Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Virus/Trojan (log)


  • This topic is locked This topic is locked
14 replies to this topic

#1 tonyprime

tonyprime

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 27 April 2009 - 11:37 AM

I've been trying to get rid of these but i cant manage to get rid of them... i dont know what to do... my antivirus wont fix it

then my windows update turns off as well as my firewall... it never did that until the virus/trojan

i appreciate it if you take a look at this log and help me with this problem

thanks in advanced

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:57 AM, on 4/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\Tony\LOCALS~1\Temp\3385836248.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: (no name) - {ab8f3b73-b390-4144-a26a-c7e907647c20} - C:\WINDOWS\system32\yutobayu.dll
O2 - BHO: C:\WINDOWS\system32\yhs783ijfo3fe.dll - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\yhs783ijfo3fe.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Vniyune] rundll32.exe "C:\WINDOWS\iloxebuxe.dll",e
O4 - HKLM\..\Run: [CPMbfc8f329] Rundll32.exe "c:\windows\system32\sagenumi.dll",a
O4 - HKLM\..\Run: [bcfbc0b5] rundll32.exe "C:\WINDOWS\system32\sapamujo.dll",b
O4 - HKLM\..\Run: [nogulejasi] Rundll32.exe "C:\WINDOWS\system32\siruboma.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\Tony\LOCALS~1\Temp\3385836248.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\mmt8x4s.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\mmt8x4s.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u1...=javadl.sun.com
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\romabotu.dll c:\windows\system32\sagenumi.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: ljJBsron - ljJBsron.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sagenumi.dll
O22 - SharedTaskScheduler: jso8joigm409gopgmrlgd - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\yhs783ijfo3fe.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sagenumi.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: npkcmsvc - Unknown owner - C:\Program Files\Wizet\MapleStory\npkcmsvc.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 11416 bytes

BC AdBot (Login to Remove)

 


#2 tonyprime

tonyprime
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 27 April 2009 - 08:52 PM

if i need to do something else please tell me

#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 28 April 2009 - 03:35 AM

Hello, my name is fenzodahl512 and welcome to Bleeping Computer.. Please do the following....



Please download The Comedian.exe to your desktop
  • Double click the program to run it. It will only take around several minutes to run.
  • It will do a series of tasks and tell you when each one is finished.
  • You will be prompted to press any key after each step
  • When it is done it will close and exit itself automatically.
  • You can delete The_Comedian.exe once it is finished



NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>
If you see "random" name, just leave it.. If you see "GMER", please rename GMER into GAMERS
  • Open the renamed program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.
IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results



Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 tonyprime

tonyprime
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 28 April 2009 - 11:52 AM

here is the Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware 1.36
Database version: 2054
Windows 5.1.2600 Service Pack 3

4/28/2009 11:42:17 AM
mbam-log-2009-04-28 (11-42-17).txt

Scan type: Full Scan (C:\|)
Objects scanned: 321360
Time elapsed: 34 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 6
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\autochk.dll (Worm.Autorun) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b2ba40a2-74f0-42bd-f434-12345a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2ba40a2-74f0-42bd-f434-12345a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0046e6e (Trojan.Vundo) -> Delete on reboot.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows resurections (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00fe2a38.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Tony\Application Data\pidle (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\autochk.dll (Worm.Autorun) -> Delete on reboot.
C:\Documents and Settings\LocalService\protect.dll (Worm.Autorun) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\mmt8x4s.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\protect.dll (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tony\protect.dll (Worm.Autorun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lmppcsetup.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winglsetup.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0046E6E.dat (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\Temp\arag4qgfgdf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\msb.dll (Worm.Autorun) -> Delete on reboot.
C:\WINDOWS\Temp\_A00FE2A38.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tony\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\win32hlp.cnf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tony\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.


_______________________________


RSIT log/info txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Tony at 2009-04-28 11:45:11
Microsoft Windows XP Professional Service Pack 3
System drive C: has 235 GB (49%) free of 477 GB
Total RAM: 3070 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:16 AM, on 4/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
\?\globalroot\C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tony\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Tony.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOCUME~1\Tony\protect.dll,_IWMPEvents@16
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-18 Startup: ChkDisk.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: ChkDisk.lnk = ? (User 'Default user')
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u1...=javadl.sun.com
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: ljJBsron - ljJBsron.dll (file missing)
O20 - Winlogon Notify: __c0046E6E - C:\WINDOWS\system32\__c0046E6E.dat
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: npkcmsvc - Unknown owner - C:\Program Files\Wizet\MapleStory\npkcmsvc.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 10730 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2006-11-17 77824]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-04-25 1601304]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-01-15 13680640]
"autochk"=C:\WINDOWS\system32\autochk.dll [2009-04-28 24064]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-04-06 401040]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-04-06 1277584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-09-04 81920]
"autochk"=C:\DOCUME~1\Tony\protect.dll [2009-04-28 24064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2007-05-10 624248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-04-24 516440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe [2006-08-01 67112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe /automount []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bcfbc0b5]
C:\WINDOWS\system32\sapamujo.dll,b []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPMbfc8f329]
c:\windows\system32\sagenumi.dll,a []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
C:\PROGRA~1\AIM\\DeadAIM.ocm [2004-02-28 144896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Diagnostic Manager]
C:\DOCUME~1\Tony\LOCALS~1\Temp\727039026.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EADM\Core.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
C:\Program Files\Internet Download Manager\IDMan.exe /onboot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-10-25 2178832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-06-19 570664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nogulejasi]
C:\WINDOWS\system32\siruboma.dll,s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2009-01-15 13680640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-09-04 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2009-01-15 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-10-09 1036288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-06 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vniyune]
C:\WINDOWS\iloxebuxe.dll,e []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2008-09-12 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LOGITE~1.EXE [2009-03-15 66864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Tony^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE []

C:\Documents and Settings\Tony\Start Menu\Programs\Startup
ChkDisk.dll
ChkDisk.lnk - C:\WINDOWS\system32\rundll32.exe
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-04-25 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljJBsron]
ljJBsron.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0046E6E]
C:\WINDOWS\system32\__c0046E6E.dat [1980-08-16 27648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
invcic.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Sierra\FEAR\FEAR.exe"="C:\Program Files\Sierra\FEAR\FEAR.exe:*:Enabled:FEAR"
"C:\Program Files\Sierra\FEAR\FEARMP.exe"="C:\Program Files\Sierra\FEAR\FEARMP.exe:*:Enabled:FEAR"
"C:\Program Files\Quake III Arena\quake3.exe"="C:\Program Files\Quake III Arena\quake3.exe:*:Enabled:quake3"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Steam\steamapps\tonyprime\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\tonyprime\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\steamapps\petervu1172@sbcglobal.net\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\petervu1172@sbcglobal.net\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Sierra\FEAR\FEARXP\FEARXP.exe"="C:\Program Files\Sierra\FEAR\FEARXP\FEARXP.exe:*:Enabled:FEARXP"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty® - World at War™ "
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War™ "
"C:\ijji\ENGLISH\u_gunz.exe"="C:\ijji\ENGLISH\u_gunz.exe:*:Enabled:<ijji Downloader>"
"C:\Documents and Settings\All Users\Application Data\IJJIGame\PLauncher.exe"="C:\Documents and Settings\All Users\Application Data\IJJIGame\PLauncher.exe:*:Enabled:PLauncher Application"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\WINDOWS\Downloaded Program Files\PurpleBean.exe"="C:\WINDOWS\Downloaded Program Files\PurpleBean.exe:*:Enabled:PurpleBean.exe"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Sierra Entertainment\FEAR Perseus Mandate\FEARXP2.exe"="C:\Program Files\Sierra Entertainment\FEAR Perseus Mandate\FEARXP2.exe:*:Enabled:FEARXP2"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe"="C:\Program Files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™"
"C:\Program Files\Autodesk\Backburner\monitor.exe"="C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\Program Files\Autodesk\Backburner\manager.exe"="C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\Program Files\Autodesk\Backburner\server.exe"="C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe"="C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe:*:Enabled:Autodesk 3ds Max Design 2009 32-bit"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp"
"C:\Nexon\MapleStory\MapleStory.exe"="C:\Nexon\MapleStory\MapleStory.exe:*:Enabled:MapleStory.exe"
"C:\Nexon\MapleStory\GameGuard\GameGuard.des"="C:\Nexon\MapleStory\GameGuard\GameGuard.des:*:Enabled:GameGuard.des"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\Program Files\AVG\AVG8\avgui.exe"="C:\Program Files\AVG\AVG8\avgui.exe:*:Enabled:avgui"
"C:\Program Files\AVG\AVG8\avgtray.exe"="C:\Program Files\AVG\AVG8\avgtray.exe:*:Enabled:avgtray"
"C:\WINDOWS\Temp\mmt8x4s.exe"="C:\WINDOWS\Temp\mmt8x4s.exe:*:Enabled:mmt8x4s"
"C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d011d8b-f55f-11dd-8fb3-00221501ce09}]
shell\AutoRun\command - g1ljsm.com
shell\open\command - g1ljsm.com


======File associations======

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 3 months======

2009-04-28 11:45:11 ----D---- C:\rsit
2009-04-28 11:44:42 ----A---- C:\WINDOWS\system32\ukhrtho.txt
2009-04-28 11:43:46 ----AH---- C:\aaw7boot.cmd
2009-04-28 11:04:17 ----D---- C:\WINDOWS\ERDNT
2009-04-28 11:03:35 ----D---- C:\Program Files\ERUNT
2009-04-28 07:42:08 ----N---- C:\WINDOWS\system32\autochk.dll
2009-04-27 23:01:19 ----A---- C:\WINDOWS\system32\loader49.exe
2009-04-27 20:31:37 ----D---- C:\WINDOWS\system32\KB905474
2009-04-27 14:48:46 ----A---- C:\WINDOWS\system32\MRT.INI
2009-04-27 14:47:20 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-26 21:01:20 ----D---- C:\Program Files\Trend Micro
2009-04-26 20:47:44 ----A---- C:\WINDOWS\system32\msvcr90.dll
2009-04-26 20:47:44 ----A---- C:\WINDOWS\system32\msvcr80d.dll
2009-04-26 20:47:43 ----A---- C:\WINDOWS\system32\msvcr80.dll
2009-04-26 20:47:43 ----A---- C:\WINDOWS\system32\msvcr70.dll
2009-04-26 20:47:43 ----A---- C:\WINDOWS\system32\msvcp90.dll
2009-04-26 20:47:43 ----A---- C:\WINDOWS\system32\msvcp80.dll
2009-04-26 20:47:43 ----A---- C:\WINDOWS\system32\msvcp70.dll
2009-04-26 20:47:43 ----A---- C:\WINDOWS\system32\msvcm90.dll
2009-04-26 20:47:42 ----A---- C:\WINDOWS\system32\Vista.Emulation.dll
2009-04-26 20:47:42 ----A---- C:\WINDOWS\system32\msvcm80.dll
2009-04-26 20:47:42 ----A---- C:\WINDOWS\system32\is-6UAVJ.tmp
2009-04-26 20:47:41 ----A---- C:\WINDOWS\system32\D3DX10d_39.dll
2009-04-26 20:47:41 ----A---- C:\WINDOWS\system32\D3D10SDKLayers.DLL
2009-04-26 20:47:41 ----A---- C:\WINDOWS\system32\d2d1.dll
2009-04-26 20:47:41 ----A---- C:\WINDOWS\system32\CompressATI2.dll
2009-04-26 20:47:41 ----A---- C:\WINDOWS\system32\avrt.dll
2009-04-26 20:47:41 ----A---- C:\Program Files\Common Files\unins000.exe
2009-04-26 16:07:28 ----D---- C:\Nexon
2009-04-25 12:11:38 ----D---- C:\Program Files\Common Files\EZB Systems
2009-04-25 02:09:28 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-04-25 02:09:28 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-04-25 02:09:28 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-04-25 02:09:27 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-04-25 02:09:27 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-04-25 02:09:26 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-04-25 02:09:24 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-04-24 15:50:04 ----D---- C:\Program Files\Common Files\ChaosGroup
2009-04-24 06:46:21 ----A---- C:\startvrlservice_log.txt
2009-04-24 06:06:32 ----A---- C:\vraylog.txt
2009-04-24 05:58:59 ----D---- C:\Program Files\Chaos Group
2009-04-24 05:40:36 ----D---- C:\Documents and Settings\Tony\Application Data\Autodesk
2009-04-24 05:36:19 ----D---- C:\Program Files\Turbo Squid Tentacles
2009-04-24 05:35:59 ----D---- C:\Program Files\Microsoft WSE
2009-04-24 05:30:40 ----D---- C:\WINDOWS\system32\XPSViewer
2009-04-24 05:30:11 ----D---- C:\Program Files\Reference Assemblies
2009-04-24 05:29:52 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-04-24 05:00:57 ----D---- C:\Program Files\UltraISO
2009-04-18 19:26:49 ----A---- C:\WINDOWS\system32\winstanew.dll
2009-04-18 19:26:49 ----A---- C:\WINDOWS\system32\user32new.dll
2009-04-18 19:26:48 ----A---- C:\WINDOWS\system32\setupapinew.dll
2009-04-18 19:26:48 ----A---- C:\WINDOWS\system32\secur32new.dll
2009-04-18 19:26:48 ----A---- C:\WINDOWS\system32\rpcrt4new.dll
2009-04-18 19:26:48 ----A---- C:\WINDOWS\system32\powrprofnew.dll
2009-04-18 19:26:48 ----A---- C:\WINDOWS\system32\Nucleus.dll
2009-04-18 19:26:48 ----A---- C:\WINDOWS\system32\ntdsapinew.dll
2009-04-18 19:26:48 ----A---- C:\WINDOWS\system32\ntdllnew.dll
2009-04-18 19:26:48 ----A---- C:\WINDOWS\system32\msvcrtnew.dll
2009-04-18 19:26:48 ----A---- C:\WINDOWS\system32\M2000Twn.dll
2009-04-18 19:26:48 ----A---- C:\WINDOWS\system32\kernel32new.dll
2009-04-18 19:26:48 ----A---- C:\WINDOWS\system32\dxgi.dll
2009-04-18 19:26:48 ----A---- C:\WINDOWS\system32\dwmapi.dll
2009-04-18 19:26:47 ----A---- C:\WINDOWS\system32\d3dx10.dll
2009-04-18 19:26:47 ----A---- C:\WINDOWS\system32\d3d10core.dll
2009-04-18 19:26:47 ----A---- C:\WINDOWS\system32\d3d10.dll
2009-04-18 19:26:47 ----A---- C:\WINDOWS\system32\crypt32new.dll
2009-04-18 19:26:47 ----A---- C:\WINDOWS\system32\apphelpnew.dll
2009-04-18 19:26:47 ----A---- C:\WINDOWS\system32\advapi32new.dll
2009-04-18 17:19:00 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-04-17 00:21:35 ----D---- C:\Documents and Settings\All Users\Application Data\id Software
2009-04-16 11:21:31 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-16 11:21:26 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-16 03:28:02 ----D---- C:\8cadaecf6c753cc4cf737f42d5
2009-04-16 03:27:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-16 03:27:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-16 03:26:59 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-16 03:26:52 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-15 21:35:59 ----A---- C:\WINDOWS\system32\wgatray.exe.bak
2009-04-15 21:35:59 ----A---- C:\WINDOWS\system32\WgaTray.exe
2009-04-15 21:35:59 ----A---- C:\WINDOWS\system32\wgalogon.dll.bak
2009-04-15 21:35:59 ----A---- C:\WINDOWS\system32\WgaLogon.dll
2009-04-15 21:35:59 ----A---- C:\WINDOWS\system32\legitcheckcontrol.dll.bak
2009-04-15 21:35:59 ----A---- C:\WINDOWS\system32\LegitCheckControl.dll
2009-04-15 12:58:45 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-09 00:08:25 ----D---- C:\Documents and Settings\All Users\Application Data\wanted
2009-04-09 00:03:23 ----D---- C:\Program Files\OpenAL
2009-04-09 00:03:23 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-04-09 00:03:23 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-04-08 23:54:45 ----D---- C:\Program Files\WarnerBros
2009-04-07 23:21:12 ----D---- C:\Documents and Settings\All Users\Application Data\Autodesk
2009-04-07 23:19:11 ----D---- C:\Program Files\Common Files\Autodesk Shared
2009-04-07 23:19:11 ----D---- C:\Program Files\Autodesk
2009-04-04 16:04:37 ----D---- C:\Program Files\EA Games
2009-04-03 14:05:47 ----D---- C:\ProgramData
2009-04-03 14:05:47 ----D---- C:\Documents and Settings\All Users\Application Data\Electronic Arts
2009-04-03 13:55:22 ----D---- C:\WINDOWS\E4D153288C89484BB9AAF5BE9EA6D01C.TMP
2009-04-03 03:55:58 ----D---- C:\Documents and Settings\Tony\Application Data\DiskAid
2009-04-03 03:55:48 ----D---- C:\Program Files\DigiDNA
2009-04-02 01:53:55 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2009-04-02 01:53:55 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2009-03-30 12:21:47 ----D---- C:\Config.Msi
2009-03-28 15:41:16 ----D---- C:\Program Files\id Software
2009-03-22 13:09:49 ----D---- C:\Program Files\Common Files\DirectX
2009-03-21 04:48:32 ----D---- C:\Program Files\Vertus Fluid Mask 3
2009-03-21 04:47:05 ----D---- C:\Documents and Settings\Tony\Application Data\Apple Computer
2009-03-21 04:47:00 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-03-21 04:46:48 ----D---- C:\Program Files\iPod
2009-03-21 04:46:46 ----D---- C:\Program Files\iTunes
2009-03-21 04:46:46 ----D---- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-21 04:46:03 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-03-21 04:45:53 ----D---- C:\Program Files\Apple Software Update
2009-03-21 04:45:43 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-03-21 04:45:20 ----D---- C:\Program Files\Common Files\Apple
2009-03-21 04:45:20 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-03-21 00:04:38 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-03-20 22:25:02 ----A---- C:\WINDOWS\system32\kbdkor.dll
2009-03-20 22:25:02 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2009-03-20 22:25:02 ----A---- C:\WINDOWS\system32\kbd103.dll
2009-03-20 22:25:02 ----A---- C:\WINDOWS\system32\kbd101c.dll
2009-03-20 22:24:59 ----A---- C:\WINDOWS\system32\kbd101b.dll
2009-03-20 22:24:58 ----A---- C:\WINDOWS\system32\kbd106.dll
2009-03-17 13:03:35 ----D---- C:\Program Files\CAPCOM
2009-03-17 03:44:16 ----D---- C:\Documents and Settings\Tony\Application Data\Ubisoft
2009-03-17 03:33:56 ----D---- C:\Documents and Settings\All Users\Application Data\Ubisoft
2009-03-16 05:40:45 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2009-03-15 07:13:14 ----D---- C:\Documents and Settings\All Users\Application Data\POP3Profiles
2009-03-15 07:11:36 ----D---- C:\Program Files\Ubisoft
2009-03-15 01:14:25 ----R---- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2009-03-15 01:13:43 ----RA---- C:\WINDOWS\system32\LVUI2RC.dll
2009-03-15 01:13:42 ----RA---- C:\WINDOWS\system32\LVUI2.dll
2009-03-15 01:13:42 ----RA---- C:\WINDOWS\system32\lvcodec2.dll
2009-03-15 01:12:17 ----RA---- C:\WINDOWS\system32\lvcoinst.ini
2009-03-15 01:12:17 ----RA---- C:\WINDOWS\system32\lvci1150.dll
2009-03-15 01:10:30 ----D---- C:\Documents and Settings\All Users\Application Data\Logishrd
2009-03-15 01:10:27 ----D---- C:\Program Files\Common Files\LogiShrd
2009-03-15 01:10:21 ----D---- C:\Documents and Settings\All Users\Application Data\Logitech
2009-03-15 01:10:20 ----D---- C:\Program Files\Logitech
2009-03-15 01:07:29 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-03-14 20:22:36 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-03-12 21:06:30 ----D---- C:\Program Files\Double Fine Productions
2009-03-11 02:09:33 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 02:09:26 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-09 22:48:03 ----D---- C:\Documents and Settings\Tony\Application Data\Skype
2009-03-09 22:47:53 ----RD---- C:\Program Files\Skype
2009-03-09 22:47:50 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-03-09 12:45:09 ----D---- C:\WINDOWS\A6D96D8E04C447E8A681F7C9C6444B9A.TMP
2009-03-03 20:45:50 ----D---- C:\Program Files\Audacity
2009-03-01 19:56:31 ----D---- C:\Program Files\F.E.A.R. 2
2009-02-27 22:24:27 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-23 00:40:46 ----D---- C:\Program Files\Sierra Entertainment
2009-02-22 00:27:50 ----D---- C:\Documents and Settings\All Users\Application Data\Nexon
2009-02-21 10:05:55 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2009-02-21 02:10:09 ----D---- C:\Program Files\Prey
2009-02-19 04:05:21 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-02-19 04:05:08 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2009-02-18 23:39:59 ----A---- C:\Documents and Settings\All Users\Application Data\DynuEncrypt.dll
2009-02-18 05:00:26 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-02-15 13:55:44 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2009-02-15 13:52:17 ----D---- C:\Program Files\Common Files\Control Panels
2009-02-15 13:50:57 ----D---- C:\Documents and Settings\All Users\Application Data\ALM
2009-02-15 13:42:56 ----D---- C:\Program Files\QuickTime
2009-02-15 13:38:23 ----A---- C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2009-02-15 13:38:23 ----A---- C:\WINDOWS\system32\NPSWF32.dll
2009-02-15 13:32:39 ----D---- C:\Program Files\Bonjour
2009-02-15 13:29:26 ----D---- C:\Program Files\Common Files\Macrovision Shared
2009-02-15 03:08:41 ----D---- C:\Logs
2009-02-14 03:24:46 ----A---- C:\WINDOWS\GunzLauncher.INI
2009-02-14 02:00:40 ----D---- C:\ijji
2009-02-14 02:00:38 ----HD---- C:\Documents and Settings\Tony\Application Data\ijjigame
2009-02-14 01:59:01 ----D---- C:\Documents and Settings\All Users\Application Data\IJJIGame
2009-02-13 15:11:59 ----D---- C:\Documents and Settings\Tony\Application Data\U3
2009-02-12 01:35:04 ----D---- C:\Documents and Settings\Tony\Application Data\Help
2009-02-12 01:22:56 ----D---- C:\Documents and Settings\Tony\Application Data\IDM
2009-02-12 01:22:56 ----D---- C:\Documents and Settings\Tony\Application Data\DMCache
2009-02-12 01:22:53 ----D---- C:\Program Files\Internet Download Manager
2009-02-11 21:33:34 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-11 06:12:57 ----SD---- C:\WINDOWS\Buuf (Retail)
2009-02-10 20:39:02 ----D---- C:\Program Files\Activision
2009-02-10 20:37:00 ----SHD---- C:\WINDOWS\ftpcache
2009-02-10 10:37:52 ----D---- C:\WINDOWS\Minidump
2009-02-09 16:29:55 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-02-09 14:12:11 ----HD---- C:\$AVG8.VAULT$
2009-02-09 01:21:27 ----A---- C:\WINDOWS\system32\muweb.dll
2009-02-09 01:21:26 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-02-09 01:21:26 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-02-08 21:58:09 ----A---- C:\WINDOWS\system32\TUProgSt.exe
2009-02-08 21:58:07 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2009-02-08 21:58:06 ----D---- C:\Documents and Settings\Tony\Application Data\TuneUp Software
2009-02-08 21:58:06 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe
2009-02-08 21:57:52 ----D---- C:\Program Files\TuneUp Utilities 2009
2009-02-08 21:57:52 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2009-02-08 21:57:38 ----SHD---- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-08 18:37:01 ----D---- C:\Program Files\Microsoft
2009-02-08 18:29:43 ----D---- C:\Program Files\Windows Live SkyDrive
2009-02-08 18:29:16 ----D---- C:\Program Files\Windows Live
2009-02-08 18:28:37 ----D---- C:\Documents and Settings\Tony\Application Data\Aim
2009-02-08 18:28:25 ----D---- C:\Program Files\Viewpoint
2009-02-08 18:28:25 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-02-08 18:28:24 ----D---- C:\Program Files\AOD
2009-02-08 18:27:57 ----D---- C:\Program Files\AIM
2009-02-08 18:25:08 ----D---- C:\Program Files\Common Files\Windows Live
2009-02-08 16:36:21 ----D---- C:\Documents and Settings\Tony\Application Data\Nexon
2009-02-08 05:20:05 ----D---- C:\Program Files\Guitar Pro 5
2009-02-08 01:55:28 ----D---- C:\Program Files\Common Files\INCA Shared
2009-02-08 00:20:21 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-02-08 00:20:21 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-02-08 00:20:21 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-02-08 00:20:21 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-02-08 00:20:21 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-02-08 00:20:21 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-02-08 00:20:21 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-02-08 00:20:21 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-02-08 00:20:21 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-02-08 00:20:21 ----N---- C:\WINDOWS\system32\px.dll
2009-02-08 00:20:19 ----D---- C:\Program Files\Winamp
2009-02-08 00:20:19 ----D---- C:\Documents and Settings\Tony\Application Data\Winamp
2009-02-07 20:57:56 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-02-07 20:56:29 ----D---- C:\Program Files\MSXML 4.0
2009-02-07 20:41:56 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2009-02-07 18:54:45 ----D---- C:\Program Files\Sierra
2009-02-07 18:41:20 ----A---- C:\WINDOWS\NeroDigital.ini
2009-02-07 18:38:23 ----A---- C:\WINDOWS\system32\_AxShlEx.dll
2009-02-07 18:33:45 ----D---- C:\Program Files\Quake III Arena
2009-02-07 18:29:43 ----D---- C:\Documents and Settings\All Users\Application Data\PMB Files
2009-02-07 18:28:00 ----D---- C:\Program Files\Pando Networks
2009-02-07 16:54:03 ----A---- C:\WINDOWS\Ascd_tmp.ini
2009-02-07 15:41:31 ----D---- C:\WINDOWS\system32\appmgmt
2009-02-07 15:33:54 ----D---- C:\Documents and Settings\Tony\Application Data\id Software
2009-02-07 13:24:24 ----D---- C:\Program Files\SpywareBlaster
2009-02-07 13:24:09 ----D---- C:\Documents and Settings\Tony\Application Data\Malwarebytes
2009-02-07 13:24:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-07 13:24:05 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-07 13:23:25 ----HDC---- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-07 13:23:19 ----D---- C:\Program Files\Lavasoft
2009-02-07 13:23:19 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-02-07 12:18:42 ----D---- C:\NVIDIA
2009-02-07 11:24:33 ----D---- C:\Program Files\SystemRequirementsLab
2009-02-07 11:24:26 ----D---- C:\Documents and Settings\Tony\Application Data\SystemRequirementsLab
2009-02-07 10:35:11 ----A---- C:\SMax.log.bak
2009-02-07 04:56:42 ----RSD---- C:\WINDOWS\assembly
2009-02-07 04:56:41 ----D---- C:\WINDOWS\system32\URTTemp
2009-02-07 04:56:41 ----D---- C:\WINDOWS\Microsoft.NET
2009-02-07 04:55:34 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-02-07 04:55:33 ----D---- C:\WINDOWS\system32\LogFiles
2009-02-07 04:55:33 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2009-02-07 04:55:33 ----A---- C:\WINDOWS\system32\pbsvc.exe
2009-02-07 04:44:54 ----D---- C:\Program Files\Electronic Arts
2009-02-07 04:38:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-02-07 04:38:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-02-07 04:38:48 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-02-07 04:38:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-02-07 04:38:41 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-02-07 04:38:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2009-02-07 04:38:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-02-07 04:38:08 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-02-07 04:38:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-02-07 04:38:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-02-07 04:37:58 ----D---- C:\WINDOWS\ie7updates
2009-02-07 04:37:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-02-07 04:37:50 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-02-07 04:37:46 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-02-07 04:37:43 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-02-07 04:37:40 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-02-07 04:37:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-02-07 04:37:33 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-02-07 04:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-02-07 04:37:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-02-07 04:37:22 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-02-07 04:37:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-02-07 04:37:15 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-02-07 04:37:11 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-02-07 04:37:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-02-07 04:05:10 ----D---- C:\WINDOWS\system32\PreInstall
2009-02-07 04:05:09 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-02-07 04:05:08 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-02-07 03:40:52 ----N---- C:\WINDOWS\WB.ini
2009-02-07 03:31:30 ----D---- C:\Documents and Settings\Tony\Application Data\Nero
2009-02-07 03:31:17 ----A---- C:\WINDOWS\system32\MsiExec.exe.log
2009-02-07 03:30:32 ----D---- C:\Program Files\Nero
2009-02-07 03:30:32 ----D---- C:\Program Files\Common Files\Nero
2009-02-07 03:30:32 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2009-02-07 03:29:52 ----D---- C:\WINDOWS\RegisteredPackages
2009-02-07 03:21:02 ----D---- C:\Documents and Settings\Tony\Application Data\DAEMON Tools Pro
2009-02-07 03:21:02 ----D---- C:\Documents and Settings\Tony\Application Data\DAEMON Tools
2009-02-07 03:20:18 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2009-02-07 03:19:14 ----D---- C:\Program Files\DAEMON Tools Lite
2009-02-07 03:14:59 ----N---- C:\WINDOWS\system32\wbsys.dll
2009-02-07 03:14:58 ----D---- C:\Program Files\Stardock
2009-02-07 03:03:20 ----D---- C:\Program Files\BitLord
2009-02-07 02:55:40 ----D---- C:\Documents and Settings\Tony\Application Data\IrfanView
2009-02-07 02:55:03 ----D---- C:\Program Files\IrfanView
2009-02-07 02:50:26 ----A---- C:\WINDOWS\system32\msonpmon.dll
2009-02-07 02:49:58 ----D---- C:\Program Files\Microsoft Works
2009-02-07 02:49:55 ----D---- C:\Program Files\MSBuild
2009-02-07 02:49:48 ----D---- C:\Program Files\Microsoft Visual Studio
2009-02-07 02:49:48 ----D---- C:\Program Files\Common Files\DESIGNER
2009-02-07 02:47:46 ----D---- C:\WINDOWS\SHELLNEW
2009-02-07 02:47:23 ----D---- C:\Program Files\Microsoft Office
2009-02-07 02:47:23 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-02-07 02:47:09 ----RHD---- C:\MSOCache
2009-02-07 02:45:11 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-02-07 02:45:09 ----D---- C:\Fraps
2009-02-07 02:44:57 ----D---- C:\Program Files\DVD Shrink
2009-02-07 02:44:57 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2009-02-07 02:44:40 ----D---- C:\Documents and Settings\Tony\Application Data\DAEMON Tools Lite
2009-02-07 02:44:29 ----D---- C:\Program Files\CCleaner
2009-02-07 02:35:43 ----RA---- C:\WINDOWS\system32\PostProc.dll
2009-02-07 02:35:43 ----RA---- C:\WINDOWS\system32\a3d.dll
2009-02-07 02:35:41 ----D---- C:\Program Files\Analog Devices
2009-02-07 02:30:38 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-02-07 02:30:18 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-02-07 02:30:14 ----D---- C:\Program Files\Common Files\Adobe
2009-02-07 02:30:14 ----D---- C:\Program Files\Adobe
2009-02-07 02:29:05 ----D---- C:\Documents and Settings\Tony\Application Data\WinRAR
2009-02-07 02:28:57 ----D---- C:\Program Files\WinRAR
2009-02-07 02:05:29 ----A---- C:\WINDOWS\system32\msssc.dll
2009-02-07 02:05:23 ----D---- C:\swsetup
2009-02-07 01:53:39 ----RD---- C:\WINDOWS\AsDmiHtm
2009-02-07 01:16:23 ----D---- C:\Documents and Settings\Tony\Application Data\Ventrilo
2009-02-07 01:14:16 ----D---- C:\Program Files\Ventrilo
2009-02-07 01:14:13 ----A---- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-02-07 01:12:55 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2009-02-07 01:06:54 ----A---- C:\WINDOWS\AS_Debug.txt
2009-02-07 00:51:19 ----D---- C:\Documents and Settings\Tony\Application Data\Media Player Classic
2009-02-07 00:50:49 ----A---- C:\WINDOWS\system32\unrar.dll
2009-02-07 00:50:49 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-02-07 00:50:49 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-02-07 00:50:49 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-02-07 00:50:49 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-02-07 00:50:49 ----A---- C:\WINDOWS\avisplitter.ini
2009-02-07 00:50:48 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2009-02-07 00:50:47 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2009-02-07 00:50:47 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-02-07 00:50:47 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2009-02-07 00:50:47 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2009-02-07 00:50:47 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2009-02-07 00:50:47 ----A---- C:\WINDOWS\system32\dpl100.dll
2009-02-07 00:50:47 ----A---- C:\WINDOWS\system32\divx.dll
2009-02-07 00:50:46 ----D---- C:\Program Files\K-Lite Codec Pack
2009-02-07 00:50:46 ----D---- C:\Documents and Settings\Tony\Application Data\Real
2009-02-07 00:50:46 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2009-02-07 00:49:42 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-02-07 00:49:42 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-02-06 23:27:50 ----D---- C:\Program Files\Steam
2009-02-06 23:15:59 ----D---- C:\Program Files\NVIDIA Corporation
2009-02-06 23:15:46 ----D---- C:\Program Files\Common Files\InstallShield
2009-02-06 23:15:34 ----D---- C:\Program Files\NVIDIA nTune Performance Application
2009-02-06 23:14:32 ----D---- C:\WINDOWS\Sun
2009-02-06 23:14:25 ----A---- C:\WINDOWS\system32\javaws.exe
2009-02-06 23:14:25 ----A---- C:\WINDOWS\system32\javaw.exe
2009-02-06 23:14:25 ----A---- C:\WINDOWS\system32\java.exe
2009-02-06 23:14:25 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-02-06 23:14:18 ----D---- C:\Program Files\Java
2009-02-06 23:13:15 ----D---- C:\WINDOWS\system32\AGEIA
2009-02-06 23:13:15 ----D---- C:\Program Files\AGEIA Technologies
2009-02-06 23:13:03 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-02-06 23:12:45 ----D---- C:\WINDOWS\nview
2009-02-06 23:12:44 ----A---- C:\WINDOWS\system32\nvudisp.exe
2009-02-06 23:10:38 ----D---- C:\WINDOWS\pss
2009-02-06 23:10:32 ----D---- C:\Documents and Settings\Tony\Application Data\Sun
2009-02-06 23:09:39 ----N---- C:\WINDOWS\system32\msvcr71.dll
2009-02-06 23:09:39 ----A---- C:\WINDOWS\system32\msvcp71.dll
2009-02-06 23:08:34 ----D---- C:\WINDOWS\system32\Adobe
2009-02-06 23:08:07 ----D---- C:\Documents and Settings\Tony\Application Data\Macromedia
2009-02-06 23:08:06 ----D---- C:\Documents and Settings\Tony\Application Data\Adobe
2009-02-06 23:02:25 ----D---- C:\Documents and Settings\Tony\Application Data\Mozilla
2009-02-06 23:02:20 ----D---- C:\Program Files\Mozilla Firefox
2009-02-06 23:01:26 ----A---- C:\WINDOWS\system32\d3dx9_40.dll
2009-02-06 23:01:26 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-02-06 23:01:26 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-02-06 23:01:25 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-02-06 23:01:25 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-02-06 23:01:24 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-02-06 23:01:24 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-02-06 23:01:23 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-02-06 23:01:23 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-02-06 23:01:23 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-02-06 23:01:23 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-02-06 23:01:23 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-02-06 23:01:22 ----A---- C:\WINDOWS\system32\d3dx9_39.dll
2009-02-06 23:01:21 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-02-06 23:01:21 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-02-06 23:01:20 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-02-06 23:01:20 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-02-06 23:01:19 ----A---- C:\WINDOWS\system32\d3dx9_38.dll
2009-02-06 23:01:19 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-02-06 23:01:19 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-02-06 23:01:18 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2009-02-06 23:01:17 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2009-02-06 23:01:17 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2009-02-06 23:01:16 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-02-06 23:01:16 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-02-06 23:01:15 ----A---- C:\WINDOWS\system32\d3dx9_37.dll
2009-02-06 23:01:14 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-02-06 23:01:13 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-02-06 23:01:13 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-02-06 23:01:13 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-02-06 23:01:12 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-02-06 23:01:11 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-02-06 23:01:11 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-02-06 23:01:11 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-02-06 23:01:10 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-02-06 23:01:10 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-02-06 23:01:10 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-02-06 23:01:10 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-02-06 23:01:09 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-02-06 23:01:09 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-02-06 23:01:08 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-02-06 23:01:08 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-02-06 23:01:08 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-02-06 23:01:07 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-02-06 23:01:06 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-02-06 23:01:06 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-02-06 23:01:06 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-02-06 23:01:05 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-02-06 23:01:05 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-02-06 23:01:05 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-02-06 23:01:05 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-02-06 23:01:04 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-02-06 23:01:04 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-02-06 23:01:04 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-02-06 23:01:04 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-02-06 23:01:03 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-02-06 23:01:03 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-02-06 23:01:03 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-02-06 23:01:03 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-02-06 23:01:02 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-02-06 23:01:02 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-02-06 23:01:01 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-02-06 23:01:01 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-02-06 23:01:01 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-02-06 23:01:00 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-02-06 22:58:10 ----D---- C:\WINDOWS\Logs
2009-02-06 22:58:04 ----HD---- C:\WINDOWS\msdownld.tmp
2009-02-06 22:55:39 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-06 22:55:39 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-06 22:53:32 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-02-06 19:52:40 ----A---- C:\WINDOWS\system32\sirenacm.dll
2009-02-06 10:50:30 ----D---- C:\Program Files\AVG
2009-02-06 10:50:29 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-02-06 10:47:57 ----D---- C:\WINDOWS\Downloaded Installations
2009-02-06 10:46:40 ----SHD---- C:\RECYCLER
2009-02-06 10:31:52 ----D---- C:\Program Files\Marvell
2009-02-06 10:31:52 ----D---- C:\Documents and Settings\Tony\Application Data\TMP
2009-02-06 10:22:24 ----D---- C:\WINDOWS\ASUSInstAll
2009-02-06 10:18:37 ----A---- C:\WINDOWS\system32\nvuhda.exe
2009-02-06 10:18:37 ----A---- C:\WINDOWS\system32\nvcohda.dll
2009-02-06 10:18:36 ----N---- C:\WINDOWS\system32\ksuser.dll
2009-02-06 10:18:34 ----RA---- C:\WINDOWS\system32\nvusmu.exe
2009-02-06 10:18:32 ----RA---- C:\WINDOWS\system32\nvusmb.exe
2009-02-06 10:18:29 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2009-02-06 10:17:37 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-02-06 10:17:35 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-02-06 10:17:34 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-06 10:17:34 ----D---- C:\Program Files\AMD
2009-02-06 10:17:29 ----D---- C:\Documents and Settings\Tony\Application Data\InstallShield
2009-02-06 10:16:58 ----A---- C:\WINDOWS\Ascd_log.ini
2009-02-06 10:14:22 ----D---- C:\Documents and Settings\Tony\Application Data\Identities
2009-02-06 10:14:21 ----HD---- C:\Program Files\Uninstall Information
2009-02-06 10:14:18 ----SD---- C:\Documents and Settings\Tony\Application Data\Microsoft
2009-02-06 10:14:18 ----ASH---- C:\Documents and Settings\Tony\Application Data\desktop.ini
2009-02-06 10:13:18 ----D---- C:\WINDOWS\SoftwareDistribution
2009-02-06 10:13:16 ----SD---- C:\WINDOWS\system32\Microsoft
2009-02-06 10:13:16 ----D---- C:\WINDOWS\Prefetch
2009-02-06 10:13:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-06 10:11:22 ----A---- C:\WINDOWS\system32\kbdlk41j.dll
2009-02-06 10:11:22 ----A---- C:\WINDOWS\system32\kbdlk41a.dll
2009-02-06 10:11:22 ----A---- C:\WINDOWS\system32\kbdibm02.dll
2009-02-06 10:11:22 ----A---- C:\WINDOWS\system32\kbdax2.dll
2009-02-06 10:11:22 ----A---- C:\WINDOWS\system32\kbd106n.dll
2009-02-06 10:11:21 ----A---- C:\WINDOWS\system32\kbd101.dll
2009-02-06 10:11:06 ----A---- C:\WINDOWS\system32\f3ahvoas.dll
2009-02-06 10:10:59 ----A---- C:\WINDOWS\system32\c_g18030.dll
2009-02-06 10:10:44 ----D---- C:\WINDOWS\system32\xircom
2009-02-06 10:10:44 ----D---- C:\Program Files\xerox
2009-02-06 10:10:44 ----D---- C:\Program Files\microsoft frontpage
2009-02-06 10:09:57 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-02-06 10:09:56 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-06 10:09:47 ----A---- C:\WINDOWS\control.ini
2009-02-06 10:09:47 ----A---- C:\AUTOEXEC.BAT
2009-02-06 10:09:35 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-02-06 10:08:56 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-02-06 10:08:53 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-02-06 10:08:49 ----HD---- C:\Program Files\WindowsUpdate
2009-02-06 10:08:33 ----D---- C:\WINDOWS\system32\DirectX
2009-02-06 10:08:27 ----A---- C:\WINDOWS\system32\atrace.dll
2009-02-06 10:08:24 ----A---- C:\WINDOWS\system32\desktop.ini
2009-02-06 10:08:24 ----A---- C:\WINDOWS\desktop.ini
2009-02-06 10:08:18 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-02-06 10:08:17 ----D---- C:\Program Files\Common Files\Services
2009-02-06 10:08:17 ----A---- C:\WINDOWS\system32\acctres.dll
2009-02-06 10:08:14 ----SD---- C:\WINDOWS\Tasks
2009-02-06 10:08:14 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-02-06 10:08:13 ----D---- C:\Program Files\Common Files\MSSoap
2009-02-06 10:08:09 ----D---- C:\WINDOWS\srchasst
2009-02-06 10:08:08 ----D---- C:\WINDOWS\system32\Macromed
2009-02-06 10:08:06 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-02-06 10:08:06 ----A---- C:\WINDOWS\system32\wups.dll
2009-02-06 10:08:06 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-02-06 10:08:06 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-02-06 10:08:06 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-02-06 10:08:06 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-02-06 10:08:06 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-02-06 10:08:06 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-02-06 10:08:05 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-02-06 10:08:05 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-02-06 10:08:05 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-02-06 10:08:05 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2009-02-06 10:08:05 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-02-06 10:08:05 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-02-06 10:08:02 ----D---- C:\Program Files\Movie Maker
2009-02-06 10:07:47 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-02-06 10:07:47 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-02-06 10:07:47 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-02-06 10:07:47 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-02-06 10:07:43 ----D---- C:\WINDOWS\system32\Restore
2009-02-06 10:07:43 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-02-06 10:07:43 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-02-06 10:07:43 ----A---- C:\WINDOWS\system32\srclient.dll
2009-02-06 10:07:43 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-02-06 10:07:43 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-02-06 10:07:42 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-02-06 10:07:42 ----A---- C:\WINDOWS\system32\msconf.dll
2009-02-06 10:07:42 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-02-06 10:07:42 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-02-06 10:07:42 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-02-06 10:07:42 ----A---- C:\WINDOWS\system32\ils.dll
2009-02-06 10:07:39 ----D---- C:\Program Files\NetMeeting
2009-02-06 10:07:39 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-02-06 10:07:39 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-02-06 10:07:38 ----A---- C:\WINDOWS\system32\inetres.dll
2009-02-06 10:07:38 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-02-06 10:07:36 ----D---- C:\Program Files\Outlook Express
2009-02-06 10:07:36 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-02-06 10:07:36 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-02-06 10:07:36 ----A---- C:\WINDOWS\system32\mstask.dll
2009-02-06 10:07:36 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-02-06 10:07:36 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-02-06 10:07:35 ----A---- C:\WINDOWS\system32\isign32.dll
2009-02-06 10:07:35 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-02-06 10:07:31 ----D---- C:\Program Files\Common Files\System
2009-02-06 10:07:30 ----D---- C:\Program Files\Internet Explorer
2009-02-06 10:07:01 ----D---- C:\Program Files\ComPlus Applications
2009-02-06 10:06:59 ----A---- C:\WINDOWS\vbaddin.ini
2009-02-06 10:06:59 ----A---- C:\WINDOWS\vb.ini
2009-02-06 10:06:54 ----D---- C:\WINDOWS\Registration
2009-02-06 10:06:48 ----D---- C:\Program Files\Windows Media Player
2009-02-06 10:06:39 ----D---- C:\Program Files\MSN Gaming Zone
2009-02-06 10:06:39 ----A---- C:\WINDOWS\system32\write.exe
2009-02-06 10:06:32 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-02-06 10:06:32 ----A---- C:\WINDOWS\system32\hticons.dll
2009-02-06 10:06:31 ----A---- C:\WINDOWS\system32\winchat.exe
2009-02-06 10:06:31 ----A---- C:\WINDOWS\system32\avwav.dll
2009-02-06 10:06:31 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-02-06 10:06:31 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-02-06 10:06:25 ----A---- C:\WINDOWS\system32\sol.exe
2009-02-06 10:06:25 ----A---- C:\WINDOWS\system32\getuname.dll
2009-02-06 10:06:25 ----A---- C:\WINDOWS\system32\charmap.exe
2009-02-06 10:06:25 ----A---- C:\WINDOWS\system32\calc.exe
2009-02-06 10:06:24 ----A---- C:\WINDOWS\system32\winmine.exe
2009-02-06 10:06:24 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-02-06 10:06:24 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-02-06 10:06:24 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-02-06 10:06:24 ----A---- C:\WINDOWS\system32\tskill.exe
2009-02-06 10:06:24 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-02-06 10:06:24 ----A---- C:\WINDOWS\system32\tscon.exe
2009-02-06 10:06:24 ----A---- C:\WINDOWS\system32\reset.exe
2009-02-06 10:06:24 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-02-06 10:06:24 ----A---- C:\WINDOWS\system32\freecell.exe
2009-02-06 10:06:23 ----A---- C:\WINDOWS\system32\shadow.exe
2009-02-06 10:06:23 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-02-06 10:06:23 ----A---- C:\WINDOWS\system32\regini.exe
2009-02-06 10:06:23 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-02-06 10:06:23 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-02-06 10:06:23 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-02-06 10:06:23 ----A---- C:\WINDOWS\system32\msg.exe
2009-02-06 10:06:23 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-02-06 10:06:23 ----A---- C:\WINDOWS\system32\logoff.exe
2009-02-06 10:06:23 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-02-06 10:06:15 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-02-06 10:06:05 ----D---- C:\Program Files\MSN
2009-02-06 10:06:04 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-02-06 10:06:04 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-02-06 10:06:04 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-02-06 10:06:03 ----D---- C:\Program Files\Windows NT
2009-02-06 10:06:03 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-02-06 10:06:03 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-02-06 10:06:03 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-02-06 10:06:02 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-02-06 10:06:02 ----A---- C:\WINDOWS\system32\spider.exe
2009-02-06 10:06:01 ----A---- C:\WINDOWS\system32\tsgqec.dll
2009-02-06 10:06:01 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2009-02-06 10:06:01 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-02-06 10:06:01 ----A---- C:\WINDOWS\system32\aaclient.dll
2009-02-06 10:06:00 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-02-06 10:06:00 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-02-06 10:06:00 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-02-06 10:06:00 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-02-06 10:06:00 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-02-06 10:06:00 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-02-06 10:06:00 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-02-06 10:06:00 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-02-06 10:06:00 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-02-06 10:06:00 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-02-06 10:05:59 ----D---- C:\WINDOWS\system32\MsDtc
2009-02-06 10:05:59 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-02-06 10:05:59 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-02-06 10:05:59 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-02-06 10:05:59 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-02-06 10:05:59 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-02-06 10:05:59 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-02-06 10:05:59 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-02-06 10:05:58 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-02-06 10:05:58 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-02-06 10:05:58 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-02-06 10:05:58 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-02-06 10:05:57 ----D---- C:\WINDOWS\system32\Com
2009-02-06 10:05:57 ----A---- C:\WINDOWS\system32\stclient.dll
2009-02-06 10:05:57 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-02-06 10:05:57 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-02-06 10:05:57 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-02-06 10:05:57 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-02-06 10:05:57 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-02-06 10:05:57 ----A---- C:\WINDOWS\system32\colbact.dll
2009-02-06 10:05:57 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-02-06 10:05:57 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-02-06 10:05:56 ----A---- C:\WINDOWS\system32\comuid.dll
2009-02-06 10:05:56 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-02-06 10:05:56 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-02-06 10:05:56 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-02-06 10:05:55 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-02-06 10:05:55 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-02-06 10:05:50 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-02-06 10:05:50 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-02-06 10:05:50 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-02-06 10:05:50 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-02-06 04:04:35 ----A---- C:\WINDOWS\system32\h323log.txt
2009-02-06 03:57:52 ----A---- C:\WINDOWS\system32\usbui.dll
2009-02-06 03:56:53 ----SHD---- C:\WINDOWS\Installer
2009-02-06 03:56:53 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-06 03:56:52 ----D---- C:\Program Files\Common Files\ODBC
2009-02-06 03:56:52 ----A---- C:\WINDOWS\ODBCINST.INI
2009-02-06 03:56:49 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-02-06 03:56:48 ----RD---- C:\Program Files
2009-02-06 03:56:48 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-02-06 03:56:48 ----D---- C:\Program Files\Common Files
2009-02-06 03:56:45 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-02-06 03:56:45 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-02-06 03:56:45 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-02-06 03:56:43 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-02-06 03:56:43 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-02-06 03:56:43 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-02-06 03:56:43 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-02-06 03:56:43 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-02-06 03:56:43 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-02-06 03:56:43 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-02-06 03:56:43 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-02-06 03:56:43 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-02-06 03:56:43 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-02-06 03:56:43 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-02-06 03:56:43 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-02-06 03:56:41 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-02-06 03:56:41 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-02-06 03:56:41 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-02-06 03:56:41 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-02-06 03:56:41 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-02-06 03:56:41 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-02-06 03:56:41 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-02-06 03:56:40 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-02-06 03:56:40 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-02-06 03:56:40 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-02-06 03:56:40 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-02-06 03:56:40 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-02-06 03:56:38 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-02-06 03:56:38 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-02-06 03:56:38 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-02-06 03:56:38 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-02-06 03:56:38 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-02-06 03:56:38 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-02-06 03:56:38 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-02-06 03:56:38 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-02-06 03:56:38 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-02-06 03:56:38 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-02-06 03:56:38 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-02-06 03:56:38 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-02-06 03:56:38 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-02-06 03:56:34 ----A---- C:\WINDOWS\system32\irclass.dll
2009-02-06 03:56:33 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-02-06 03:56:33 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-02-06 03:56:33 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-02-06 03:56:33 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-02-06 03:56:31 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-02-06 03:56:31 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-02-06 03:56:31 ----A---- C:\WINDOWS\system32\batt.dll
2009-02-06 03:56:30 ----A---- C:\WINDOWS\system32\storprop.dll
2009-02-06 03:56:30 ----A---- C:\WINDOWS\NOTEPAD.EXE
2009-02-06 03:56:23 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-02-06 03:56:20 ----RA---- C:\WINDOWS\SET8.tmp
2009-02-06 03:56:17 ----RA---- C:\WINDOWS\SET4.tmp
2009-02-06 03:56:16 ----RA---- C:\WINDOWS\SET3.tmp
2009-02-06 03:56:10 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-06 03:56:10 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-06 03:56:05 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-02-06 03:55:46 ----SHD---- C:\System Volume Information
2009-02-06 03:55:46 ----D---- C:\Documents and Settings
2009-02-06 03:55:10 ----RASH---- C:\boot.ini
2009-02-06 03:50:45 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-02-06 03:50:45 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-06 03:50:45 ----RSD---- C:\WINDOWS\Fonts
2009-02-06 03:50:45 ----RD---- C:\WINDOWS\Web
2009-02-06 03:50:45 ----HD---- C:\WINDOWS\inf
2009-02-06 03:50:45 ----D---- C:\WINDOWS\WinSxS
2009-02-06 03:50:45 ----D---- C:\WINDOWS\WBEM
2009-02-06 03:50:45 ----D---- C:\WINDOWS\twain_32
2009-02-06 03:50:45 ----D---- C:\WINDOWS\Temp
2009-02-06 03:50:45 ----D---- C:\WINDOWS\system32\wins
2009-02-06 03:50:45 ----D---- C:\WINDOWS\system32\wbem
2009-02-06 03:50:45 ----D---- C:\WINDOWS\system32\usmt
2009-02-06 03:50:45 ----D---- C:\WINDOWS\system32\spool
2009-02-06 03:50:45 ----D---- C:\WINDOWS\system32\ShellExt
2009-02-06 03:50:45 ----D---- C:\WINDOWS\system32\Setup
2009-02-06 03:50:45 ----D---- C:\WINDOWS\system32\scripting
2009-02-06 03:50:45 ----D---- C:\WINDOWS\system32\ras
2009-02-06 03:50:45 ----D---- C:\WINDOWS\system32\oobe
2009-02-06 03:50:45 ----D---- C:\WINDOWS\system32\npp
2009-02-06 03:50:45 ----D---- C:\WINDOWS\system32\mui
2009-02-06 03:50:45 ----D---- C:\WINDOWS\system32\inetsrv
2009-02-06 03:50:45 ----D---- C:\WINDOWS\system32\IME
2009-02-06 03:50:45 ----D---- C:\WINDOWS\system32\icsxml
2009-02-06 03:50:45 ----D---- C:\WINDOWS\system32\ias
2009-02-06 03:50:45 ----D---- C:\WINDOWS\system32\export
2009-02-06 03:50:45 ----D---- C:\WINDOWS\system32\en-US
2009-02-06 03:50:45 ----D---- C:\WINDOWS\system32\en
2009-02-06 03:50:45 ----D---- C:\WINDOWS\system32\drivers
2009-02-06 03:50:45 ----D---- C:\WINDOWS\system32\dhcp
2009-02-06 03:50:45 ----D---- C:\WINDOWS\system32\config
2009-02-06 03:50:45 ----D---- C:\WINDOWS\system32\3com_dmi
2009-02-06 03:50:45 ----D---- C:\WINDOWS\system32\3076
2009-02-06 03:50:45 ----D---- C:\WINDOWS\system32\2052
2009-02-06 03:50:45 ----D---- C:\WINDOWS\system32\1054
2009-02-06 03:50:45 ----D---- C:\WINDOWS\system32\1042
2009-02-06 03:50:45 ----D---- C:\WINDOWS\system32\1041
2009-02-06 03:50:45 ----D---- C:\WINDOWS\system32\1037
2009-02-06 03:50:45 ----D---- C:\WINDOWS\system32\1033
2009-02-06 03:50:45 ----D---- C:\WINDOWS\system32\1031
2009-02-06 03:50:45 ----D---- C:\WINDOWS\system32\1028
2009-02-06 03:50:45 ----D---- C:\WINDOWS\system32\1025
2009-02-06 03:50:45 ----D---- C:\WINDOWS\system32
2009-02-06 03:50:45 ----D---- C:\WINDOWS\system
2009-02-06 03:50:45 ----D---- C:\WINDOWS\security
2009-02-06 03:50:45 ----D---- C:\WINDOWS\Resources
2009-02-06 03:50:45 ----D---- C:\WINDOWS\repair
2009-02-06 03:50:45 ----D---- C:\WINDOWS\Provisioning
2009-02-06 03:50:45 ----D---- C:\WINDOWS\PeerNet
2009-02-06 03:50:45 ----D---- C:\WINDOWS\pchealth
2009-02-06 03:50:45 ----D---- C:\WINDOWS\Offline Web Pages
2009-02-06 03:50:45 ----D---- C:\WINDOWS\Network Diagnostic
2009-02-06 03:50:45 ----D---- C:\WINDOWS\mui
2009-02-06 03:50:45 ----D---- C:\WINDOWS\msapps
2009-02-06 03:50:45 ----D---- C:\WINDOWS\msagent
2009-02-06 03:50:45 ----D---- C:\WINDOWS\Media
2009-02-06 03:50:45 ----D---- C:\WINDOWS\L2Schemas
2009-02-06 03:50:45 ----D---- C:\WINDOWS\java
2009-02-06 03:50:45 ----D---- C:\WINDOWS\ime
2009-02-06 03:50:45 ----D---- C:\WINDOWS\Help
2009-02-06 03:50:45 ----D---- C:\WINDOWS\ehome
2009-02-06 03:50:45 ----D---- C:\WINDOWS\Driver Cache
2009-02-06 03:50:45 ----D---- C:\WINDOWS\Debug
2009-02-06 03:50:45 ----D---- C:\WINDOWS\Cursors
2009-02-06 03:50:45 ----D---- C:\WINDOWS\Connection Wizard
2009-02-06 03:50:45 ----D---- C:\WINDOWS\Config
2009-02-06 03:50:45 ----D---- C:\WINDOWS\AppPatch
2009-02-06 03:50:45 ----D---- C:\WINDOWS\addins
2009-02-06 03:50:45 ----D---- C:\WINDOWS

======List of files/folders modified in the last 3 months======

2009-04-27 23:01:28 ----A---- C:\WINDOWS\system32\userinit.exe
2009-04-27 13:37:48 ----A---- C:\WINDOWS\win.ini
2009-04-27 13:37:48 ----A---- C:\WINDOWS\system.ini
2009-04-26 20:37:30 ----ASH---- C:\WINDOWS\system32\guvegavu.dll
2009-03-25 04:06:46 ----A---- C:\WINDOWS\system32\prsgrc.dll
2009-03-21 09:06:58 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-03-21 04:48:39 ----A---- C:\WINDOWS\system32\ssprs.dll
2009-03-21 04:48:39 ----A---- C:\WINDOWS\system32\kzqj27o.dll
2009-03-21 04:48:39 ----A---- C:\WINDOWS\system32\grcauth2.dll
2009-03-21 04:48:39 ----A---- C:\WINDOWS\system32\grcauth1.dll
2009-03-21 04:48:39 ----A---- C:\WINDOWS\system32\clauth2.dll
2009-03-21 04:48:39 ----A---- C:\WINDOWS\system32\clauth1.dll
2009-03-06 09:22:18 ----A---- C:\WINDOWS\system32\pdh.dll
2009-03-02 19:18:25 ----A---- C:\WINDOWS\system32\wininet.dll
2009-02-20 13:09:38 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-02-20 13:09:38 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-02-20 13:09:38 ----A---- C:\WINDOWS\system32\url.dll
2009-02-20 13:09:38 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-02-20 13:09:38 ----A---- C:\WINDOWS\system32\occache.dll
2009-02-20 13:09:38 ----A---- C:\WINDOWS\system32\mstime.dll
2009-02-20 13:09:38 ----A---- C:\WINDOWS\system32\msrating.dll
2009-02-20 13:09:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-02-20 13:09:38 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-02-20 13:09:37 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-02-20 13:09:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-02-20 13:09:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-02-20 13:09:37 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-02-20 13:09:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-02-20 13:09:37 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-02-20 13:09:36 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-02-20 13:09:36 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-02-20 13:09:36 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-02-20 13:09:36 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-02-20 13:09:36 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-02-20 13:09:36 ----A---- C:\WINDOWS\system32\icardie.dll
2009-02-20 13:09:36 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-02-20 13:09:36 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-02-20 13:09:35 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-02-20 13:09:35 ----A---- C:\WINDOWS\system32\advpack.dll
2009-02-20 05:20:49 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-02-20 05:20:49 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-02-20 00:14:12 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-02-09 07:10:49 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-02-09 07:10:48 ----A---- C:\WINDOWS\system32\rpcss.dll
2009-02-09 07:10:48 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-02-09 07:10:48 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-02-06 06:11:05 ----A---- C:\WINDOWS\system32\services.exe
2009-02-06 06:06:41 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-02-06 05:39:08 ----A---- C:\WINDOWS\system32\sc.exe
2009-02-06 05:32:56 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-02-03 14:59:07 ----A---- C:\WINDOWS\system32\secur32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-04-25 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-04-25 27656]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-10-09 313856]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-06-19 103424]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2006-11-01 33280]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys [2007-10-11 41752]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 npkcusb;npkcusb; \??\C:\Nexon\MapleStory\npkcusb.sys []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-01-15 6301248]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda32.sys [2008-01-11 31392]
R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2007-10-12 13312]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-05 36864]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-08-15 265856]
S3 a1nz3vuo;a1nz3vuo; C:\WINDOWS\system32\drivers\a1nz3vuo.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2007-10-11 23832]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2007-10-11 1920920]
S3 LVUVC;Logitech QuickCam Pro 9000(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2007-10-11 3647384]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-04-24 79360]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-04-25 298264]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-06 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-24 953168]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit; C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-01-15 163908]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-04-17 75064]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-02-08 603904]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S2 npkcmsvc;npkcmsvc; C:\Program Files\Wizet\MapleStory\npkcmsvc.exe []
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-02-15 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-02-08 360192]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------



info.txt logfile of random's system information tool 1.06 2009-04-28 11:45:19

======Uninstall list======

-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec /X{8AAB4176-A747-493A-A42C-B63CFADFD8E3}
-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
3dsmax ancillary install-->MsiExec.exe /I{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Add or Remove Adobe Creative Suite 3 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\4dcfd9b7e901b57f81f667144603236\Setup.exe
Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe After Effects CS3 Third Party Content-->C:\Program Files\Common Files\Adobe\Installers\3675c95c239b992d5d0ee8fce969b9e\Setup.exe
Adobe After Effects CS3 Third Party Content-->MsiExec.exe /I{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}
Adobe After Effects CS3-->MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Contribute CS3-->MsiExec.exe /I{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}
Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{8718DC03-D066-4957-94E5-50C3C5042E8E}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe Encore CS3 Codecs-->MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}
Adobe Encore CS3-->MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3-->MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Photoshop Lightroom 2.1-->MsiExec.exe /I{42A96544-2842-444E-8A27-A61848DDEC87}
Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content-->MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Premiere Pro CS3-->MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Setup-->MsiExec.exe /I{004685F7-9FB6-4789-812F-59ABB34A55AF}
Adobe Setup-->MsiExec.exe /I{4458C442-7376-4CF9-AF58-E8CEA6722363}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Soundbooth CS3 Codecs-->MsiExec.exe /I{0327FA9D-975C-448C-A086-577D57BB25B8}
Adobe Soundbooth CS3-->MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server-->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0009 -removeonly
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support-->MsiExec.exe /I{162B71B8-8464-4680-A086-601D555B331D}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assassin's Creed-->C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0009 -removeonly
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Autodesk 3ds Max Design 2009 32-bit Additional Maps and Material Libraries-->MsiExec.exe /I{F681200C-0446-0409-ABE4-EA9105E40EE4}
Autodesk 3ds Max Design 2009 32-bit Architectural Materials Library-->MsiExec.exe /I{C251E4E6-89BA-0409-9B42-1B3D01D34783}
Autodesk 3ds Max Design 2009 32-bit Movies-->MsiExec.exe /I{305D5417-E687-0409-AA09-53DE06E059F8}
Autodesk 3ds Max Design 2009 32-bit ProMaterials™ Library-->MsiExec.exe /I{2AB45FAF-2D92-0409-8D33-E2FE6172280E}
Autodesk 3ds Max Design 2009 32-bit Vault 2008 Plug-In-->MsiExec.exe /I{EFCBBB01-F876-0409-B91F-7B6132E8BB64}
Autodesk 3ds Max Design 2009 32-bit Vault 2009 Plug-In-->MsiExec.exe /I{744A5C19-AA4C-0409-BC07-9F4C73C8B247}
Autodesk 3ds Max Design 2009 32-bit-->MsiExec.exe /I{FDD8070F-E3B9-0409-822C-CCFE5E82C14D}
Autodesk DWF Viewer 7-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Backburner-->MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
BitLord 1.1-->C:\Program Files\BitLord\uninst.exe
Bluerock Technologies Flight Studio 3ds Max Design 2009 32-bit-->MsiExec.exe /I{0B56244C-7B61-0409-A739-3E29DDE4DC3C}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Call of Duty® - World at War™ 1.2 Patch-->C:\Program Files\InstallShield Installation Information\{2BF0AE92-C3BC-4112-9066-1546342B1FAE}\setup.exe -runfromtemp -l0x0409
Call of Duty® - World at War™-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x0409
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Crysis®-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
DeadAIM-->MsiExec.exe /I{0F8F3415-CB0A-49A6-A23A-D8390444B127}
DEVIL MAY CRY 4-->MsiExec.exe /I{D4E5A687-797D-44B1-8F96-4FD7A24166A9}
DirectX10 LV (Last Version)-->"C:\Program Files\Common Files\unins000.exe"
DiskAid 2.12-->"C:\Program Files\DigiDNA\DiskAid\unins000.exe"
Dual-Core Optimizer-->MsiExec.exe /X{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
FBX Plugin 2009.0 for Max 2009-->C:\Program Files\Autodesk\FBX\FbxPlugins\2009.0\Max2009\Uninstall.exe
FEAR Extraction Point-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{909BBDB7-BABE-434C-9124-863A9F8D1CF8}\setup.exe" -l0x9 -removeonly
FEAR Perseus Mandate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D0BB1D1-E9FB-49E9-A9C1-09C00F38DA0C}\setup.exe" -l0x9 -removeonly
FEAR-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B653229-9854-4989-B780-D978F5F13EAB}\setup.exe" -l0x9 /zU -removeonly
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
Half-Life 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/220
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{C26B06A9-27BB-45B0-9873-9C623EC2BA38}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
K-Lite Mega Codec Pack 4.2.5-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Left 4 Dead-->"C:\Program Files\Steam\steam.exe" steam://uninstall/500
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech QuickCam Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
Logitech QuickCam-->MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Lunia-->"c:\ijji\ENGLISH\Lunia\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapleStory-->MsiExec.exe /I{86F3A89F-94A4-4D15-99DB-B1BDAD96546C}
Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mirror's Edge™-->MsiExec.exe /X{AEDBD563-24BB-4EE3-8366-A654DAC2D988}
Mozilla Firefox (3.0.9)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Nero 8 Ultra Edition HD-->MsiExec.exe /X{D6C9AF27-9414-46C8-B9D8-D878BA041033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nTune-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
NVIDIA PhysX-->MsiExec.exe /X{8AAB4176-A747-493A-A42C-B63CFADFD8E3}
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Portal-->"C:\Program Files\Steam\steam.exe" steam://uninstall/400
Prey-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A785BBA7-3FB9-4D81-BC35-4A2028915ACB}\setup.exe" -l0x9 -removeonly
Prince of Persia T2T-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}\setup.exe" -l0x9 -removeonly
Psychonauts-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A129D1F2-CAC4-4AD7-B26D-3C6411B87DCC}\setup.exe" -l0x9 -removeonly
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
Quake Live Mozilla Plugin-->MsiExec.exe /I{6F3F58D0-6CE9-4B76-B3C2-9E5BD6323992}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
resident evil 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DFFCDB41-C2DA-47D6-96FF-03C05C0BEA22}\install.exe" -l0x9 -removeonly
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Team Fortress 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/440
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
Turbo Squid Tentacles 3ds Max 2009 32-bit-->MsiExec.exe /X{7A046E1F-BEB7-49C8-83E2-78E1F1C65C60}
UltraISO Premium V9.32-->"C:\Program Files\UltraISO\unins000.exe"
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb959141)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CC6191C2-B0CE-473C-AD77-61EA3497D796}
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Vertus Fluid Mask 3 3.0.2-->"C:\Program Files\Vertus Fluid Mask 3\Uninstall.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
V-Ray for 3dsmax 2009 for x86-->"C:\Program Files\Chaos Group\V-Ray\3dsmax 2009 for x86\uninstall\wininstaller.exe"-uninstall="C:\Program Files\Chaos Group\V-Ray\3dsmax 2009 for x86\uninstall\install.log" -uninstallApp="V-Ray for 3dsmax 2009 for x86"
Wanted: Weapons of Fate-->"C:\Program Files\InstallShield Installation Information\{9312191B-30A5-44E1-8D8D-6936FE06CDE8}\setup.exe" -runfromtemp -l0x0009 -removeonly
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

=====HijackThis Backups=====

O4 - HKLM\..\Run: [nogulejasi] Rundll32.exe "C:\WINDOWS\system32\siruboma.dll",s [2009-04-26]
O4 - HKLM\..\Run: [bcfbc0b5] rundll32.exe "C:\WINDOWS\system32\wavowibi.dll",b [2009-04-26]
O4 - HKLM\..\Run: [CPMbfc8f329] Rundll32.exe "c:\windows\system32\guvegavu.dll",a [2009-04-26]
O4 - HKLM\..\Run: [CPMbfc8f329] Rundll32.exe "c:\windows\system32\guvegavu.dll",a [2009-04-26]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: TONYPRIME
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 5115
Source Name: Tcpip
Time Written: 20090331123036.000000-300
Event Type: warning
User:

Computer Name: TONYPRIME
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 5114
Source Name: Tcpip
Time Written: 20090331120246.000000-300
Event Type: warning
User:

Computer Name: TONYPRIME
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 5113
Source Name: Tcpip
Time Written: 20090331114639.000000-300
Event Type: warning
User:

Computer Name: TONYPRIME
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 5063
Source Name: W32Time
Time Written: 20090331020401.000000-300
Event Type: warning
User:

Computer Name: TONYPRIME
Event Code: 7034
Message: The PnkBstrB service terminated unexpectedly. It has done this 1 time(s).

Record Number: 4991
Source Name: Service Control Manager
Time Written: 20090330040444.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: TONYPRIME
Event Code: 10005
Message: Product: Windows Live Communications Platform -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2762. The arguments are: , ,

Record Number: 673
Source Name: MsiInstaller
Time Written: 20090221193933.000000-360
Event Type: error
User: TONYPRIME\Tony

Computer Name: TONYPRIME
Event Code: 1000
Message: Faulting application launcher.exe, version 1.0.0.5, faulting module ieframe.dll, version 7.0.6000.16791, fault address 0x0003bf60.

Record Number: 661
Source Name: Application Error
Time Written: 20090221005554.000000-360
Event Type: error
User:

Computer Name: TONYPRIME
Event Code: 1004
Message: Detection of product '{0AAA9C97-74D4-47CE-B089-0B147EF3553C}', feature 'MsgrFeat', component '{33EF8657-5705-47D4-B01F-E96A27C1D8BD}' failed. The resource 'HKEY_CLASSES_ROOT\Typelib\{53CED51D-432B-45B2-A3E0-0CE2C24235D4}\' does not exist.

Record Number: 638
Source Name: MsiInstaller
Time Written: 20090219093149.000000-360
Event Type: warning
User: TONYPRIME\Tony

Computer Name: TONYPRIME
Event Code: 1000
Message: Faulting application firefox.exe, version 1.9.0.3306, faulting module xul.dll, version 1.9.0.3306, fault address 0x00006c00.

Record Number: 630
Source Name: Application Error
Time Written: 20090219022445.000000-360
Event Type: error
User:

Computer Name: TONYPRIME
Event Code: 1000
Message: Faulting application aim.exe, version 5.9.6089.0, faulting module unknown, version 0.0.0.0, fault address 0x1221254f.

Record Number: 622
Source Name: Application Error
Time Written: 20090218183509.000000-360
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Autodesk\Backburner\;C:\Program Files\Common Files\Autodesk Shared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=4303
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


___________________________________________________________


GMER Results

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-28 11:48:20
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

INT 0x63 ? 8A4C4BF8
INT 0x63 ? 8A4C4BF8
INT 0x63 ? 8A309BF8
INT 0x63 ? 8A309BF8
INT 0x63 ? 8A4C4BF8
INT 0xA4 ? 8A309BF8

Code 8A1CDAE0 ZwEnumerateKey
Code 8A1CDD38 ZwFlushInstructionCache
Code 8A1CC4FE IofCallDriver
Code 8A1CC206 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 8A1CC503
.text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 8A1CC20B
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6812 5 Bytes JMP 8A1CDD3C
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF0 5 Bytes JMP 8A1CDAE4
? oeemcve.sys The system cannot find the file specified. !
? spgj.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B971C8AC 5 Bytes JMP 8A3091D8

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[3220] WS2_32.dll!send 71AB4C27 6 Bytes PUSH 00D13D54; RET C:\WINDOWS\system32\autochk.dll (lib/ )
.text C:\Program Files\Mozilla Firefox\firefox.exe[3220] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes PUSH 00D13BA7; RET C:\WINDOWS\system32\autochk.dll (lib/ )
.text C:\Program Files\Mozilla Firefox\firefox.exe[3220] WS2_32.dll!recv 71AB676F 6 Bytes PUSH 00D13C31; RET C:\WINDOWS\system32\autochk.dll (lib/ )
.text C:\Program Files\Mozilla Firefox\firefox.exe[3220] WS2_32.dll!WSASend 71AB68FA 6 Bytes PUSH 00D13CD8; RET C:\WINDOWS\system32\autochk.dll (lib/ )

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA9040] spgj.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA913C] spgj.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA90BE] spgj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA97FC] spgj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA96D2] spgj.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B52F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B52CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B52D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B52CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2044] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CF2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2044] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CF2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2044] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00CF2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2044] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CF2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT \\?\globalroot\systemroot\system32\rundll32.exe[3064] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009B2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT \\?\globalroot\systemroot\system32\rundll32.exe[3064] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009B2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT \\?\globalroot\systemroot\system32\rundll32.exe[3064] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009B2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT \\?\globalroot\systemroot\system32\rundll32.exe[3064] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009B2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B02F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B02CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B02D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B02CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Tony\Desktop\GAMERS.exe[3900] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B52F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Tony\Desktop\GAMERS.exe[3900] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B52CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Tony\Desktop\GAMERS.exe[3900] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B52D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Tony\Desktop\GAMERS.exe[3900] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B52CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A4C31F8
Device \Driver\usbohci \Device\USBPDO-0 8A17D1F8
Device \Driver\usbehci \Device\USBPDO-1 8A1791F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A4561F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A4561F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A4561F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A4561F8
Device \Driver\usbohci \Device\USBPDO-2 8A17D1F8
Device \Driver\PCI_PNP6358 \Device\00000046 spgj.sys
Device \Driver\usbehci \Device\USBPDO-3 8A1791F8

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A4C51F8
Device \Driver\Cdrom \Device\CdRom0 8A23B500
Device \Driver\sptd \Device\3053023858 spgj.sys
Device \Driver\Cdrom \Device\CdRom1 8A23B500
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A025500
Device \Driver\NetBT \Device\NetbiosSmb 8A025500
Device \Driver\NetBT \Device\NetBT_Tcpip_{F9C34317-2F85-4F16-B906-73B8D6A77965} 8A025500
Device \Driver\usbohci \Device\USBFDO-0 8A17D1F8
Device \Driver\usbehci \Device\USBFDO-1 8A1791F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A029500
Device \Driver\usbohci \Device\USBFDO-2 8A17D1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A029500
Device \Driver\usbehci \Device\USBFDO-3 8A1791F8
Device \Driver\Ftdisk \Device\FtControl 8A4C51F8
Device \Driver\a1nz3vuo \Device\Scsi\a1nz3vuo1 8A2051F8
Device \Driver\a1nz3vuo \Device\Scsi\a1nz3vuo1Port4Path0Target0Lun0 8A2051F8
Device \FileSystem\Cdfs \Cdfs 8A040500

---- EOF - GMER 1.0.15 ----


thank you

#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 28 April 2009 - 11:57 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1
Link 2
Link 3
Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#6 tonyprime

tonyprime
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 28 April 2009 - 02:47 PM

ComboFix Log

ComboFix 09-04-27.05 - Tony 04/28/2009 14:33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2607 [GMT -5:00]
Running from: c:\documents and settings\Tony\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Tony\Start Menu\Programs\Startup\ChkDisk.dll
c:\windows\ihatufoq.dll
c:\windows\invcic.dll
c:\windows\izibuxidetayol.dll
c:\windows\system32\advapi32new.dll
c:\windows\system32\apphelpnew.dll
c:\windows\system32\avrt.dll
c:\windows\system32\crypt32new.dll
c:\windows\system32\d3d10core.dll
c:\windows\system32\D3DX10d_39.dll
c:\windows\system32\drivers\ovfsthypritetepxgilmowkrilqmyqmtlptkow.sys
c:\windows\system32\dxgi.dll
c:\windows\system32\guvegavu.dll
c:\windows\system32\kernel32new.dll
c:\windows\system32\msssc.dll
c:\windows\system32\ntdsapinew.dll
c:\windows\system32\ovfsthfxvepdhbdauourgfwenvkmfyajkrjydj.dll
c:\windows\system32\ovfsthlthespswqxrldactrtigfvsqbqhpsxvj.dat
c:\windows\system32\ovfsthsdvvjhlpicybyygjfdwmubgqeowlrbel.dat
c:\windows\system32\ovfsthwomtbbacpulkagixphepejhsqcjrsexp.dll
c:\windows\system32\ovfsthwswqbkrmovgqybltymxmewqqcvefbxya.dll
c:\windows\system32\powrprofnew.dll
c:\windows\system32\prsgrc.dll
c:\windows\system32\secur32new.dll
c:\windows\system32\ssprs.dll
c:\windows\system32\uniq.tll
c:\windows\system32\user32new.dll
c:\windows\system32\win32hlp.cnf
c:\windows\system32\winstanew.dll
c:\windows\unibumeru.dll

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\system32\init32.exe


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthxfmplwxwgkciqhkyvjbiqmaprbdmrxda


((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-28 )))))))))))))))))))))))))))))))
.

2009-04-28 16:45 . 2009-04-28 16:45 -------- d-----w C:\rsit
2009-04-28 16:03 . 2009-04-28 16:03 -------- d-----w c:\program files\ERUNT
2009-04-28 04:01 . 2009-04-28 04:01 29696 ----a-w c:\windows\system32\loader49.exe
2009-04-27 02:01 . 2009-04-27 02:01 -------- d-----w c:\program files\Trend Micro
2009-04-26 21:07 . 2009-04-26 21:07 -------- d-----w C:\Nexon
2009-04-25 17:11 . 2009-04-25 17:11 -------- d-----w c:\program files\Common Files\EZB Systems
2009-04-25 07:09 . 2009-03-09 20:27 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-04-25 07:09 . 2009-03-09 20:27 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-04-25 07:09 . 2009-03-09 20:27 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-04-25 07:09 . 2009-03-16 19:18 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-04-25 07:09 . 2009-03-16 19:18 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-04-25 07:09 . 2009-03-16 19:18 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-04-25 07:09 . 2009-03-16 19:18 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-04-24 20:50 . 2009-04-24 20:50 -------- d-----w c:\program files\Common Files\ChaosGroup
2009-04-24 10:58 . 2009-04-24 10:58 -------- d-----w c:\program files\Chaos Group
2009-04-24 10:40 . 2009-04-24 10:41 -------- d-----w c:\documents and settings\Tony\Application Data\Autodesk
2009-04-24 10:36 . 2009-04-25 17:09 -------- d-----w c:\program files\Turbo Squid Tentacles
2009-04-24 10:35 . 2009-04-24 10:35 -------- d-----w c:\program files\Microsoft WSE
2009-04-24 10:31 . 2009-04-24 10:31 206136 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-24 10:30 . 2009-04-25 17:09 -------- d-----w c:\windows\system32\XPSViewer
2009-04-24 10:30 . 2009-04-24 10:30 -------- d-----w c:\program files\Reference Assemblies
2009-04-24 10:29 . 2006-06-29 18:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-04-24 10:00 . 2009-04-25 17:10 -------- d-----w c:\program files\UltraISO
2009-04-23 15:04 . 2009-04-25 17:11 -------- d-----w c:\documents and settings\Tony\Local Settings\Application Data\{55109E2E-8B88-4F74-80E6-99B4104A2A98}
2009-04-23 03:24 . 2009-04-27 06:36 0 ----a-w c:\windows\Ljohe.bin
2009-04-20 09:11 . 2009-04-23 06:09 300 ----a-w c:\windows\Gredigereciyozo.dat
2009-04-19 00:26 . 2008-03-09 12:25 236 ---ha-w c:\program files\Common Files\dx.reg
2009-04-19 00:26 . 2008-04-23 03:20 1584149 ----a-w c:\windows\system32\setupapinew.dll
2009-04-19 00:26 . 2008-05-04 22:42 789525 ----a-w c:\windows\system32\rpcrt4new.dll
2009-04-19 00:26 . 2007-04-18 07:13 25037 ----a-w c:\windows\system32\Nucleus.dll
2009-04-19 00:26 . 2006-11-02 17:47 1162656 ----a-w c:\windows\system32\ntdllnew.dll
2009-04-19 00:26 . 2007-10-24 05:47 635904 ----a-w c:\windows\system32\msvcrtnew.dll
2009-04-19 00:26 . 2004-12-08 21:57 376832 ----a-w c:\windows\system32\M2000Twn.dll
2009-04-19 00:26 . 2005-11-14 16:40 29184 ----a-w c:\windows\system32\dwmapi.dll
2009-04-19 00:26 . 2006-11-29 17:06 440080 ----a-w c:\windows\system32\d3dx10.dll
2009-04-19 00:26 . 2005-12-15 13:57 928768 ----a-w c:\windows\system32\d3d10.dll
2009-04-18 20:52 . 2009-04-18 20:52 -------- d-----w c:\documents and settings\Tony\Local Settings\Application Data\CAPCOM
2009-04-17 05:21 . 2009-04-17 05:21 -------- d-----w c:\documents and settings\All Users\Application Data\id Software
2009-04-16 08:28 . 2009-04-16 08:28 -------- d-----w C:\8cadaecf6c753cc4cf737f42d5
2009-04-15 17:58 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-09 05:08 . 2009-04-09 05:08 -------- d-----w c:\documents and settings\All Users\Application Data\wanted
2009-04-09 05:08 . 2009-04-09 05:08 -------- d-----w c:\documents and settings\Tony\Local Settings\Application Data\wanted
2009-04-09 05:03 . 2009-04-09 05:03 -------- d-----w c:\program files\OpenAL
2009-04-09 05:03 . 2009-04-09 05:03 418480 ----a-w c:\windows\system32\wrap_oal.dll
2009-04-09 05:03 . 2009-04-09 05:03 115432 ----a-w c:\windows\system32\OpenAL32.dll
2009-04-09 04:54 . 2009-04-09 04:54 -------- d-----w c:\program files\WarnerBros
2009-04-08 04:21 . 2009-04-25 17:11 -------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2009-04-08 04:19 . 2009-04-25 17:12 -------- d-----w c:\program files\Common Files\Autodesk Shared
2009-04-08 04:19 . 2009-04-24 10:32 -------- d-----w c:\program files\Autodesk
2009-04-08 04:19 . 2009-04-08 04:19 -------- d-----w c:\documents and settings\Tony\Local Settings\Application Data\Autodesk
2009-04-04 21:04 . 2009-04-04 21:04 -------- d-----w c:\program files\EA Games
2009-04-03 19:05 . 2009-04-03 19:05 -------- d-----w C:\ProgramData
2009-04-03 19:05 . 2009-04-04 20:45 -------- d-----w c:\documents and settings\All Users\Application Data\Electronic Arts
2009-04-03 18:55 . 2009-04-03 18:55 -------- d-----w c:\windows\E4D153288C89484BB9AAF5BE9EA6D01C.TMP
2009-04-03 08:55 . 2009-04-15 04:13 -------- d-----w c:\documents and settings\Tony\Application Data\DiskAid
2009-04-03 08:55 . 2009-04-03 08:55 -------- d-----w c:\program files\DigiDNA
2009-04-02 06:53 . 2008-10-08 08:03 120568 ------w c:\windows\system32\pxcpyi64.exe
2009-04-02 06:53 . 2008-10-08 08:03 118256 ------w c:\windows\system32\pxinsi64.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-28 16:06 . 2009-02-07 18:24 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-28 05:36 . 2009-02-07 04:27 -------- d-----w c:\program files\Steam
2009-04-28 03:08 . 2009-02-07 09:55 138944 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-28 03:08 . 2009-02-07 09:55 189784 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-27 06:39 . 2009-02-07 07:44 -------- d-----w c:\program files\CCleaner
2009-04-27 01:47 . 2009-04-27 01:47 2999 ----a-w c:\program files\Common Files\unins000.dat
2009-04-27 01:47 . 2009-04-27 01:47 728858 ----a-w c:\program files\Common Files\unins000.exe
2009-04-26 09:11 . 2009-02-09 02:57 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-04-26 09:10 . 2009-02-07 18:24 -------- d-----w c:\program files\SpywareBlaster
2009-04-25 23:02 . 2009-03-21 05:04 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-25 23:02 . 2009-03-21 05:04 325128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-24 17:35 . 2009-02-09 21:29 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-24 17:34 . 2009-02-07 18:34 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-24 10:41 . 2009-02-07 04:16 79272 ----a-w c:\documents and settings\Tony\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-24 10:31 . 2009-02-07 07:49 -------- d-----w c:\program files\MSBuild
2009-04-17 05:24 . 2009-02-07 09:55 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-04-17 05:21 . 2009-02-07 09:55 22328 ----a-w c:\documents and settings\Tony\Application Data\PnkBstrK.sys
2009-04-17 05:21 . 2009-02-07 09:55 2246144 ----a-w c:\windows\system32\pbsvc.exe
2009-04-09 04:54 . 2009-02-06 15:17 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-06 20:32 . 2009-02-07 18:24 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 20:32 . 2009-02-07 18:24 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-03 19:05 . 2009-02-07 09:44 -------- d-----w c:\program files\Electronic Arts
2009-04-03 18:55 . 2009-02-07 04:13 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-31 15:44 . 2009-03-15 06:13 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-03-31 15:44 . 2009-03-15 06:11 0 ----a-w c:\windows\system32\drivers\logiflt.iad
2009-03-30 17:21 . 2009-02-07 04:13 -------- d-----w c:\program files\AGEIA Technologies
2009-03-28 20:41 . 2009-03-28 20:41 -------- d-----w c:\program files\id Software
2009-03-22 18:09 . 2009-03-22 18:09 -------- d-----w c:\program files\Common Files\DirectX
2009-03-21 09:51 . 2009-03-21 09:48 -------- d-----w c:\program files\Vertus Fluid Mask 3
2009-03-21 09:48 . 2008-04-14 10:41 1024 ----a-w c:\windows\system32\kzqj27o.dll
2009-03-21 09:48 . 2008-04-14 10:41 1024 ----a-w c:\windows\system32\grcauth2.dll
2009-03-21 09:48 . 2008-04-14 10:41 1024 ----a-w c:\windows\system32\grcauth1.dll
2009-03-21 09:48 . 2008-04-14 10:41 1024 ----a-w c:\windows\system32\clauth2.dll
2009-03-21 09:48 . 2008-04-14 10:41 1024 ----a-w c:\windows\system32\clauth1.dll
2009-03-21 09:47 . 2009-03-21 09:46 -------- d-----w c:\program files\iTunes
2009-03-21 09:46 . 2009-03-21 09:46 -------- d-----w c:\program files\iPod
2009-03-21 09:46 . 2009-02-15 18:32 -------- d-----w c:\program files\Bonjour
2009-03-21 09:46 . 2009-02-15 18:42 -------- d-----w c:\program files\QuickTime
2009-03-04 01:45 . 2009-03-04 01:45 -------- d-----w c:\program files\Audacity
2009-03-03 00:18 . 2008-05-25 14:26 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-02 06:08 . 2009-03-02 00:56 -------- d-----w c:\program files\F.E.A.R. 2
2009-02-20 18:09 . 2008-05-25 14:25 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2008-04-14 10:41 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2008-04-14 10:42 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2008-04-14 10:41 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2008-04-14 10:41 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 11:13 . 2008-04-14 06:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 02:58 . 2009-02-09 02:58 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-02-09 02:58 . 2009-02-09 02:58 360192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-02-08 01:41 . 2009-02-08 01:41 98304 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-07 10:06 . 2009-02-07 10:06 127 ----a-w c:\documents and settings\Tony\Local Settings\Application Data\fusioncache.dat
2009-02-07 07:44 . 2009-02-07 07:44 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-02-07 07:41 . 2009-02-06 15:09 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-07 04:14 . 2009-02-07 04:14 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-02-07 04:14 . 2009-02-07 04:14 410984 ----a-w c:\windows\system32\deploytk.dll
2009-02-07 04:02 . 2009-02-07 04:02 0 ----a-w c:\windows\nsreg.dat
2009-02-07 00:52 . 2009-02-07 00:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 15:09 . 2004-08-04 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-02-06 15:07 . 2009-02-06 15:07 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-02-06 11:11 . 2008-04-14 10:42 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2008-04-14 05:54 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-04 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2008-04-14 00:01 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2008-04-14 10:42 56832 ----a-w c:\windows\system32\secur32.dll
.

------- Sigcheck -------

[-] 2008-05-25 14:26 1614848 362BC5AF8EAF712832C58CC13AE05750 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-25 1601304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

c:\documents and settings\Tony\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-25 23:02 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli invcic.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Tony^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Tony\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Vniyune"=rundll32.exe "c:\windows\iloxebuxe.dll",e
"CPMbfc8f329"=Rundll32.exe "c:\windows\system32\sagenumi.dll",a

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEARMP.exe"=
"c:\\Program Files\\Quake III Arena\\quake3.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Steam\\steamapps\\tonyprime\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\petervu1172@sbcglobal.net\\counter-strike\\hl.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEARXP\\FEARXP.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\IJJIGame\\PLauncher.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Sierra Entertainment\\FEAR Perseus Mandate\\FEARXP2.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Nexon\\MapleStory\\MapleStory.exe"=
"c:\\Nexon\\MapleStory\\GameGuard\\GameGuard.des"=
"c:\\Program Files\\AVG\\AVG8\\avgui.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgtray.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58292:TCP"= 58292:TCP:Pando Media Booster
"58292:UDP"= 58292:UDP:Pando Media Booster
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"57915:TCP"= 57915:TCP:Pando Media Booster
"57915:UDP"= 57915:UDP:Pando Media Booster

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-24 64160]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-25 325128]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-25 298264]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-24 953168]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-02-09 603904]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2008-01-11 31392]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d011d8b-f55f-11dd-8fb3-00221501ce09}]
\Shell\AutoRun\command - g1ljsm.com
\Shell\open\Command - g1ljsm.com
.
Contents of the 'Scheduled Tasks' folder

2009-04-28 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 03:36]

2009-04-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 17:33]
.
- - - - ORPHANS REMOVED - - - -

Notify-ljJBsron - ljJBsron.dll


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\6kg5tb12.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-28 14:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(6284)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\mshtml.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\WgaTray.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2009-04-28 14:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-28 19:44

Pre-Run: 246,383,828,992 bytes free
Post-Run: 246,332,891,136 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /NoExecute=OptIn

383 --- E O F --- 2009-04-28 01:31


and fresh hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:46:30 PM, on 4/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u1...=javadl.sun.com
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: npkcmsvc - Unknown owner - C:\Program Files\Wizet\MapleStory\npkcmsvc.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 9723 bytes

#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 28 April 2009 - 03:00 PM

1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
c:\windows\system32\loader49.exe
c:\windows\Ljohe.bin
c:\windows\Gredigereciyozo.dat
c:\program files\Common Files\dx.reg
c:\windows\system32\kzqj27o.dll
c:\windows\system32\grcauth2.dll
c:\windows\system32\grcauth1.dll
c:\windows\system32\clauth2.dll
c:\windows\system32\clauth1.dll
c:\windows\system32\drivers\lvuvc.hs
c:\windows\system32\drivers\logiflt.iad
c:\windows\iloxebuxe.dll
c:\windows\system32\sagenumi.dll

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Vniyune"=-
"CPMbfc8f329"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d011d8b-f55f-11dd-8fb3-00221501ce09}]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 tonyprime

tonyprime
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 28 April 2009 - 10:26 PM

Combofix.txt

ComboFix 09-04-28.02 - Tony 04/28/2009 22:11.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2283 [GMT -5:00]
Running from: c:\documents and settings\Tony\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tony\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\program files\Common Files\dx.reg
c:\windows\Gredigereciyozo.dat
c:\windows\iloxebuxe.dll
c:\windows\Ljohe.bin
c:\windows\system32\clauth1.dll
c:\windows\system32\clauth2.dll
c:\windows\system32\drivers\logiflt.iad
c:\windows\system32\drivers\lvuvc.hs
c:\windows\system32\grcauth1.dll
c:\windows\system32\grcauth2.dll
c:\windows\system32\kzqj27o.dll
c:\windows\system32\loader49.exe
c:\windows\system32\sagenumi.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\dx.reg
c:\windows\Gredigereciyozo.dat
c:\windows\Ljohe.bin
c:\windows\system32\clauth1.dll
c:\windows\system32\clauth2.dll
c:\windows\system32\drivers\logiflt.iad
c:\windows\system32\drivers\lvuvc.hs
c:\windows\system32\grcauth1.dll
c:\windows\system32\grcauth2.dll
c:\windows\system32\kzqj27o.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-29 )))))))))))))))))))))))))))))))
.

2009-04-28 16:45 . 2009-04-28 16:45 -------- d-----w C:\rsit
2009-04-28 16:03 . 2009-04-28 16:03 -------- d-----w c:\program files\ERUNT
2009-04-27 02:01 . 2009-04-27 02:01 -------- d-----w c:\program files\Trend Micro
2009-04-26 21:07 . 2009-04-26 21:07 -------- d-----w C:\Nexon
2009-04-25 17:11 . 2009-04-25 17:11 -------- d-----w c:\program files\Common Files\EZB Systems
2009-04-25 07:09 . 2009-03-09 20:27 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-04-25 07:09 . 2009-03-09 20:27 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-04-25 07:09 . 2009-03-09 20:27 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-04-25 07:09 . 2009-03-16 19:18 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-04-25 07:09 . 2009-03-16 19:18 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-04-25 07:09 . 2009-03-16 19:18 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-04-25 07:09 . 2009-03-16 19:18 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-04-24 20:50 . 2009-04-24 20:50 -------- d-----w c:\program files\Common Files\ChaosGroup
2009-04-24 10:58 . 2009-04-24 10:58 -------- d-----w c:\program files\Chaos Group
2009-04-24 10:40 . 2009-04-24 10:41 -------- d-----w c:\documents and settings\Tony\Application Data\Autodesk
2009-04-24 10:36 . 2009-04-25 17:09 -------- d-----w c:\program files\Turbo Squid Tentacles
2009-04-24 10:35 . 2009-04-24 10:35 -------- d-----w c:\program files\Microsoft WSE
2009-04-24 10:31 . 2009-04-24 10:31 206136 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-24 10:30 . 2009-04-25 17:09 -------- d-----w c:\windows\system32\XPSViewer
2009-04-24 10:30 . 2009-04-24 10:30 -------- d-----w c:\program files\Reference Assemblies
2009-04-24 10:29 . 2006-06-29 18:07 14048 ------w c:\windows\system32\spmsg2.dll
2009-04-24 10:00 . 2009-04-25 17:10 -------- d-----w c:\program files\UltraISO
2009-04-23 15:04 . 2009-04-25 17:11 -------- d-----w c:\documents and settings\Tony\Local Settings\Application Data\{55109E2E-8B88-4F74-80E6-99B4104A2A98}
2009-04-19 00:26 . 2008-04-23 03:20 1584149 ----a-w c:\windows\system32\setupapinew.dll
2009-04-19 00:26 . 2008-05-04 22:42 789525 ----a-w c:\windows\system32\rpcrt4new.dll
2009-04-19 00:26 . 2007-04-18 07:13 25037 ----a-w c:\windows\system32\Nucleus.dll
2009-04-19 00:26 . 2006-11-02 17:47 1162656 ----a-w c:\windows\system32\ntdllnew.dll
2009-04-19 00:26 . 2007-10-24 05:47 635904 ----a-w c:\windows\system32\msvcrtnew.dll
2009-04-19 00:26 . 2004-12-08 21:57 376832 ----a-w c:\windows\system32\M2000Twn.dll
2009-04-19 00:26 . 2005-11-14 16:40 29184 ----a-w c:\windows\system32\dwmapi.dll
2009-04-19 00:26 . 2006-11-29 17:06 440080 ----a-w c:\windows\system32\d3dx10.dll
2009-04-19 00:26 . 2005-12-15 13:57 928768 ----a-w c:\windows\system32\d3d10.dll
2009-04-18 20:52 . 2009-04-18 20:52 -------- d-----w c:\documents and settings\Tony\Local Settings\Application Data\CAPCOM
2009-04-17 05:21 . 2009-04-17 05:21 -------- d-----w c:\documents and settings\All Users\Application Data\id Software
2009-04-16 08:28 . 2009-04-16 08:28 -------- d-----w C:\8cadaecf6c753cc4cf737f42d5
2009-04-15 17:58 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-09 05:08 . 2009-04-09 05:08 -------- d-----w c:\documents and settings\All Users\Application Data\wanted
2009-04-09 05:08 . 2009-04-09 05:08 -------- d-----w c:\documents and settings\Tony\Local Settings\Application Data\wanted
2009-04-09 05:03 . 2009-04-09 05:03 -------- d-----w c:\program files\OpenAL
2009-04-09 05:03 . 2009-04-09 05:03 418480 ----a-w c:\windows\system32\wrap_oal.dll
2009-04-09 05:03 . 2009-04-09 05:03 115432 ----a-w c:\windows\system32\OpenAL32.dll
2009-04-09 04:54 . 2009-04-09 04:54 -------- d-----w c:\program files\WarnerBros
2009-04-08 04:21 . 2009-04-25 17:11 -------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2009-04-08 04:19 . 2009-04-25 17:12 -------- d-----w c:\program files\Common Files\Autodesk Shared
2009-04-08 04:19 . 2009-04-24 10:32 -------- d-----w c:\program files\Autodesk
2009-04-08 04:19 . 2009-04-08 04:19 -------- d-----w c:\documents and settings\Tony\Local Settings\Application Data\Autodesk
2009-04-04 21:04 . 2009-04-04 21:04 -------- d-----w c:\program files\EA Games
2009-04-03 19:05 . 2009-04-03 19:05 -------- d-----w C:\ProgramData
2009-04-03 19:05 . 2009-04-04 20:45 -------- d-----w c:\documents and settings\All Users\Application Data\Electronic Arts
2009-04-03 18:55 . 2009-04-03 18:55 -------- d-----w c:\windows\E4D153288C89484BB9AAF5BE9EA6D01C.TMP
2009-04-03 08:55 . 2009-04-15 04:13 -------- d-----w c:\documents and settings\Tony\Application Data\DiskAid
2009-04-03 08:55 . 2009-04-03 08:55 -------- d-----w c:\program files\DigiDNA
2009-04-02 06:53 . 2008-10-08 08:03 120568 ------w c:\windows\system32\pxcpyi64.exe
2009-04-02 06:53 . 2008-10-08 08:03 118256 ------w c:\windows\system32\pxinsi64.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-28 16:06 . 2009-02-07 18:24 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-28 05:36 . 2009-02-07 04:27 -------- d-----w c:\program files\Steam
2009-04-28 03:08 . 2009-02-07 09:55 138944 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-28 03:08 . 2009-02-07 09:55 189784 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-27 06:39 . 2009-02-07 07:44 -------- d-----w c:\program files\CCleaner
2009-04-27 01:47 . 2009-04-27 01:47 2999 ----a-w c:\program files\Common Files\unins000.dat
2009-04-27 01:47 . 2009-04-27 01:47 728858 ----a-w c:\program files\Common Files\unins000.exe
2009-04-26 09:11 . 2009-02-09 02:57 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-04-26 09:10 . 2009-02-07 18:24 -------- d-----w c:\program files\SpywareBlaster
2009-04-25 23:02 . 2009-03-21 05:04 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-25 23:02 . 2009-03-21 05:04 325128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-24 17:35 . 2009-02-09 21:29 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-24 17:34 . 2009-02-07 18:34 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-24 10:41 . 2009-02-07 04:16 79272 ----a-w c:\documents and settings\Tony\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-24 10:31 . 2009-02-07 07:49 -------- d-----w c:\program files\MSBuild
2009-04-17 05:24 . 2009-02-07 09:55 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-04-17 05:21 . 2009-02-07 09:55 22328 ----a-w c:\documents and settings\Tony\Application Data\PnkBstrK.sys
2009-04-17 05:21 . 2009-02-07 09:55 2246144 ----a-w c:\windows\system32\pbsvc.exe
2009-04-09 04:54 . 2009-02-06 15:17 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-06 20:32 . 2009-02-07 18:24 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 20:32 . 2009-02-07 18:24 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-03 19:05 . 2009-02-07 09:44 -------- d-----w c:\program files\Electronic Arts
2009-04-03 18:55 . 2009-02-07 04:13 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-30 17:21 . 2009-02-07 04:13 -------- d-----w c:\program files\AGEIA Technologies
2009-03-28 20:41 . 2009-03-28 20:41 -------- d-----w c:\program files\id Software
2009-03-22 18:09 . 2009-03-22 18:09 -------- d-----w c:\program files\Common Files\DirectX
2009-03-21 09:51 . 2009-03-21 09:48 -------- d-----w c:\program files\Vertus Fluid Mask 3
2009-03-21 09:47 . 2009-03-21 09:46 -------- d-----w c:\program files\iTunes
2009-03-21 09:46 . 2009-03-21 09:46 -------- d-----w c:\program files\iPod
2009-03-21 09:46 . 2009-02-15 18:32 -------- d-----w c:\program files\Bonjour
2009-03-21 09:46 . 2009-02-15 18:42 -------- d-----w c:\program files\QuickTime
2009-03-04 01:45 . 2009-03-04 01:45 -------- d-----w c:\program files\Audacity
2009-03-03 00:18 . 2008-05-25 14:26 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-02 06:08 . 2009-03-02 00:56 -------- d-----w c:\program files\F.E.A.R. 2
2009-02-20 18:09 . 2008-05-25 14:25 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2008-04-14 10:41 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2008-04-14 10:42 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2008-04-14 10:41 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2008-04-14 10:41 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 11:13 . 2008-04-14 06:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 02:58 . 2009-02-09 02:58 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-02-09 02:58 . 2009-02-09 02:58 360192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-02-08 01:41 . 2009-02-08 01:41 98304 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-07 10:06 . 2009-02-07 10:06 127 ----a-w c:\documents and settings\Tony\Local Settings\Application Data\fusioncache.dat
2009-02-07 07:44 . 2009-02-07 07:44 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-02-07 07:41 . 2009-02-06 15:09 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-07 04:14 . 2009-02-07 04:14 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-02-07 04:14 . 2009-02-07 04:14 410984 ----a-w c:\windows\system32\deploytk.dll
2009-02-07 04:02 . 2009-02-07 04:02 0 ----a-w c:\windows\nsreg.dat
2009-02-07 00:52 . 2009-02-07 00:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 15:09 . 2004-08-04 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-02-06 15:07 . 2009-02-06 15:07 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-02-06 11:11 . 2008-04-14 10:42 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:06 . 2008-04-14 05:54 2145280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-04 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2008-04-14 00:01 2023936 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2008-04-14 10:42 56832 ----a-w c:\windows\system32\secur32.dll
.

------- Sigcheck -------

[-] 2008-05-25 14:26 1614848 362BC5AF8EAF712832C58CC13AE05750 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-04-28_19.41.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-29 03:14 . 2009-04-29 03:14 16384 c:\windows\temp\Perflib_Perfdata_700.dat
+ 2009-04-29 03:14 . 2009-04-29 03:14 16384 c:\windows\temp\Perflib_Perfdata_30c.dat
+ 2004-08-04 12:00 . 2009-04-28 19:59 72152 c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2009-04-28 19:41 72152 c:\windows\system32\perfc009.dat
+ 2009-04-16 02:35 . 2009-02-12 10:30 323072 c:\windows\system32\WgaTray.exe
+ 2009-04-16 02:35 . 2009-02-12 10:30 190976 c:\windows\system32\WgaLogon.dll
- 2004-08-04 12:00 . 2009-04-28 19:41 444528 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2009-04-28 19:59 444528 c:\windows\system32\perfh009.dat
+ 2009-04-16 02:35 . 2009-02-12 10:30 1481728 c:\windows\system32\LegitCheckControl.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-05 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 77824]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-25 1601304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-02-20 124928]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

c:\documents and settings\Tony\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-25 23:02 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Tony^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Tony\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEARMP.exe"=
"c:\\Program Files\\Quake III Arena\\quake3.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Steam\\steamapps\\tonyprime\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\petervu1172@sbcglobal.net\\counter-strike\\hl.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEARXP\\FEARXP.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\IJJIGame\\PLauncher.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Sierra Entertainment\\FEAR Perseus Mandate\\FEARXP2.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Nexon\\MapleStory\\MapleStory.exe"=
"c:\\Nexon\\MapleStory\\GameGuard\\GameGuard.des"=
"c:\\Program Files\\AVG\\AVG8\\avgui.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgtray.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58292:TCP"= 58292:TCP:Pando Media Booster
"58292:UDP"= 58292:UDP:Pando Media Booster
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"57915:TCP"= 57915:TCP:Pando Media Booster
"57915:UDP"= 57915:UDP:Pando Media Booster

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-24 64160]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-25 325128]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-25 298264]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-24 953168]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-02-09 603904]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2008-01-11 31392]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-04-29 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 03:36]

2009-04-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 17:33]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\6kg5tb12.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-28 22:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(7656)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2009-04-29 22:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-29 03:17
ComboFix2.txt 2009-04-28 19:44

Pre-Run: 246,283,948,032 bytes free
Post-Run: 246,278,250,496 bytes free

352 --- E O F --- 2009-04-28 01:31


Hijack Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:34 PM, on 4/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u1...=javadl.sun.com
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: npkcmsvc - Unknown owner - C:\Program Files\Wizet\MapleStory\npkcmsvc.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 9658 bytes

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 29 April 2009 - 01:41 AM

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 tonyprime

tonyprime
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 29 April 2009 - 07:38 AM

the computer seems to run alot better now
i use to have the problem where the internet was slow because of them

thank you so much!!

anything else i need to do?

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=4041 (20090428)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=c56a7cea177b5748816710b1aa4ac993
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-04-29 10:45:54
# local_time=2009-04-29 05:45:54 (-0600, Central Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=1030809
# found=4
# scan_time=10640
C:\Documents and Settings\Tony\Desktop\Back UP Flash Drives\Removable Disk (H)\autorun.inf Win32/AutoRun.NM worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Tony\Desktop\Back UP Flash Drives\Removable Disk (H)\PATRIOT (F)\autorun.inf Win32/AutoRun.NM worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Tony\My Documents\My Received Files\MapleX_v0.54.zip Win32/PSW.Mapler.AJ trojan (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Tony\My Documents\My Received Files\MapleX_v0.54.zip »ZIP »MapleX.exe Win32/PSW.Mapler.AJ trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 29 April 2009 - 12:07 PM

Looks good to me.. Lets do some cleanup...


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes


Please read these excellent articles write by my friends:
Preventing Malware and Safe Computing by Rorschach112
What makes your machine slow? by Artellos


Also, please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware


Read these great info's about safe internet surfing..

http://www.pcpitstop.com/spycheck/safesurfing.asp
http://bluefive.pair.com/practice_safe_surfing.htm




Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbup2:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 tonyprime

tonyprime
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 29 April 2009 - 01:46 PM

my computer is running smooth and i got no problems, but just one more question.

I have a usb flash drive and everytime i plug it in to my pc my anti virus auto scan it and it always detects some sort of virus... is it wise to reformat my usb flash drive?

#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 29 April 2009 - 02:51 PM

my computer is running smooth and i got no problems, but just one more question.

I have a usb flash drive and everytime i plug it in to my pc my anti virus auto scan it and it always detects some sort of virus... is it wise to reformat my usb flash drive?



Yup,, Just format the flash drive.. Then do below...

Please download Flash_Disinfector by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Edited by fenzodahl512, 29 April 2009 - 02:51 PM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#14 tonyprime

tonyprime
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 30 April 2009 - 11:29 AM

well thank you sir for helping me out solve my issue... my computer runs normal now

thank you soo much

#15 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 30 April 2009 - 01:25 PM

You are very welcome, I'm glad that we could help.

I will now close this topic. If you need this topic to be re-open, please pm me or Moderators regarding the matter..

If you have any new malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing !

fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users