyle\uninstall.exe"
Google Toolbar for Firefox-->MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Hamachi 0.9.9.9-->C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
IBM 32-bit Runtime Environment for Java 2, v1.4.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6C72E14A-C1F3-45E5-8810-83CE3C19ED63} /l1033
IBM Access Connections-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22B71A00-4DED-11D4-A5E5-0004AC564F43}\SETUP.EXE" -l0x9 anything
IBM DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
IBM Integrated 56K Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014\HXFSETUP.EXE -U -IVEN_8086&DEV_24C6&SUBSYS_05591014 -S -ISFG
IBM RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
IBM Rescue and Recovery with Rapid Restore-->MsiExec.exe /X{11783F13-C3A9-44A8-929B-21A476F65272}
IBM Themes-->MsiExec.exe /I{6CE96A14-61E2-48CC-837E-22710A953ADE}
IBM ThinkPad Battery MaxiMiser and Power Management Features-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\Unbmm.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsbmm.dll"
IBM ThinkPad Configuration-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNTPUW.ISU -c"C:\Program Files\ThinkPad\Utilities\Tpinswin.dll"
IBM ThinkPad EasyEject Utility -->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\Unezej.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsej.dll"
IBM ThinkPad Keyboard Customizer Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\SETUP.EXE" -l0x9 anything
IBM ThinkPad Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
IBM ThinkPad Presentation Director-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNNPDR.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsnpd.dll"
IBM ThinkVantage Technologies Welcome Message-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\SETUP.EXE" -l0x9 anything
IBM TrackPoint Accessibility Features-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\SETUP.EXE"
IBM TrackPoint Support-->C:\WINDOWS\System32\tp4unins.exe
IBM Update Connector-->MsiExec.exe /X{8D815BF3-2399-459C-B121-49373FEFB9E8}
Immortal Defense 1.0-->C:\Program Files\Immortal Defense\uninst.exe
Indeoョ XP Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\UninstXP.isu"
Inform 7-->"C:\Program Files\Inform 7\Uninstall.exe"
Intel® Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD Creator-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iScrobbler-->C:\Program Files\iTunes\UninstalliScrobble.exe
iTunes-->MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Lexmark Z600 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBCUN5C.EXE -dLexmark Z600 Series
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Manga Viewer-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\MangaViewer\ST6UNST.LOG"
MatrixEngine-->"C:\Program Files\MatrixEngine 1.0\UNINST\UNINST.EXE" /UNINSTALL
mCore-->MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver-->MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
MediaCoder 0.6.2-->C:\Program Files\MediaCoder\uninst.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Speech API 3.0-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\spchapi.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC-->"C:\Program Files\mIRC\mirc.exe" -uninstall
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSN Toolbar-->C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\mtbs.exe c
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
MusicIP Mixer 1.6-->"C:\Program Files\MusicIP\MusicIP Mixer\unins000.exe"
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
myTunes Redux 1.0-->"C:\Program Files\myTunes Redux\unins000.exe"
QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RGSS-RTP Standard-->MsiExec.exe /I{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}
RPG Maker VX RTP-->"C:\Program Files\Common Files\Enterbrain\RGSS2\RPGVX\unins000.exe"
RPGXP-->MsiExec.exe /I{9B34CAC6-738F-4A20-B428-A115C3E3474C}
RPGツクール2003 ランタイムパッケージ-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0044AEC7-8924-4FB1-B4F7-FD14A5FEA9E4}\setup.exe"
RTP for RM2K (Png, Wav, Midi, Fonts)-->C:\WINDOWS\UnGins.exe "C:\Program Files\ASCII\RPG2000\RTP\install.log"
Samson SoftPre-->MsiExec.exe /I{AC042F3D-DAAD-4F76-B857-396EF81AB197}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
SHOUTcast Source DSP 1.9.0 (remove only)-->C:\Program Files\Winamp\uninst-dsp.exe
Skype? 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
The Way - Episode 1-->C:\Program Files\The Way\Episode1\Uninstal.exe
The Way - Episode 2-->C:\Program Files\The Way\Episode2\Uninstal.exe
The Way - Episode 3-->C:\Documents and Settings\Seb\Desktop\WAYTEST\Uninstal.exe
The Way - Episode 4-->C:\Program Files\The Way\Episode4\Uninstal.exe
The Way - Episode 5-->C:\Program Files\The Way\Episode5\Uninstal.exe
The Way - Episode 6-->C:\Program Files\The Way\Episode6\Uninstal.exe
Theorica Divx ;-) Codecs (remove only)-->C:\Program Files\Theorica Divx ;-) Codecs\Uninstall.exe
ThinkPad FullScreen Magnifier-->RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.inf
ThinkPad Software Installer-->_tpiu000.exe /U
Tombs of Asciiroth-->msiexec /qb /x {D9D5EE0B-D6B5-B2C3-10B0-36FEF9231EC9}
Tombs of Asciiroth-->MsiExec.exe /I{D9D5EE0B-D6B5-B2C3-10B0-36FEF9231EC9}
Tower of the Sorcerer Ver1.2-->"C:\WINDOWS\UNISTB32.EXE" /U "C:\Program Files\Tower of the Sorcerer\UNINST0.000" "C:\Program Files\Tower of the Sorcerer\UNINST1.000"
Unity Web Player-->C:\Program Files\Unity\WebPlayer\Uninstall.exe
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
USB PC Camera Plus-->C:\Program Files\InstallShield Installation Information\{ECD03DA7-5952-406A-8156-5F0C93618D1F}\setup.exe -runfromtemp -l0x0011 -removeonly
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VirtualDub Filter Pack 1.1-->"C:\Documents and Settings\Seb\Desktop\VirtualDub-1.8.5\plugins\VD Filter Pack\unins000.exe"
VPN Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\Setup.exe" -l0x9 VpnUninstall
VST Bridge 1.1-->"C:\Program Files\Audacity\Plug-ins\VST Bridge\unins000.exe"
Wallpapers-->MsiExec.exe /I{F386C340-DF4B-4BBA-9503-420FB7EDB395}
Windows Driver Package - Intel (NETw5x32) net (08/28/2008 12.1.0.14)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst32.exe /u C:\WINDOWS\system32\DRVSTORE\netw5x32_A2787A7661B81CFFC60B376B997E67D251A8A660\netw5x32.inf
Windows Driver Package - Intel (w29n51) net (12/19/2007 9.0.4.39)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst32.exe /u C:\WINDOWS\system32\DRVSTORE\w29n51_AEF466EE116FDF742A02BFF75E6143DB4A91003C\w29n51.inf
Windows Frotz-->"C:\Program Files\Windows Frotz\Uninstall.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinSCP 3.8 beta-->"C:\Program Files\WinSCP3\unins000.exe"
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

=====HijackThis Backups=====

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) [2009-05-07]
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u [2009-05-07]
O4 - Global Startup: $McRebootA5E6DEAA56$.lnk = C:\WINDOWS\system32\cmd.exe [2009-05-07]
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2009-05-07]
O4 - HKCU\..\Run: [McAfee Update] C:\DOCUME~1\Seb\LOCALS~1\Temp\mcupdate_1240736668.exe /insfin C:\DOCUME~1\Seb\LOCALS~1\Temp\mcupdate_1240736668.ini /syncfin [2009-05-07]

======Security center information======

AV: AVG Anti-Virus Free (outdated)
FW: ZoneAlarm Firewall

======System event log======

Computer Name: SEBONTHEMOVE
Event Code: 10010
Message: The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register with DCOM within the required timeout.

Record Number: 82982
Source Name: DCOM
Time Written: 20090423122208.000000+060
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: SEBONTHEMOVE
Event Code: 10010
Message: The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register with DCOM within the required timeout.

Record Number: 82981
Source Name: DCOM
Time Written: 20090423122126.000000+060
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: SEBONTHEMOVE
Event Code: 10010
Message: The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register with DCOM within the required timeout.

Record Number: 82980
Source Name: DCOM
Time Written: 20090423122045.000000+060
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: SEBONTHEMOVE
Event Code: 10010
Message: The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register with DCOM within the required timeout.

Record Number: 82979
Source Name: DCOM
Time Written: 20090423122004.000000+060
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: SEBONTHEMOVE
Event Code: 10010
Message: The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register with DCOM within the required timeout.

Record Number: 82978
Source Name: DCOM
Time Written: 20090423121923.000000+060
Event Type: error
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: SEBONTHEMOVE
Event Code: 5051
Message:
Record Number: 18818
Source Name: McLogEvent
Time Written: 20081224210138.000000+000
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: SEBONTHEMOVE
Event Code: 1002
Message: Hanging application VoipStunt.exe, version 4.2.487.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 18790
Source Name: Application Hang
Time Written: 20081222082143.000000+000
Event Type: error
User:

Computer Name: SEBONTHEMOVE
Event Code: 1002
Message: Hanging application VoipStunt.exe, version 4.2.487.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 18743
Source Name: Application Hang
Time Written: 20081218155124.000000+000
Event Type: error
User:

Computer Name: SEBONTHEMOVE
Event Code: 1517
Message: Windows saved user SEBONTHEMOVE\Seb registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 18739
Source Name: Userenv
Time Written: 20081218154746.000000+000
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: SEBONTHEMOVE
Event Code: 1517
Message: Windows saved user SEBONTHEMOVE\Seb registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 18709
Source Name: Userenv
Time Written: 20081218153555.000000+000
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\PROGRAM FILES\THINKPAD\UTILITIES;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\Wireless\Bin\;C:\WINDOWS\Downloaded Program Files;%SystemDrive%\IBMTOOLS\Python22;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.pyo;.pyc;.py;.pyw
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"RRU"=C:\Program Files\IBM\IBM Rapid Restore Ultra\
"PYTHONPATH"=%SystemDrive%\IBMTOOLS\utils\support;%SystemDrive%\IBMTOOLS\utils\logger
"IBMSHARE"=%SystemDrive%\IBMSHARE
"TCL_LIBRARY"=%SystemDrive%\IBMTOOLS\Python22\tcl\tcl8.4
"TK_LIBRARY"=%SystemDrive%\IBMTOOLS\Python22\tcl\tk8.4
"PYTHONCASEOK"=1
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"tvdumpflags"=8

-----------------EOF-----------------

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:59 AM

Posted 07 May 2009 - 12:31 PM

We need to go to the registry again.
  • Double-click copy.exe to run it. The registry editor opens.
  • In the left pane navigate to the following sub-key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32


  • Highlight Drivers32 sub-key. In the right pane under Name there is a value named aux5 right-click on it and select Delete
  • Confirm the deletion and close the registry editor.
  • Reboot your computer and delete the following file: C:\WINDOWS\yrmouj.bdy
  • Tell me if the problem is resolved.

    Note: If you could not find the file make sure you can see all the hidden and system files. Instructions on how to do this can be found here:
    How to see hidden files in Windows


#9 Celsus

Celsus
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:59 AM

Posted 07 May 2009 - 02:05 PM

You are brilliant! That solved the problem. All the correct programs load at startup, I can update AVG and Malwarebytes, cmd works correctly, and so does the internet.

Can I ask what sort of problem this was, and how it managed to compromise my computer? (I wouldn't want it to happen again...)


Many many thanks again,


Celsus

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:59 AM

Posted 07 May 2009 - 02:31 PM

You are most welcome Celsus.

This was Win32/Daonol Trojan. I might come form injected malicious codes to some sites or a vulnerability in old versions of Adobe Acrobat. I don't know exactly.
  • Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
    • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
    • Look for "Java Runtime Environment (JRE)" JRE 6 Update 13.
    • Click the Download button to the right.
    • Select your Platform: "Windows".
    • Select your Language: "Multi-language".
    • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Click Continue and the page will refresh.
    • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.
    -- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
    -- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
    -- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


    Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

  • First Set a New Restore Point then Remove the Old Restore Points to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

    To set a new restore point:
    • Go to Start > Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    To remove the old restore points:
    • Go to Start > Run then type: Cleanmgr in the box and click "OK".
    • You get a window to select the drive to clean, the default is already set to (C:) drive. Click OK.
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
    • Click OK and Yes.
Optional Recommendations:
  • Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office.
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC.

    I recommend updating to Internet explorer 7 as it has more functionality and is much safer.

    You can update by going to start > All Programs > Windows update > click on Custom button.

  • I recommend using Site Advisor for safe surfing. It is a free extension both for Internet Explorer and Firefox. When you search a site it gives you an indication of how safe a site is.

  • Install Javacools© SpywareBlaster
    SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs. What you need is updating it once in 2-3 weeks and enabling the restriction. You can find more information and a download link.

  • The rule of thumb: One AntiVirus with real-time protection, one firewall (other than Windows firewall) an one antispyware with real-time protection. Any additional anti-malware shouldn't be running. You might have two or three antispyware but they should not be running at the same time and should be set not to start with windows.
Happy Surfing!

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:59 AM

Posted 09 May 2009 - 07:14 AM

This thread will now be closed.

If you need this topic reopened, please send me a PM and I will reopen it for you. Include the address of this thread in your request.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users