Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus causing BSOD, and no internet connection?


  • This topic is locked This topic is locked
4 replies to this topic

#1 CVF

CVF

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 02 June 2009 - 02:45 PM

Original Post: Hello all, thanks in advance for any help you may be able to provide.

I came home from work two days ago, to find that my computer was infected with a virus causing fake anti-virus warnings, opening internet explorer windows linking to buy fake antivirus software. I ran Malware bytes and AVG antivirus, and thought the problem was gone. Since then, however, my computer can't connect to the internet, as it's saying that my local area connection has is disconnected. I'm using my roommate's laptop plugged into our dsl modem, so the internet, and ethernet cable, are working. I've since run malwarebytes, ccleaner, spyware doctor, and uniblue registry booster, but nothing has fixed this problem. Now, whenever I try and run AVG antivirus, I get the blue screen of death with the following message: "Driver IRQL Not Less or Equal 0x000000D1 (0xE21F5000, 0x0000002, 0x0000000, 0xF3428E85).

When I run ipconfig /all, it says the media is disconnected for all 3 adapters that appear. As far as I know, nothing new has been installed or downloaded other than updates for AVG, Malwarebytes, and Divx, before the internet went away.

According to my system properties, I'm running Windows XP Pro Version 2002, Service Pack 3 on a Gateway GT5220 AMD Athlon 64 x2 Dual Core Processor 3800+, 2.01 Ghz, 1.00 GB of Ram.

Any advice or help is greatly appreciated. I'll run and post any scans needed, but please remember I cannot connect to the internet from my pc.

Thanks.

Update:
I have since uninstalled Itunes, AVG, and Divx. While I haven't encountered the blue screen of death since doing so, I still am unable to connect to the internet. I've updated the drivers for my networking components, and run McAfee Virus scan, but to no avail.

Here are my new logs:


DDS (Version 1.1.0) - NTFSx86
Run by Owner at 14:36:51.09 on 2009-06-02
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.574 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall Plus *enabled*
FW: ActiveArmor Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Microsoft SQL Server\MSSQL$AVAILSUITE\Binn\sqlservr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\RMSvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner.CHRIS\Desktop\Virus Stuff\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://my.att.net
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee VirusScan: {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
Yahoo! Toolbar
AT&&T Toolbar
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\McUpdate.exe
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\McAgent.exe
mRun: [nTrayFw] c:\program files\nvidia corporation\networkaccessmanager\bin\nTrayFw.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\extend~1.lnk - c:\windows\ehome\RMSysTry.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - {7DD73374-7187-4103-8F29-622AA25E7C40} - c:\program files\mcafee\spamkiller\mcapfbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
Trusted Zone: imageservr.com
Trusted Zone: imageservr.com
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll
LSA: Authentication Packages = msv1_0 nwprovau
LSA: Notification Packages = scecli cfind1.dll c:\windows\system32\nozadite.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner~1.chr\applic~1\mozilla\firefox\profiles\c2ldejxj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\owner.chris\application data\move networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\owner.chris\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\SASDIFSV.SYS [2008-9-3 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\SASKUTIL.sys [2008-9-3 55024]
R2 CEEBC40A-FDED-4C59-B354-939132350B01;Roxio File Backup Service;c:\program files\roxio\backontrack\file backup\FileBackupSVC.exe [2007-9-28 76272]
R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\mcdetect.exe [2006-8-10 126976]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2006-8-10 122368]
R2 MSSQL$AVAILSUITE;MSSQL$AVAILSUITE;c:\program files\microsoft sql server\mssql$availsuite\binn\sqlservr.exe -sAVAILSUITE []
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2006-6-17 14336]
R3 ADM851X;ADM851X USB To Fast Ethernet Adapter;c:\windows\system32\drivers\ADM851X.SYS [2004-10-27 22144]
R3 FA101;NETGEAR FA101 USB Fast Ethernet Adapter;c:\windows\system32\drivers\FA101ND5.SYS [2008-3-22 24555]
S2 DnscacheMcTskshd.exe;DNS Client DnscacheMcTskshd.exe;c:\windows\system32\actskn45x.exe srv []
S2 njkvqj;njkvqj;c:\windows\system32\drivers\husy.sys []
S3 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2006-8-10 221184]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2006-8-10 245760]
S3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2006-8-10 114464]
S3 SASENUM;SASENUM;\??\c:\program files\superantispyware\SASENUM.SYS [2008-9-3 7408]
S3 SQLAgent$AVAILSUITE;SQLAgent$AVAILSUITE;c:\program files\microsoft sql server\mssql$availsuite\binn\sqlagent.EXE -i AVAILSUITE []

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2009-06-02 13:59 1,024 a------- C:\.rnd
2009-06-02 13:59 22 a------- c:\windows\FileName
2009-06-02 13:59 <DIR> --d----- c:\program files\NVIDIA Corporation
2009-06-02 13:58 446,464 a------- c:\windows\system32\CapabilityTable.exe
2009-06-02 13:57 356,352 a------- c:\windows\system32\nvunrm.exe
2009-06-02 13:57 101,632 a------- c:\windows\system32\drivers\nvtcp.sys
2009-06-02 13:57 3,657 a------- c:\windows\system32\nvnrm.nvu
2009-06-02 13:30 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-05-22 11:07 0 ----h--- c:\windows\ms49f4d98.dat
2009-05-22 01:40 2 ----h--- c:\windows\sto452739.dat
2009-05-22 01:40 2 ----h--- c:\windows\sto452712.dat
2009-05-21 23:39 32 a--s---- c:\windows\system32\335712423.dat
2009-05-21 23:39 5 a------- c:\windows\system32\_id.dat
2009-05-15 15:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-07 03:03 54,156 a---h--- c:\windows\QTFont.qfn
2009-05-07 03:03 1,409 a------- c:\windows\QTFont.for

==================== Find3M ====================

2009-05-26 13:20 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 13:19 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-03 18:56 177,814 a------- c:\windows\pchealth\helpctr\config\cache\Professional_32_1033.dat
2009-05-01 00:31 1,657,376 a------- c:\windows\system32\nwiz.exe
2009-05-01 00:31 449,056 a------- c:\windows\system32\nvappbar.exe
2009-05-01 00:31 436,768 a------- c:\windows\system32\keystone.exe
2009-05-01 00:31 1,724,416 a------- c:\windows\system32\nvwdmcpl.dll
2009-05-01 00:31 1,507,328 a------- c:\windows\system32\nview.dll
2009-05-01 00:31 1,101,824 a------- c:\windows\system32\nvwimg.dll
2009-05-01 00:31 466,944 a------- c:\windows\system32\nvshell.dll
2009-04-30 22:02 457,248 ac------ c:\windows\system32\nvudisp.exe
2009-04-30 22:02 9,994,240 a------- c:\windows\system32\nvoglnt.dll
2009-04-30 22:02 8,055,584 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-04-30 22:02 5,896,320 a------- c:\windows\system32\nv4_disp.dll
2009-04-30 22:02 1,720,320 a------- c:\windows\system32\nvcuda.dll
2009-04-30 22:02 1,579,630 a------- c:\windows\system32\nvdata.bin
2009-04-30 22:02 1,314,816 a------- c:\windows\system32\nvcuvenc.dll
2009-04-30 22:02 806,912 a------- c:\windows\system32\nvapi.dll
2009-04-30 22:02 663,552 a------- c:\windows\system32\nvcuvid.dll
2009-04-30 22:02 143,360 a------- c:\windows\system32\nvcodins.dll
2009-04-30 22:02 143,360 a------- c:\windows\system32\nvcod.dll
2009-04-27 00:42 457,248 ac------ c:\windows\system32\NVUNINST.EXE
2009-04-22 19:20 936,005 a------- c:\windows\system32\rn.tmp
2009-03-31 17:52 3,297 a------- c:\windows\system32\ds16jter.dat
2009-03-31 01:05 2,114 a------- c:\windows\system32\nvrsptrp.dat
2009-03-31 01:04 216,564 a------- c:\windows\system32\d3dimB00.dat
2009-03-31 01:04 93,292 a------- c:\windows\system32\mqcerhui.dat
2009-03-23 12:21 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 09:22 284,160 a------- c:\windows\system32\pdh.dll
2008-10-26 15:15 13,315 a------- c:\docume~1\owner~1.chr\applic~1\kisiqif.bat
2008-10-26 15:15 13,082 a------- c:\program files\common files\fole.exe
2008-10-26 15:15 12,280 a------- c:\program files\common files\oguwo.inf
2008-10-26 15:15 11,732 a------- c:\program files\common files\wewava.db
2008-10-21 15:18 6,637,592 a------- c:\documents and settings\owner.chris\SUPERAntiSpyware.exe
2008-10-21 15:17 2,351,120 a------- c:\documents and settings\owner.chris\mb.exe
2008-10-21 15:17 13,596,592 a------- c:\documents and settings\owner.chris\sdsetup.exe
2008-03-05 12:27 53,934 ac------ c:\program files\INSTALL.LOG
2007-02-26 19:24 0 ac------ c:\docume~1\owner~1.chr\applic~1\wklnhst.dat
2008-10-30 23:33 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008103020081031\index.dat
2009-01-18 23:00 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011820090119\index.dat

============= FINISH: 14:38:35.43 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:24 AM

Posted 13 June 2009 - 03:10 PM

Hello and welcome to Bleeping Computer. Sorry for the delay the forums here at BC are always
very busy and we do are best to keep up. If you no longer require any help could you let me no
please, so this topic can be closed.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.
First I would like to see a new log since alot could have changed since your origional post.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Thanks

unite.jpg


#3 CVF

CVF
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:24 PM

Posted 13 June 2009 - 04:48 PM

Thanks for your help Syler.

Here's the info file:
info.txt logfile of random's system information tool 1.06 2009-06-13 16:26:54

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
Adobe Reader 9.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0009 -removeonly
Apple Mobile Device Support-->MsiExec.exe /I{659B48CD-0608-4ED5-94C0-0B6C87114F10}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB895961-v4)-->"C:\WINDOWS\$NtUninstallKB895961-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
LimeWire 5.1.3-->"C:\Program Files\LimeWire\uninstall.exe"
Linksys Wireless-G PCI Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4DDC3BED-CC68-44AA-B435-D727B620CA5B}\setup.exe" -l0x9
Media Center Extender-->c:\WINDOWS\eHome\DvcConn.exe /uninstall
Media Center Extender-->MsiExec.exe /I{23FE964A-853B-4176-86D7-9E18B5CA1FC0}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
PC Wizard 2008.1.871-->"C:\Program Files\PC Wizard 2008\unins000.exe"
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Realtek High Definition Audio Driver-->RtlUpd.exe -r
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IPDRSLSM5K.inf
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB943729)-->"C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB905589-->"C:\WINDOWS\$NtUninstallKB905589$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: HOME
Event Code: 10
Message: The time provider 'NtpClient' returned an error when asked for time samples.
The error will be ignored. The error was: The handle is invalid. (0x80070006)

Record Number: 123
Source Name: W32Time
Time Written: 20090605003704.000000-300
Event Type: warning
User:

Computer Name: HOME
Event Code: 10
Message: The time provider 'NtpClient' returned an error when asked for time samples.
The error will be ignored. The error was: The handle is invalid. (0x80070006)

Record Number: 122
Source Name: W32Time
Time Written: 20090605002000.000000-300
Event Type: warning
User:

Computer Name: HOME
Event Code: 10
Message: The time provider 'NtpClient' returned an error when asked for time samples.
The error will be ignored. The error was: The handle is invalid. (0x80070006)

Record Number: 121
Source Name: W32Time
Time Written: 20090605000256.000000-300
Event Type: warning
User:

Computer Name: HOME
Event Code: 10
Message: The time provider 'NtpClient' returned an error when asked for time samples.
The error will be ignored. The error was: The handle is invalid. (0x80070006)

Record Number: 120
Source Name: W32Time
Time Written: 20090604234552.000000-300
Event Type: warning
User:

Computer Name: HOME
Event Code: 7
Message: The time provider 'NtpClient' returned an error while updating its
configuration. The error will be ignored. The error was: Catastrophic failure (0x8000FFFF)

Record Number: 118
Source Name: W32Time
Time Written: 20090604233855.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: HOME
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 26
Source Name: WinMgmt
Time Written: 20090604134415.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: HOME
Event Code: 1031
Message:
Record Number: 15
Source Name: ASP.NET 1.0.3705.6018
Time Written: 20090604113151.000000-300
Event Type: error
User:

Computer Name: HOME
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 13
Source Name: WinMgmt
Time Written: 20090604113138.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: HOME
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 12
Source Name: WinMgmt
Time Written: 20090604113138.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: HOME
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 11
Source Name: WinMgmt
Time Written: 20090604113137.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\DivX Shared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


Here is the log file:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Chris at 2009-06-13 16:25:50
Microsoft Windows XP Professional Service Pack 3
System drive C: has 220 GB (94%) free of 233 GB
Total RAM: 1023 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:26:18 PM, on 6/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Chris\My Documents\LimeWire\Saved\MS Office 2007 Portable (6-in-1)\Microsoft Office Excel 2007.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Chris\Desktop\RSIT.exe
C:\Program Files\trend micro\Chris.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1244223663671
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1244227447937
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 6977 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-06-05 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-06-05 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-05 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-05 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-05-01 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-05-01 13750272]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-05 136600]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-05-30 292136]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-09-22 14854144]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-05 1947928]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2009-05-19 49968]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-06-05 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\ehome\ehshell.exe"="C:\WINDOWS\ehome\ehshell.exe:LocalSubNet:Enabled:Media Center"
"C:\Program Files\att-nap\McciBrowser.exe"="C:\Program Files\att-nap\McciBrowser.exe:*:Enabled:motivebrowser.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a25f42ee-50c5-11de-af56-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480


======List of files/folders created in the last 1 months======

2009-06-13 16:25:51 ----D---- C:\Program Files\trend micro
2009-06-13 16:25:50 ----D---- C:\rsit
2009-06-12 14:35:00 ----D---- C:\WINDOWS\LastGood
2009-06-12 14:35:00 ----A---- C:\WINDOWS\system32\OLDD.tmp
2009-06-10 23:06:16 ----D---- C:\Program Files\Full Tilt Poker
2009-06-10 01:59:31 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-10 01:59:26 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-10 01:58:59 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$
2009-06-10 01:53:08 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-10 01:52:52 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-07 22:04:07 ----D---- C:\Documents and Settings\Chris\Application Data\acccore
2009-06-07 22:02:27 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-06-07 22:02:26 ----D---- C:\Program Files\Viewpoint
2009-06-07 22:02:25 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2009-06-07 22:02:15 ----D---- C:\Documents and Settings\All Users\Application Data\AOL OCP
2009-06-07 22:02:15 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2009-06-07 22:01:56 ----D---- C:\Program Files\Common Files\AOL
2009-06-07 22:01:20 ----D---- C:\Program Files\AIM6
2009-06-07 15:37:58 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-06-07 15:37:12 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-06-07 15:36:58 ----D---- C:\Program Files\Common Files\Adobe
2009-06-07 15:36:58 ----D---- C:\Program Files\Adobe
2009-06-07 15:34:33 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-06-07 15:34:31 ----D---- C:\Program Files\NOS
2009-06-06 10:13:04 ----D---- C:\Documents and Settings\Chris\Application Data\DivX
2009-06-06 10:08:54 ----D---- C:\WINDOWS\Minidump
2009-06-06 03:00:27 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-06-06 01:07:52 ----D---- C:\Program Files\HomeKeyLogger
2009-06-06 00:54:56 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2009-06-06 00:54:56 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-06-06 00:54:56 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-06-06 00:54:56 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2009-06-06 00:54:56 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-06-06 00:54:56 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-06-06 00:54:55 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-06-06 00:54:55 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-06-06 00:54:54 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-06-06 00:54:54 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-06-06 00:54:54 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-06-06 00:54:52 ----N---- C:\WINDOWS\system32\px.dll
2009-06-06 00:54:27 ----D---- C:\Program Files\DivX
2009-06-06 00:54:27 ----D---- C:\Program Files\Common Files\DivX Shared
2009-06-05 19:23:53 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-06-05 19:23:53 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-06-05 16:08:26 ----HD---- C:\$AVG8.VAULT$
2009-06-05 15:44:48 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-06-05 15:44:33 ----D---- C:\Program Files\AVG
2009-06-05 15:44:33 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-06-05 15:15:06 ----D---- C:\Program Files\New
2009-06-05 14:59:00 ----HDC---- C:\WINDOWS\$NtUninstallKB905589$
2009-06-05 14:51:32 ----HDC---- C:\WINDOWS\$NtUninstallKB895961-v4$
2009-06-05 14:11:26 ----D---- C:\Documents and Settings\Chris\Application Data\Windows Search
2009-06-05 14:10:59 ----D---- C:\WINDOWS\system32\Lang
2009-06-05 14:04:17 ----D---- C:\WINDOWS\system32\XPSViewer
2009-06-05 14:04:14 ----D---- C:\Program Files\MSBuild
2009-06-05 14:04:08 ----D---- C:\Program Files\Reference Assemblies
2009-06-05 14:03:44 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-06-05 14:03:44 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-06-05 14:03:44 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-06-05 14:03:44 ----D---- C:\e05988dd11d174757a
2009-06-05 14:01:03 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-06-05 14:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-06-05 14:00:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-06-05 14:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-06-05 14:00:36 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-06-05 14:00:31 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-06-05 14:00:24 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$
2009-06-05 13:59:49 ----D---- C:\Program Files\Common Files\Windows Live
2009-06-05 13:59:17 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-06-05 13:59:10 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-06-05 13:59:05 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-06-05 13:59:02 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-06-05 13:58:57 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-06-05 13:58:53 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-06-05 13:58:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-06-05 13:58:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-06-05 13:58:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-06-05 13:58:32 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-06-05 13:58:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-06-05 13:58:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-06-05 13:58:15 ----HDC---- C:\WINDOWS\$NtUninstallKB943729$
2009-06-05 13:58:11 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-06-05 13:58:04 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-06-05 13:57:58 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-06-05 13:57:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-06-05 13:57:49 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-06-05 13:57:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-06-05 13:57:41 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-06-05 13:57:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-06-05 13:57:33 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-06-05 13:57:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-06-05 13:57:25 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-06-05 13:57:12 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-06-05 13:57:02 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-06-05 13:56:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-06-05 13:56:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-06-05 13:56:40 ----D---- C:\Documents and Settings\Chris\Application Data\Windows Desktop Search
2009-06-05 13:56:14 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-06-05 13:56:14 ----D---- C:\Program Files\Windows Desktop Search
2009-06-05 13:56:05 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2009-06-05 13:56:00 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2009-06-05 13:55:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-06-05 13:55:39 ----HDC---- C:\WINDOWS\$NtUninstallKB925766$
2009-06-05 13:55:12 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-06-05 13:55:04 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-06-05 13:53:50 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-06-05 13:50:31 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-06-05 13:45:03 ----A---- C:\WINDOWS\ModemLog_PCI Soft Data Fax Modem with SmartCP.txt
2009-06-05 13:44:57 ----D---- C:\Program Files\CONEXANT
2009-06-05 13:41:42 ----D---- C:\WINDOWS\system32\RTCOM
2009-06-05 13:41:39 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-06-05 13:24:51 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-06-05 13:24:47 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-06-05 13:24:32 ----D---- C:\Program Files\Windows Media Connect 2
2009-06-05 13:24:23 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-06-05 13:23:53 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-06-05 13:23:40 ----D---- C:\d1103e184425d8457f86
2009-06-05 13:23:35 ----D---- C:\WINDOWS\system32\LogFiles
2009-06-05 13:23:27 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-06-05 13:20:31 ----A---- C:\WINDOWS\system32\OLD5E.tmp
2009-06-05 13:14:44 ----D---- C:\Program Files\Microsoft Silverlight
2009-06-05 13:08:47 ----D---- C:\f9c3919936027d8bed3e
2009-06-05 13:08:43 ----D---- C:\Documents and Settings\Chris\Application Data\Apple Computer
2009-06-05 13:08:39 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-06-05 13:08:29 ----D---- C:\Program Files\iPod
2009-06-05 13:08:25 ----D---- C:\Program Files\iTunes
2009-06-05 13:08:25 ----D---- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-05 13:08:14 ----D---- C:\Program Files\Bonjour
2009-06-05 13:07:55 ----D---- C:\Program Files\QuickTime
2009-06-05 13:07:55 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-06-05 13:07:46 ----D---- C:\Program Files\Apple Software Update
2009-06-05 13:07:29 ----D---- C:\Program Files\Common Files\Apple
2009-06-05 13:07:29 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-06-05 13:05:00 ----D---- C:\WINDOWS\ie8updates
2009-06-05 13:04:43 ----D---- C:\WINDOWS\WBEM
2009-06-05 13:03:46 ----HDC---- C:\WINDOWS\ie8
2009-06-05 13:02:39 ----A---- C:\WINDOWS\system32\MRT.exe
2009-06-05 12:57:40 ----D---- C:\Documents and Settings\Chris\Application Data\Mozilla
2009-06-05 12:57:28 ----D---- C:\Documents and Settings\Chris\Application Data\LimeWire
2009-06-05 12:56:50 ----A---- C:\WINDOWS\system32\javaws.exe
2009-06-05 12:56:50 ----A---- C:\WINDOWS\system32\javaw.exe
2009-06-05 12:56:50 ----A---- C:\WINDOWS\system32\java.exe
2009-06-05 12:56:50 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-06-05 12:56:44 ----D---- C:\Program Files\Java
2009-06-05 12:56:24 ----D---- C:\Documents and Settings\Chris\Application Data\Sun
2009-06-05 12:56:17 ----D---- C:\Program Files\LimeWire
2009-06-05 12:46:20 ----D---- C:\WINDOWS\system32\PreInstall
2009-06-05 12:46:18 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-06-05 12:46:18 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-05 12:42:11 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-06-05 12:41:43 ----A---- C:\WINDOWS\system32\wups2.dll
2009-06-05 12:41:43 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2009-06-05 12:41:43 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-06-05 12:41:42 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-06-05 12:41:42 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-06-05 12:36:24 ----D---- C:\WINDOWS\RegisteredPackages
2009-06-05 12:35:10 ----HDC---- C:\WINDOWS\$NtUninstallKB900325$
2009-06-05 12:34:44 ----HDC---- C:\WINDOWS\$NtUninstallKB903157$
2009-06-05 12:28:55 ----D---- C:\Documents and Settings\Chris\Application Data\Macromedia
2009-06-05 12:28:33 ----D---- C:\WINDOWS\system32\URTTemp
2009-06-05 12:24:14 ----SHD---- C:\RECYCLER
2009-06-05 12:13:59 ----D---- C:\WINDOWS\Prefetch
2009-06-05 12:08:35 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-06-05 12:08:34 ----A---- C:\WINDOWS\system32\msxml6.dll
2009-06-05 12:08:28 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-06-05 12:08:28 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-06-05 12:08:28 ----N---- C:\WINDOWS\system32\comsdupd.exe
2009-06-05 12:08:27 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-06-05 12:08:27 ----N---- C:\WINDOWS\system32\azroles.dll
2009-06-05 12:08:27 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2009-06-05 12:08:27 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-06-05 12:08:27 ----N---- C:\WINDOWS\system32\ati3duag.dll
2009-06-05 12:08:27 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-06-05 12:08:27 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2009-06-05 12:08:27 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-06-05 12:08:27 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2009-06-05 12:08:27 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-06-05 12:08:26 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-06-05 12:08:26 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-06-05 12:08:26 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-06-05 12:08:26 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-06-05 12:08:26 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-06-05 12:08:26 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-06-05 12:08:26 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-06-05 12:08:26 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-06-05 12:08:26 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-06-05 12:08:26 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-06-05 12:08:26 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-06-05 12:08:26 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-06-05 12:08:26 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-06-05 12:08:26 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-06-05 12:08:26 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-06-05 12:08:26 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-06-05 12:08:26 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-06-05 12:08:26 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-06-05 12:08:26 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-06-05 12:08:26 ----N---- C:\WINDOWS\system32\credssp.dll
2009-06-05 12:08:25 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-06-05 12:08:25 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-06-05 12:08:25 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-06-05 12:08:25 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-06-05 12:08:25 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-06-05 12:08:25 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-06-05 12:08:25 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-06-05 12:08:25 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-06-05 12:08:25 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-06-05 12:08:25 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-06-05 12:08:25 ----A---- C:\WINDOWS\system32\mdmxsdk.dll
2009-06-05 12:08:24 ----N---- C:\WINDOWS\system32\verclsid.exe
2009-06-05 12:08:24 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-06-05 12:08:24 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-06-05 12:08:24 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-06-05 12:08:24 ----N---- C:\WINDOWS\system32\slserv.exe
2009-06-05 12:08:24 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-06-05 12:08:24 ----N---- C:\WINDOWS\system32\slgen.dll
2009-06-05 12:08:24 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-06-05 12:08:24 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-06-05 12:08:24 ----N---- C:\WINDOWS\system32\setupn.exe
2009-06-05 12:08:24 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-06-05 12:08:24 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-06-05 12:08:24 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-06-05 12:08:24 ----N---- C:\WINDOWS\system32\qutil.dll
2009-06-05 12:08:24 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-06-05 12:08:24 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-06-05 12:08:24 ----N---- C:\WINDOWS\system32\qagent.dll
2009-06-05 12:08:24 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-06-05 12:08:24 ----N---- C:\WINDOWS\system32\onex.dll
2009-06-05 12:08:24 ----N---- C:\WINDOWS\system32\napstat.exe
2009-06-05 12:08:24 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-06-05 12:08:24 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-06-05 12:08:24 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-06-05 12:08:24 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-06-05 12:08:24 ----N---- C:\WINDOWS\system32\mssha.dll
2009-06-05 12:08:23 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-06-05 12:08:23 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-06-05 12:08:23 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-06-05 12:08:23 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-06-05 12:08:22 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2009-06-05 12:08:22 ----N---- C:\WINDOWS\slrundll.exe
2009-06-05 12:08:22 ----D---- C:\WINDOWS\system32\scripting
2009-06-05 12:08:22 ----D---- C:\WINDOWS\system32\en-us
2009-06-05 12:08:22 ----A---- C:\WINDOWS\system32\xmllite.dll
2009-06-05 12:08:21 ----D---- C:\WINDOWS\system32\en
2009-06-05 12:08:21 ----D---- C:\WINDOWS\system32\bits
2009-06-05 12:08:21 ----D---- C:\WINDOWS\l2schemas
2009-06-05 12:07:08 ----D---- C:\WINDOWS\ServicePackFiles
2009-06-05 12:05:45 ----D---- C:\WINDOWS\network diagnostic
2009-06-05 12:04:41 ----A---- C:\WINDOWS\002951_.tmp
2009-06-05 12:04:34 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-06-05 12:02:47 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-06-05 11:54:26 ----D---- C:\2208USB_DRV
2009-06-05 11:54:09 ----D---- C:\FA101_Drivers
2009-06-05 11:48:34 ----A---- C:\WINDOWS\system32\results.txt
2009-06-05 11:48:30 ----A---- C:\WINDOWS\system32\GTW32N50.dll
2009-06-05 11:48:22 ----D---- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
2009-06-05 11:48:20 ----D---- C:\Program Files\Common Files\InstallShield
2009-06-05 11:48:18 ----A---- C:\WINDOWS\system32\WLAN.INI
2009-06-05 11:07:51 ----D---- C:\Program Files\PC Wizard 2008
2009-06-04 23:27:26 ----N---- C:\WINDOWS\system32\nvuide.exe
2009-06-04 23:27:18 ----A---- C:\WINDOWS\system32\nvusmb.exe
2009-06-04 23:09:31 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2009-06-04 23:06:55 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-06-04 23:06:29 ----A---- C:\WINDOWS\system32\nvudisp.exe
2009-06-04 23:06:15 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2009-06-04 23:06:05 ----D---- C:\NVIDIA
2009-06-04 14:00:05 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-06-04 14:00:03 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-06-04 14:00:02 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-04 14:00:02 ----D---- C:\Program Files\AMD
2009-06-04 13:59:47 ----D---- C:\Documents and Settings\Chris\Application Data\InstallShield
2009-06-04 13:55:40 ----D---- C:\Documents and Settings\Chris\Application Data\Adobe
2009-06-04 13:55:32 ----D---- C:\Documents and Settings\Chris\Application Data\Motive
2009-06-04 13:55:21 ----D---- C:\Program Files\att-nap
2009-06-04 13:55:16 ----D---- C:\Program Files\Common Files\Motive
2009-06-04 13:54:13 ----D---- C:\Documents and Settings\All Users\Application Data\Motive
2009-06-04 13:50:08 ----D---- C:\Documents and Settings\Chris\Application Data\Identities
2009-06-04 13:50:05 ----HD---- C:\Program Files\Uninstall Information
2009-06-04 13:50:00 ----SD---- C:\Documents and Settings\Chris\Application Data\Microsoft
2009-06-04 13:50:00 ----ASH---- C:\Documents and Settings\Chris\Application Data\desktop.ini
2009-06-04 13:49:17 ----D---- C:\WINDOWS\SoftwareDistribution
2009-06-04 13:49:12 ----SD---- C:\WINDOWS\system32\Microsoft
2009-06-04 13:49:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-04 13:44:59 ----D---- C:\WINDOWS\system32\xircom
2009-06-04 13:44:59 ----D---- C:\Program Files\xerox
2009-06-04 13:44:59 ----D---- C:\Program Files\microsoft frontpage
2009-06-04 13:44:43 ----A---- C:\WINDOWS\control.ini
2009-06-04 13:44:43 ----A---- C:\AUTOEXEC.BAT
2009-06-04 13:44:33 ----A---- C:\WINDOWS\OEWABLog.txt
2009-06-04 13:44:29 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-06-04 13:43:21 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-06-04 13:43:21 ----RD---- C:\WINDOWS\Offline Web Pages
2009-06-04 13:43:21 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-06-04 13:43:16 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-06-04 13:43:11 ----HD---- C:\Program Files\WindowsUpdate
2009-06-04 13:42:17 ----D---- C:\WINDOWS\system32\DirectX
2009-06-04 13:42:03 ----A---- C:\WINDOWS\system32\atrace.dll
2009-06-04 13:42:01 ----A---- C:\WINDOWS\system32\desktop.ini
2009-06-04 13:42:01 ----A---- C:\WINDOWS\desktop.ini
2009-06-04 13:41:56 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-06-04 13:41:56 ----A---- C:\WINDOWS\system32\acctres.dll
2009-06-04 13:41:55 ----D---- C:\Program Files\Common Files\Services
2009-06-04 13:41:53 ----SD---- C:\WINDOWS\Tasks
2009-06-04 13:41:53 ----D---- C:\Program Files\Common Files\MSSoap
2009-06-04 13:41:53 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-06-04 13:41:50 ----D---- C:\WINDOWS\srchasst
2009-06-04 13:41:49 ----D---- C:\WINDOWS\system32\Macromed
2009-06-04 13:41:47 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-06-04 13:41:47 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-06-04 13:41:47 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-06-04 13:41:47 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-06-04 13:41:46 ----A---- C:\WINDOWS\system32\wups.dll
2009-06-04 13:41:46 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-06-04 13:41:46 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-06-04 13:41:46 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-06-04 13:41:46 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-06-04 13:41:46 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-06-04 13:41:46 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-06-04 13:41:46 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-06-04 13:41:46 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-06-04 13:41:40 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-06-04 13:41:40 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-06-04 13:41:40 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-06-04 13:41:40 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-06-04 13:41:38 ----A---- C:\WINDOWS\system32\fltmc.exe
2009-06-04 13:41:38 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-06-04 13:41:37 ----D---- C:\WINDOWS\system32\Restore
2009-06-04 13:41:37 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-06-04 13:41:37 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-06-04 13:41:37 ----A---- C:\WINDOWS\system32\srclient.dll
2009-06-04 13:41:37 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-06-04 13:41:37 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-06-04 13:41:37 ----A---- C:\WINDOWS\system32\ils.dll
2009-06-04 13:41:36 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-06-04 13:41:36 ----A---- C:\WINDOWS\system32\msconf.dll
2009-06-04 13:41:36 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-06-04 13:41:34 ----D---- C:\Program Files\NetMeeting
2009-06-04 13:41:34 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-06-04 13:41:34 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-06-04 13:41:34 ----A---- C:\WINDOWS\system32\inetres.dll
2009-06-04 13:41:34 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-06-04 13:41:32 ----D---- C:\Program Files\Outlook Express
2009-06-04 13:41:32 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-06-04 13:41:32 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-06-04 13:41:32 ----A---- C:\WINDOWS\system32\mstask.dll
2009-06-04 13:41:32 ----A---- C:\WINDOWS\system32\isign32.dll
2009-06-04 13:41:32 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-06-04 13:41:32 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-06-04 13:41:32 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-06-04 13:41:28 ----D---- C:\Program Files\Common Files\System
2009-06-04 13:41:27 ----D---- C:\Program Files\Internet Explorer
2009-06-04 11:31:43 ----RSD---- C:\WINDOWS\assembly
2009-06-04 11:31:15 ----D---- C:\Program Files\ComPlus Applications
2009-06-04 11:31:14 ----A---- C:\WINDOWS\vbaddin.ini
2009-06-04 11:31:14 ----A---- C:\WINDOWS\vb.ini
2009-06-04 11:31:10 ----D---- C:\WINDOWS\Registration
2009-06-04 11:31:04 ----D---- C:\Program Files\Online Services
2009-06-04 11:30:49 ----D---- C:\WINDOWS\Microsoft.NET
2009-06-04 11:30:47 ----D---- C:\Program Files\Windows Media Player
2009-06-04 11:30:31 ----D---- C:\Program Files\Windows Plus
2009-06-04 11:30:23 ----A---- C:\WINDOWS\system32\mhn.dll
2009-06-04 11:30:23 ----A---- C:\WINDOWS\system32\igdetect.dll
2009-06-04 11:30:19 ----D---- C:\Program Files\Movie Maker
2009-06-04 06:35:34 ----D---- C:\Program Files\Messenger
2009-06-04 06:35:32 ----D---- C:\Program Files\MSN Gaming Zone
2009-06-04 06:35:32 ----A---- C:\WINDOWS\system32\write.exe
2009-06-04 06:35:24 ----A---- C:\WINDOWS\system32\winchat.exe
2009-06-04 06:35:24 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-06-04 06:35:24 ----A---- C:\WINDOWS\system32\hticons.dll
2009-06-04 06:35:24 ----A---- C:\WINDOWS\system32\avwav.dll
2009-06-04 06:35:24 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-06-04 06:35:24 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-06-04 06:35:19 ----A---- C:\WINDOWS\system32\getuname.dll
2009-06-04 06:35:19 ----A---- C:\WINDOWS\system32\charmap.exe
2009-06-04 06:35:19 ----A---- C:\WINDOWS\system32\calc.exe
2009-06-04 06:35:18 ----A---- C:\WINDOWS\system32\winmine.exe
2009-06-04 06:35:18 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-06-04 06:35:18 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-06-04 06:35:18 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-06-04 06:35:18 ----A---- C:\WINDOWS\system32\tskill.exe
2009-06-04 06:35:18 ----A---- C:\WINDOWS\system32\sol.exe
2009-06-04 06:35:18 ----A---- C:\WINDOWS\system32\reset.exe
2009-06-04 06:35:18 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-06-04 06:35:18 ----A---- C:\WINDOWS\system32\freecell.exe
2009-06-04 06:35:17 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-06-04 06:35:17 ----A---- C:\WINDOWS\system32\tscon.exe
2009-06-04 06:35:17 ----A---- C:\WINDOWS\system32\shadow.exe
2009-06-04 06:35:17 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-06-04 06:35:17 ----A---- C:\WINDOWS\system32\regini.exe
2009-06-04 06:35:17 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-06-04 06:35:17 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-06-04 06:35:17 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-06-04 06:35:17 ----A---- C:\WINDOWS\system32\msg.exe
2009-06-04 06:35:17 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-06-04 06:35:17 ----A---- C:\WINDOWS\system32\logoff.exe
2009-06-04 06:35:17 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-06-04 06:35:16 ----A---- C:\WINDOWS\system32\stclient.dll
2009-06-04 06:35:16 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-06-04 06:35:16 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-06-04 06:35:16 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-06-04 06:35:16 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-06-04 06:35:16 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-06-04 06:35:16 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-06-04 06:35:16 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-06-04 06:35:12 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-06-04 06:35:04 ----D---- C:\Program Files\MSN
2009-06-04 06:35:03 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-06-04 06:35:03 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-06-04 06:35:03 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-06-04 06:35:03 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-06-04 06:35:02 ----D---- C:\Program Files\Windows NT
2009-06-04 06:35:02 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-06-04 06:35:02 ----A---- C:\WINDOWS\system32\spider.exe
2009-06-04 06:35:02 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-06-04 06:35:02 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-06-04 06:35:01 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-06-04 06:35:01 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-06-04 06:35:01 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-06-04 06:35:01 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-06-04 06:35:01 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-06-04 06:35:01 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-06-04 06:35:01 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-06-04 06:35:01 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-06-04 06:35:01 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-06-04 06:35:01 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-06-04 06:35:01 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-06-04 06:35:01 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-06-04 06:35:00 ----D---- C:\WINDOWS\system32\MsDtc
2009-06-04 06:35:00 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-06-04 06:35:00 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-06-04 06:35:00 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-06-04 06:35:00 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-06-04 06:35:00 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-06-04 06:35:00 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-06-04 06:35:00 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-06-04 06:35:00 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-06-04 06:34:59 ----D---- C:\WINDOWS\system32\Com
2009-06-04 06:34:59 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-06-04 06:34:59 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-06-04 06:34:59 ----A---- C:\WINDOWS\system32\colbact.dll
2009-06-04 06:34:59 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-06-04 06:34:59 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-06-04 06:34:59 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-06-04 06:34:58 ----A---- C:\WINDOWS\system32\comuid.dll
2009-06-04 06:34:58 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-06-04 06:34:58 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-06-04 06:34:58 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-06-04 06:34:53 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-06-04 06:34:53 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-06-04 06:34:53 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-06-04 06:34:53 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-06-04 00:23:22 ----A---- C:\WINDOWS\system32\h323log.txt
2009-06-04 00:18:11 ----A---- C:\WINDOWS\system32\usbui.dll
2009-06-04 00:16:59 ----A---- C:\WINDOWS\imsins.BAK
2009-06-04 00:16:56 ----SHD---- C:\WINDOWS\Installer
2009-06-04 00:16:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-04 00:16:55 ----D---- C:\Program Files\Common Files\ODBC
2009-06-04 00:16:55 ----A---- C:\WINDOWS\ODBCINST.INI
2009-06-04 00:16:53 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-06-04 00:16:52 ----RD---- C:\Program Files
2009-06-04 00:16:52 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-06-04 00:16:52 ----D---- C:\Program Files\Common Files
2009-06-04 00:16:50 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-06-04 00:16:50 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-06-04 00:16:50 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-06-04 00:16:49 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-06-04 00:16:49 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-06-04 00:16:49 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-06-04 00:16:49 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-06-04 00:16:49 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-06-04 00:16:49 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-06-04 00:16:49 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-06-04 00:16:49 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-06-04 00:16:49 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-06-04 00:16:49 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-06-04 00:16:49 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-06-04 00:16:49 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-06-04 00:16:48 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-06-04 00:16:48 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-06-04 00:16:48 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-06-04 00:16:48 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-06-04 00:16:48 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-06-04 00:16:48 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-06-04 00:16:48 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-06-04 00:16:47 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-06-04 00:16:47 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-06-04 00:16:47 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-06-04 00:16:47 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-06-04 00:16:47 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-06-04 00:16:45 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-06-04 00:16:45 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-06-04 00:16:45 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-06-04 00:16:45 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-06-04 00:16:45 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-06-04 00:16:45 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-06-04 00:16:45 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-06-04 00:16:45 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-06-04 00:16:45 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-06-04 00:16:45 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-06-04 00:16:45 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-06-04 00:16:45 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-06-04 00:16:45 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-06-04 00:16:43 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-06-04 00:16:43 ----A---- C:\WINDOWS\system32\irclass.dll
2009-06-04 00:16:43 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-06-04 00:16:43 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-06-04 00:16:43 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-06-04 00:16:42 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-06-04 00:16:42 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-06-04 00:16:41 ----A---- C:\WINDOWS\system32\storprop.dll
2009-06-04 00:16:41 ----A---- C:\WINDOWS\system32\batt.dll
2009-06-04 00:16:41 ----A---- C:\WINDOWS\notepad.exe
2009-06-04 00:16:34 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-06-04 00:16:31 ----RA---- C:\WINDOWS\SET8.tmp
2009-06-04 00:16:29 ----RA---- C:\WINDOWS\SET4.tmp
2009-06-04 00:16:29 ----RA---- C:\WINDOWS\SET3.tmp
2009-06-04 00:16:25 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-04 00:16:25 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-04 00:16:19 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-06-04 00:16:02 ----A---- C:\WINDOWS\setuplog.txt
2009-06-04 00:15:59 ----SHD---- C:\System Volume Information
2009-06-04 00:15:59 ----D---- C:\Documents and Settings
2009-06-04 00:09:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-04 00:09:48 ----RSD---- C:\WINDOWS\Fonts
2009-06-04 00:09:48 ----RD---- C:\WINDOWS\Web
2009-06-04 00:09:48 ----HD---- C:\WINDOWS\inf
2009-06-04 00:09:48 ----D---- C:\WINDOWS\WinSxS
2009-06-04 00:09:48 ----D---- C:\WINDOWS\twain_32
2009-06-04 00:09:48 ----D---- C:\WINDOWS\Temp
2009-06-04 00:09:48 ----D---- C:\WINDOWS\system32\wins
2009-06-04 00:09:48 ----D---- C:\WINDOWS\system32\wbem
2009-06-04 00:09:48 ----D---- C:\WINDOWS\system32\usmt
2009-06-04 00:09:48 ----D---- C:\WINDOWS\system32\spool
2009-06-04 00:09:48 ----D---- C:\WINDOWS\system32\ShellExt
2009-06-04 00:09:48 ----D---- C:\WINDOWS\system32\Setup
2009-06-04 00:09:48 ----D---- C:\WINDOWS\system32\ras
2009-06-04 00:09:48 ----D---- C:\WINDOWS\system32\oobe
2009-06-04 00:09:48 ----D---- C:\WINDOWS\system32\npp
2009-06-04 00:09:48 ----D---- C:\WINDOWS\system32\mui
2009-06-04 00:09:48 ----D---- C:\WINDOWS\system32\inetsrv
2009-06-04 00:09:48 ----D---- C:\WINDOWS\system32\IME
2009-06-04 00:09:48 ----D---- C:\WINDOWS\system32\icsxml
2009-06-04 00:09:48 ----D---- C:\WINDOWS\system32\ias
2009-06-04 00:09:48 ----D---- C:\WINDOWS\system32\export
2009-06-04 00:09:48 ----D---- C:\WINDOWS\system32\drivers
2009-06-04 00:09:48 ----D---- C:\WINDOWS\system32\dhcp
2009-06-04 00:09:48 ----D---- C:\WINDOWS\system32\config
2009-06-04 00:09:48 ----D---- C:\WINDOWS\system32\3com_dmi
2009-06-04 00:09:48 ----D---- C:\WINDOWS\system32\3076
2009-06-04 00:09:48 ----D---- C:\WINDOWS\system32\2052
2009-06-04 00:09:48 ----D---- C:\WINDOWS\system32\1054
2009-06-04 00:09:48 ----D---- C:\WINDOWS\system32\1042
2009-06-04 00:09:48 ----D---- C:\WINDOWS\system32\1041
2009-06-04 00:09:48 ----D---- C:\WINDOWS\system32\1037
2009-06-04 00:09:48 ----D---- C:\WINDOWS\system32\1033
2009-06-04 00:09:48 ----D---- C:\WINDOWS\system32\1031
2009-06-04 00:09:48 ----D---- C:\WINDOWS\system32\1028
2009-06-04 00:09:48 ----D---- C:\WINDOWS\system32\1025
2009-06-04 00:09:48 ----D---- C:\WINDOWS\system32
2009-06-04 00:09:48 ----D---- C:\WINDOWS\system
2009-06-04 00:09:48 ----D---- C:\WINDOWS\security
2009-06-04 00:09:48 ----D---- C:\WINDOWS\Resources
2009-06-04 00:09:48 ----D---- C:\WINDOWS\repair
2009-06-04 00:09:48 ----D---- C:\WINDOWS\Provisioning
2009-06-04 00:09:48 ----D---- C:\WINDOWS\PeerNet
2009-06-04 00:09:48 ----D---- C:\WINDOWS\pchealth
2009-06-04 00:09:48 ----D---- C:\WINDOWS\mui
2009-06-04 00:09:48 ----D---- C:\WINDOWS\msapps
2009-06-04 00:09:48 ----D---- C:\WINDOWS\msagent
2009-06-04 00:09:48 ----D---- C:\WINDOWS\Media
2009-06-04 00:09:48 ----D---- C:\WINDOWS\java
2009-06-04 00:09:48 ----D---- C:\WINDOWS\ime
2009-06-04 00:09:48 ----D---- C:\WINDOWS\Help
2009-06-04 00:09:48 ----D---- C:\WINDOWS\ehome
2009-06-04 00:09:48 ----D---- C:\WINDOWS\Driver Cache
2009-06-04 00:09:48 ----D---- C:\WINDOWS\Debug
2009-06-04 00:09:48 ----D---- C:\WINDOWS\Cursors
2009-06-04 00:09:48 ----D---- C:\WINDOWS\Connection Wizard
2009-06-04 00:09:48 ----D---- C:\WINDOWS\Config
2009-06-04 00:09:48 ----D---- C:\WINDOWS\AppPatch
2009-06-04 00:09:48 ----D---- C:\WINDOWS\addins
2009-06-04 00:09:48 ----D---- C:\WINDOWS

======List of files/folders modified in the last 1 months======

2009-06-05 13:24:37 ----A---- C:\WINDOWS\win.ini
2009-06-04 00:16:52 ----A---- C:\WINDOWS\system.ini
2009-05-25 00:24:06 ----A---- C:\WINDOWS\system32\mssph.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-06-05 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-05 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-05 108552]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-06-05 20747]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 ADM851X;ADM851X USB To Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\ADM851X.SYS [2004-10-27 22144]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 FA101;NETGEAR FA101 USB Fast Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\FA101ND5.SYS [2002-03-29 24555]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2005-07-22 231168]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-09-23 3966976]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 QWAVEDRV;QWAVE driver; C:\WINDOWS\system32\DRIVERS\qwavedrv.sys [2005-10-20 14336]
S3 RT61;Linksys Wireless-G PCI Adapter Driver(RT61); C:\WINDOWS\system32\DRIVERS\RT61.sys [2005-10-27 356096]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-06-05 908568]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-05 298776]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-05 152984]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2008-01-28 303104]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\McrdSvc.exe [2005-10-20 96256]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-05-01 168004]
R2 RMSvc;Media Center Extender Resource Monitor; C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 28160]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-05-30 541992]
S2 WMP54Gv4SVC;WMP54Gv4SVC; C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe [2004-02-06 41025]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 QWAVE;QWAVE service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


Let me know any other info you may need from me.

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:24 AM

Posted 13 June 2009 - 06:12 PM

Hi CVF,


Peer-to-Peer Programs Warning
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case Limewire). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s). However, please refrain from using them until your computer has been declared clean.



Download the tools needed to a flash drive or other removable media, and transfer them to the infected computer.

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System

Posted Image


Download the file & save it as it's originally named.


---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Posted Image

  • Drag the setup package onto ComboFix.exe and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.


    Posted Image


  • At the next prompt, click 'Yes' to run the full ComboFix scan.

  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.

Next

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.



Then please post back here with the following:
  • Combofix.txt
  • Gmer log

unite.jpg


#5 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:24 AM

Posted 18 June 2009 - 06:29 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users