Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop up web pages


  • This topic is locked This topic is locked
31 replies to this topic

#1 eddieroq

eddieroq

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 25 June 2009 - 04:08 PM

I keep getting popup web pages when I am on Firefox or I E, when on Firefox I E opens on its own I have adblock plus but its not stopping them Thank you Eddie



DDS (Ver_09-05-14.01) - NTFSx86
Run by trevor at 22:56:00.73 on 25/06/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.335 [GMT 2:00]

AV: avast! antivirus 4.8.1335 [VPS 090624-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Windows Security Update\groupmanager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\trevor\local settings\application data\umqqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Styler\Styler.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Documents and Settings\trevor\My Documents\Azureus Downloads\My Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = local
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Uniblue SpeedUpMyPC]
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [umqqs] "c:\documents and settings\trevor\local settings\application data\umqqs.exe" umqqs
uRun: [Delete Find] c:\docume~1\trevor\applic~1\inters~1\Amen The.exe
mRun: [LClock] c:\program files\lclock\LClock.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [nwiz] nwiz.exe /install
mRun: [SW20] c:\windows\system32\sw20.exe
mRun: [SW24] c:\windows\system32\sw24.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [meta program mapi mags] c:\documents and settings\all users\application data\drive four meta program\List title.exe
mRun: [GroupManager] c:\program files\microsoft windows security update\groupmanager.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
StartupFolder: c:\docume~1\trevor\startm~1\programs\startup\styler.lnk - c:\docume~1\trevor\applic~1\microsoft\installer\{e9ecf354-2422-4fdb-9abf-d8adac0ef941}\_585b207a.exe
IE: &Add animation to IncrediMail Style Box - c:\progra~1\incred~1\bin\WebMenuImg.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\trevor\applic~1\mozilla\firefox\profiles\u481r4ns.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\trevor\application data\mozilla\firefox\profiles\u481r4ns.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-25 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-3-31 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-31 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-3-31 138680]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 921936]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-3-31 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-3-31 352920]
R3 PAC207;SoC PC-Camer@;c:\windows\system32\drivers\PFC027.sys [2005-2-24 162176]
S2 gupdate1c9b21de2c0ade6;Google Update Service (gupdate1c9b21de2c0ade6);c:\program files\google\update\GoogleUpdate.exe [2009-3-31 133104]

=============== Created Last 30 ================

2009-06-25 19:40 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-06-25 19:36 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-25 19:35 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-06-25 19:34 <DIR> --d----- c:\program files\Microsoft Windows Security Update
2009-06-25 19:09 159,744 a------- c:\windows\OptRemove.exe
2009-06-25 19:09 225,280 a------- c:\windows\OptChecker.exe
2009-06-24 23:07 <DIR> --d----- c:\program files\PopUp Eraser
2009-06-24 15:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Drive four meta program
2009-06-24 15:20 <DIR> --d----- c:\program files\inter sixth
2009-06-24 15:20 <DIR> --d----- c:\docume~1\trevor\applic~1\inter sixth
2009-06-24 08:56 <DIR> --d----- c:\program files\Lavasoft
2009-06-22 19:02 5,504 a------- c:\windows\system32\drivers\MSTEE.sys
2009-06-22 19:02 10,880 a------- c:\windows\system32\drivers\NdisIP.sys
2009-06-22 19:02 16,384 a------- c:\windows\system32\ipsink.ax
2009-06-22 19:02 15,232 a------- c:\windows\system32\drivers\StreamIP.sys
2009-06-22 19:02 11,136 a------- c:\windows\system32\drivers\SLIP.sys
2009-06-22 19:02 19,200 a------- c:\windows\system32\drivers\WSTCODEC.SYS
2009-06-22 19:02 85,248 a------- c:\windows\system32\drivers\NABTSFEC.sys
2009-06-22 19:02 17,024 a------- c:\windows\system32\drivers\CCDECODE.sys
2009-06-22 19:01 53,248 a------- c:\windows\system32\PAStiSvc.exe
2009-06-22 19:01 91,136 a------- c:\windows\system32\kswdmcap.ax
2009-06-22 19:01 61,952 a------- c:\windows\system32\kstvtune.ax
2009-06-22 19:01 53,760 a------- c:\windows\system32\vfwwdm32.dll
2009-06-22 19:01 43,008 a------- c:\windows\system32\ksxbar.ax
2009-06-22 19:01 28,672 a------- c:\windows\system32\vidcap.ax
2009-06-22 19:01 <DIR> --d----- c:\windows\PixArt
2009-06-22 19:01 <DIR> --d----- c:\program files\PC Camer@
2009-06-22 19:01 <DIR> --d----- c:\program files\common files\PCCamera
2009-06-22 19:00 <DIR> --d----- c:\windows\Downloaded Installations
2009-06-22 18:06 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-06-22 18:06 60,032 a------- c:\windows\system32\drivers\USBAUDIO.sys
2009-06-19 06:56 <DIR> --d----- c:\program files\Thomson
2009-06-19 06:49 162,304 a------- C:\UNWISE.EXE
2009-06-19 06:49 113,828 a------- c:\windows\system32\drivers\PDP2222.sys
2009-06-14 22:26 <DIR> --d----- c:\docume~1\trevor\applic~1\Samsung
2009-06-14 22:02 174,592 a------- c:\windows\system32\framedyn.dll
2009-06-14 22:01 5,632 a------- c:\windows\system32\drivers\StarOpen.sys
2009-06-14 21:34 109,704 a------- c:\windows\system32\drivers\ss_mdm.sys
2009-06-14 21:34 83,592 a------- c:\windows\system32\drivers\ss_bus.sys
2009-06-14 21:34 15,112 a------- c:\windows\system32\drivers\ss_mdfl.sys
2009-06-14 21:34 12,424 a------- c:\windows\system32\drivers\ss_whnt.sys
2009-06-14 21:34 12,424 a------- c:\windows\system32\drivers\ss_wh.sys
2009-06-14 21:34 12,424 a------- c:\windows\system32\drivers\ss_cmnt.sys
2009-06-14 21:34 12,424 a------- c:\windows\system32\drivers\ss_cm.sys
2009-06-14 21:34 <DIR> --d----- c:\windows\system32\Samsung_USB_Drivers
2009-06-14 21:34 766 a------- c:\windows\system32\Uninstall.ico

==================== Find3M ====================

2009-05-21 17:28 4,212 ----h--- c:\windows\system32\zllictbl.dat
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-10 21:03 294,912 a------- c:\windows\system32\TubeFinder.exe
2009-05-07 09:04 157,712 a------- c:\windows\system32\drivers\tmcomm.sys
2009-03-30 19:35 315,392 a------- c:\windows\HideWin.exe
2009-03-30 01:05 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-30 00:21 21,640 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 22:56:22.93 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:11:12 PM

Posted 29 June 2009 - 05:11 PM

Hello, eddieroq.
My name is aommaster and I will be helping you with your log.

I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Also, you may want to consider tracking this topic by either adding it to your favourites or clicking the Options button at the top of this thread.

Please note that I am in the process of my training so it may take a while for me to get back to you, as each of my fixes need to be checked by a coach first.
  • Download random's system information tool (RSIT) by random/random and save it to your desktop.
  • Double click on RSIT.exe.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
In your next reply, please include the following:
  • Log.txt
  • info.txt

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#3 eddieroq

eddieroq
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 30 June 2009 - 01:15 AM

Hi, Thanks for the reply here are the logs s requested




Logfile of random's system information tool 1.06 (written by random/random)
Run by trevor at 2009-06-30 08:04:22
Microsoft Windows XP Professional Service Pack 3
System drive C: has 51 GB (39%) free of 131 GB
Total RAM: 1023 MB (13% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:04:28, on 30/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Windows Security Update\groupmanager.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\trevor\local settings\application data\osgka.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Styler\Styler.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Vuze\Azureus.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\trevor\My Documents\Azureus Downloads\My Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\trevor.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [meta program mapi mags] C:\Documents and Settings\All Users\Application Data\Drive four meta program\List title.exe
O4 - HKLM\..\Run: [GroupManager] C:\Program Files\Microsoft Windows Security Update\groupmanager.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Delete Find] C:\DOCUME~1\trevor\APPLIC~1\INTERS~1\Amen The.exe
O4 - HKCU\..\Run: [osgka] "c:\documents and settings\trevor\local settings\application data\osgka.exe" osgka
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Styler.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\WebMenuImg.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate1c9b21de2c0ade6) (gupdate1c9b21de2c0ade6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 8213 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-25 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - C:\Program Files\Styler\TB\StylerTB.dll [2006-05-02 102400]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LClock"=C:\Program Files\LClock\LClock.exe [2004-09-19 65536]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-02-13 16857600]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"nwiz"=nwiz.exe /install []
"SW20"=C:\WINDOWS\system32\sw20.exe []
"SW24"=C:\WINDOWS\system32\sw24.exe [2006-04-04 69632]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-03-17 86016]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-05-02 198160]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-03-17 7561216]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]
"meta program mapi mags"=C:\Documents and Settings\All Users\Application Data\Drive four meta program\List title.exe [2009-06-29 823296]
"GroupManager"=C:\Program Files\Microsoft Windows Security Update\groupmanager.exe [2009-02-14 32256]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-06-29 520024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-03-22 1271808]
"Uniblue SpeedUpMyPC"= []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2006-03-01 90112]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-03-21 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-04-25 39408]
"Delete Find"=C:\DOCUME~1\trevor\APPLIC~1\INTERS~1\Amen The.exe [2009-06-24 540672]
"osgka"=c:\documents and settings\trevor\local settings\application data\osgka.exe [2009-06-27 256000]

C:\Documents and Settings\trevor\Start Menu\Programs\Startup
Styler.lnk - C:\Documents and Settings\trevor\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-06-30 08:04:22 ----D---- C:\rsit
2009-06-28 09:23:44 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-06-28 08:59:55 ----D---- C:\WINDOWS\ie8updates
2009-06-28 08:56:59 ----HDC---- C:\WINDOWS\ie8
2009-06-28 08:06:55 ----A---- C:\WINDOWS\system32\MRT.exe
2009-06-27 03:08:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-06-27 03:08:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-06-27 03:08:34 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-06-27 03:08:24 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-06-27 03:08:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-06-27 03:08:05 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-06-27 03:07:57 ----D---- C:\WINDOWS\system32\KB905474
2009-06-27 03:07:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-06-27 03:07:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-06-27 03:07:26 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-06-27 03:07:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-06-27 03:06:59 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-27 03:06:50 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-06-27 03:06:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-06-27 03:06:30 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-27 03:06:20 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-06-27 03:05:55 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-06-27 03:05:46 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-06-27 03:05:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-06-27 03:05:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-06-27 03:05:15 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-06-27 03:05:06 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-06-27 03:04:42 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-06-27 03:04:33 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-06-27 03:04:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-06-27 03:03:52 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-06-27 03:03:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-06-27 03:03:36 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-06-27 03:03:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-06-27 03:03:19 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-27 03:02:49 ----D---- C:\WINDOWS\ie7updates
2009-06-27 03:02:35 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-06-27 03:02:26 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-27 03:02:16 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-06-27 03:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-06-27 03:01:58 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-06-27 03:01:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-06-27 03:01:33 ----D---- C:\Program Files\MSXML 4.0
2009-06-27 03:01:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-06-27 03:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-06-27 03:00:33 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-06-26 03:39:40 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-06-26 03:01:14 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-06-26 03:00:28 ----D---- C:\WINDOWS\system32\PreInstall
2009-06-26 03:00:26 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-06-26 03:00:26 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-25 19:40:10 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-06-25 19:35:08 ----HDC---- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-06-25 19:34:04 ----D---- C:\Program Files\Microsoft Windows Security Update
2009-06-25 19:09:41 ----A---- C:\WINDOWS\OptRemove.exe
2009-06-25 19:09:40 ----A---- C:\WINDOWS\OptChecker.exe
2009-06-24 23:07:12 ----D---- C:\Program Files\PopUp Eraser
2009-06-24 15:22:02 ----D---- C:\Documents and Settings\All Users\Application Data\Drive four meta program
2009-06-24 15:20:21 ----D---- C:\Program Files\inter sixth
2009-06-24 15:20:20 ----D---- C:\Documents and Settings\trevor\Application Data\inter sixth
2009-06-24 08:56:33 ----D---- C:\Program Files\Lavasoft
2009-06-24 08:56:33 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-06-22 19:01:59 ----A---- C:\WINDOWS\system32\PAStiSvc.exe
2009-06-22 19:01:55 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-06-22 19:01:22 ----D---- C:\WINDOWS\PixArt
2009-06-22 19:01:22 ----D---- C:\Program Files\PC Camer@
2009-06-22 19:01:22 ----D---- C:\Program Files\Common Files\PCCamera
2009-06-22 19:00:56 ----D---- C:\WINDOWS\Downloaded Installations
2009-06-19 06:56:09 ----D---- C:\Program Files\Thomson
2009-06-19 06:49:41 ----A---- C:\UNWISE.EXE
2009-06-16 08:03:54 ----A---- C:\WINDOWS\system32\javaws.exe
2009-06-16 08:03:54 ----A---- C:\WINDOWS\system32\javaw.exe
2009-06-16 08:03:54 ----A---- C:\WINDOWS\system32\java.exe
2009-06-14 22:50:33 ----D---- C:\WINDOWS\Minidump
2009-06-14 22:26:33 ----D---- C:\Documents and Settings\trevor\Application Data\Samsung
2009-06-14 22:02:02 ----A---- C:\WINDOWS\system32\framedyn.dll
2009-06-14 22:01:50 ----D---- C:\Program Files\DIFX
2009-06-14 22:01:48 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-06-14 21:34:32 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers

======List of files/folders modified in the last 1 months======

2009-06-30 08:04:22 ----D---- C:\Documents and Settings\trevor\Application Data\Azureus
2009-06-30 08:03:42 ----D---- C:\Program Files\Mozilla Firefox
2009-06-30 05:28:00 ----D---- C:\WINDOWS\Temp
2009-06-30 05:23:59 ----D---- C:\WINDOWS\Prefetch
2009-06-30 05:23:53 ----SD---- C:\WINDOWS\Tasks
2009-06-30 05:23:52 ----SHD---- C:\WINDOWS\Installer
2009-06-29 20:08:42 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-29 20:06:53 ----D---- C:\WINDOWS
2009-06-29 19:43:51 ----D---- C:\WINDOWS\system32\drivers
2009-06-29 15:44:19 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-06-28 09:23:44 ----D---- C:\WINDOWS\system32
2009-06-28 09:17:33 ----D---- C:\WINDOWS\system32\en-US
2009-06-28 09:17:29 ----HD---- C:\WINDOWS\inf
2009-06-28 09:17:29 ----D---- C:\WINDOWS\system32\dllcache
2009-06-28 09:17:29 ----D---- C:\WINDOWS\Media
2009-06-28 09:17:29 ----D---- C:\WINDOWS\Help
2009-06-28 09:17:29 ----D---- C:\Program Files\Internet Explorer
2009-06-28 09:00:11 ----A---- C:\WINDOWS\imsins.BAK
2009-06-28 08:06:57 ----D---- C:\WINDOWS\Debug
2009-06-27 14:49:41 ----A---- C:\WINDOWS\NeroDigital.ini
2009-06-27 03:20:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-27 03:15:23 ----D---- C:\WINDOWS\system32\wbem
2009-06-27 03:15:21 ----D---- C:\WINDOWS\AppPatch
2009-06-27 03:14:37 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-27 03:06:51 ----D---- C:\WINDOWS\WinSxS
2009-06-27 03:01:35 ----D---- C:\Config.Msi
2009-06-27 03:01:33 ----RD---- C:\Program Files
2009-06-26 05:17:37 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-25 19:40:20 ----D---- C:\WINDOWS\SoftwareDistribution
2009-06-25 19:10:55 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-24 21:39:40 ----RD---- C:\My Music
2009-06-22 19:17:16 ----A---- C:\WINDOWS\win.ini
2009-06-22 19:10:06 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-06-22 19:01:23 ----D---- C:\WINDOWS\twain_32
2009-06-22 19:01:22 ----D---- C:\Program Files\Common Files
2009-06-19 09:07:08 ----D---- C:\Documents and Settings
2009-06-16 08:03:53 ----D---- C:\Program Files\Java
2009-06-14 21:34:22 ----D---- C:\Program Files\SAMSUNG
2009-06-12 16:30:44 ----D---- C:\Documents and Settings\trevor\Application Data\Real

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-03-21 36352]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-06-14 5632]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-03-21 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-03-17 3655712]
R3 PAC207;SoC PC-Camer@; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
R3 RT61;Conceptronic RT61 54g Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2006-01-19 363008]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-03-21 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-03-21 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-03-21 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-03-21 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-03-21 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-03-21 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-03-21 26368]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-07 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-03-21 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-03-21 10368]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-03-21 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-03-21 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-03-21 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-07 61824]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-03-21 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-03-21 11136]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 ssm_bus;Samsung Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-05-20 52416]
S3 ssm_mdfl;Samsung Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-05-20 6096]
S3 ssm_mdm;Samsung Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-05-20 84512]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-03-21 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-03-21 60032]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-03-21 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-21 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-06-29 1029456]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-03-17 73728]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-03-17 143426]
R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-03-21 267776]
S2 gupdate1c9b21de2c0ade6;Google Update Service (gupdate1c9b21de2c0ade6); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-31 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-25 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-03-21 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------












info.txt logfile of random's system information tool 1.06 2009-06-30 08:04:31

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Acoustica CD/DVD Label Maker-->C:\Program Files\Acoustica CD Label Maker\cdlabel.exe UNINSTALL
Acoustica Photos Forever-->C:\PROGRA~1\ACOUST~2\UNWISE.EXE C:\PROGRA~1\ACOUST~2\INSTALL.LOG
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.4-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Alky for Applications (Windows XP)-->MsiExec.exe /X{BB05D173-9681-4812-A7FA-BD4042A3DA00}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audacity 1.3.7 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Belarc Advisor 7.2-->C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}\SETUP.EXE" -l0x9 UNINST
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Combined Community Codec Pack 2008-01-24-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Corel Uninstaller-->C:\WINDOWS\COREL\UNINST32.EXE
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DAMN NFO Viewer v2.10.0032.RC3 (Remove Only)-->rundll32.exe advpack.dll,LaunchINFSection DamnNFO.inf,DefaultUninstall
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Ease Audio Converter 4.50-->"C:\Program Files\easetech\EaseAudioConverter\unins000.exe"
Easy Icon Maker-->C:\PROGRA~1\EASYIC~1\UNWISE.EXE C:\PROGRA~1\EASYIC~1\INSTALL.LOG
EPSON Attach To Email-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x9 -UnInstall
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D78F2A2-C893-4ABD-B5FE-AD7011837755}\SETUP.EXE" -l0x9 UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x9 UNINST
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual-->C:\Program Files\EPSON\TPMANUAL\ES_CX_DX\ENG\USE_G\DOCUNINS.EXE
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
FastStone Image Viewer 3.7-->C:\Program Files\FastStone Image Viewer\uninst.exe
Favorit-->"c:\documents and settings\trevor\local settings\application data\osgka.exe" -uninstall
FLV Player 2.0 (build 25)-->C:\Program Files\FLV Player\uninst.exe
Free FLV Converter V 6.32-->"C:\Program Files\Free FLV Converter\unins000.exe"
Gadget Installer-->MsiExec.exe /I{3F3733A5-8322-454D-A638-3B74E1C83752}
Google Chrome-->"C:\Program Files\Google\Chrome\Application\2.0.172.33\Installer\setup.exe" --uninstall --system-level
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Photos Screensaver-->MsiExec.exe /X{00C62B23-9336-4AF2-8DD4-BBDBE599DD76}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HouseCall 6.6-->"C:\Documents and Settings\trevor\Application Data\HouseCall 6.6\uninstaller.exe"
IconPackager-->C:\PROGRA~1\Stardock\OBJECT~1\ICONPA~1\iconpackager.exe /uninstallwise
IncrediMail JunkFilter Plus-->C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:JunkFilterPlus
IncrediMail Xe-->C:\Program Files\IncrediMail\bin\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log
Java™ 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LClock-->C:\Program Files\LClock\Uninstall.exe
LightScribe System Software-->MsiExec.exe /X{7F10292C-A190-4176-A665-A1ED3478DF86}
Magic ISO Maker v5.4 (build 0239)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MD Wallpaper Creator-->MsiExec.exe /I{8AD73A7E-8C2A-4409-BF18-53C254A24EC0}
Micrografx Photo Magic-->C:\WINDOWS\MGXCLEAN.EXE MAGIC.APP
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2007 Recent Documents Gadget-->MsiExec.exe /X{90120000-008A-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7 Demo-->MsiExec.exe /I{1B779CC7-5F25-29B3-5150-AF44A6201033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PC Camer@-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{C36C3F84-E04B-44E3-9D7B-ABBCC6BE94F5} /l1033
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RAD Video Tools-->"C:\Program Files\RADVideo\uninstall.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Recover My Files-->"C:\Program Files\GetData\Recover My Files\unins000.exe"
Resource Hacker 3.4.0-->"C:\WINDOWS\Resource Hacker 3.4.0\uninstall.exe" "/U:C:\Program Files\Resource Hacker 3.4.0\Uninstall\uninstall.xml"
Right Click Image Converter-->"C:\Program Files\Kristanix\Right Click Image Converter\uninstall.exe"
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
SAMSUNG Mobile Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
Samsung Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_Mobile_USB_Drivers\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x0009 -removeonly
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0009 -removeonly
Samsung PC Studio II 2.0 Image Editor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8148F35A-B15C-465B-80C2-DC0E1234EC20}\setup.exe" -l0x9
Samsung PC Studio II 2.0 PIMS & File Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D4E01931-9B3F-49BD-B19B-511000A1E039}\Setup.exe" -l0x9
Samsung PC Studio II 2.0 Sample-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1C27BA8F-0E90-4316-9F71-C0B55362A294}\Setup.exe" -l0x9
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Styler-->MsiExec.exe /I{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}
Thomson Lyra Pocket USB Setup-->C:\UNWISE.EXE C:\INSTALL.LOG
Thomson Lyra Pocket USB-->C:\PROGRA~1\Thomson\POCKET~1\UNWISE.EXE C:\PROGRA~1\Thomson\POCKET~1\INSTALL.LOG
Uniblue RegistryBooster 2-->"C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Uniblue SpeedUpMyPC 3-->"C:\Program Files\Uniblue\SpeedUpMyPC 3\unins000.exe"
Unlocker 1.8.5-->C:\Program Files\Unlocker\uninst.exe
Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Vuze-->C:\Program Files\Vuze\uninstall.exe
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpacm_18A9B92ED8DEDC602E49E767FA4BE98A30525207\shpacm.inf
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpusb_558D416BCEB984F35885804D3E1A9C3773F1B17C\shpusb.inf
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Sidebar-->RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,UnInstall
Windows Vista Sounds Pack-->MsiExec.exe /I{E1230694-33DA-4E74-82E1-06CC9D545E9B}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZix-->C:\Program Files\WinZix\uninstall.exe

=====HijackThis Backups=====

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 [2009-06-27]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-06-27]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-06-27]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 [2009-06-27]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-06-27]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local [2009-06-27]

======Hosts File======

127.0.0.1 mininova.com #Mininova
127.0.0.1 mininova.org #Mininova
127.0.0.1 www.mininova.com #Mininova
127.0.0.1 www.mininova.org #Mininova
127.0.0.1 thepiratebay.com #TPB
127.0.0.1 thepiratebay.org #TPB
127.0.0.1 www.thepiratebay.com #TPB
127.0.0.1 www.thepiratebay.org #TPB
127.0.0.1 h33t.com #H33t
127.0.0.1 h33t.org #H33t

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090629-0]

======System event log======

Computer Name: TREVOR-6A0D59FA
Event Code: 10010
Message: The server {121BC3CF-7F8A-4CFF-80DB-3853231BE619} did not register with DCOM within the required timeout.

Record Number: 4497
Source Name: DCOM
Time Written: 20090521055302.000000+120
Event Type: error
User: TREVOR-6A0D59FA\trevor

Computer Name: TREVOR-6A0D59FA
Event Code: 10010
Message: The server {121BC3CF-7F8A-4CFF-80DB-3853231BE619} did not register with DCOM within the required timeout.

Record Number: 4496
Source Name: DCOM
Time Written: 20090521055102.000000+120
Event Type: error
User: TREVOR-6A0D59FA\trevor

Computer Name: TREVOR-6A0D59FA
Event Code: 10010
Message: The server {121BC3CF-7F8A-4CFF-80DB-3853231BE619} did not register with DCOM within the required timeout.

Record Number: 4495
Source Name: DCOM
Time Written: 20090521054902.000000+120
Event Type: error
User: TREVOR-6A0D59FA\trevor

Computer Name: TREVOR-6A0D59FA
Event Code: 10010
Message: The server {121BC3CF-7F8A-4CFF-80DB-3853231BE619} did not register with DCOM within the required timeout.

Record Number: 4494
Source Name: DCOM
Time Written: 20090521054702.000000+120
Event Type: error
User: TREVOR-6A0D59FA\trevor

Computer Name: TREVOR-6A0D59FA
Event Code: 10010
Message: The server {121BC3CF-7F8A-4CFF-80DB-3853231BE619} did not register with DCOM within the required timeout.

Record Number: 4493
Source Name: DCOM
Time Written: 20090521054502.000000+120
Event Type: error
User: TREVOR-6A0D59FA\trevor

=====Application event log=====

Computer Name: TREVOR-6A0D59FA
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 30
Source Name: Userenv
Time Written: 20090627031415.000000+120
Event Type: warning
User: TREVOR-6A0D59FA\trevor

Computer Name: TREVOR-6A0D59FA
Event Code: 1002
Message: Hanging application explorer.exe, version 6.0.2900.5508, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 24
Source Name: Application Hang
Time Written: 20090626194102.000000+120
Event Type: error
User:

Computer Name: TREVOR-6A0D59FA
Event Code: 1000
Message: Faulting application dupelocater.exe, version 2.0.0.1, faulting module ntdll.dll, version 5.1.2600.5508, fault address 0x000109f9.

Record Number: 18
Source Name: Application Error
Time Written: 20090626085552.000000+120
Event Type: error
User:

Computer Name: TREVOR-6A0D59FA
Event Code: 32068
Message: The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Record Number: 5
Source Name: Microsoft Fax
Time Written: 20090625193815.000000+120
Event Type: warning
User:

Computer Name: TREVOR-6A0D59FA
Event Code: 32026
Message: Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Record Number: 4
Source Name: Microsoft Fax
Time Written: 20090625193815.000000+120
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Alky for Applications\Libraries\;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Samsung\Samsung PC Studio 3\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0407
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------
THANK YOU

Trevor

#4 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:11:12 PM

Posted 02 July 2009 - 04:37 PM

Thanks for posting your log. Logs take a while to process due to intensive research that must be done. Please give me some time to look over your logs and I will post back soon :thumbup2:

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#5 eddieroq

eddieroq
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 03 July 2009 - 01:38 AM

Thankyou

#6 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:11:12 PM

Posted 03 July 2009 - 05:25 AM

Hello, eddieroq.
No problem at all! Glad to help :thumbup2:


P2P Program Warning!

Vuze (Azureus)

P2P programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

This article from InfoWorld illustrates perfectly the dangers of a poorly configured P2P program.
Here

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

Note: It is pretty much certain that if you continue to use P2P programs, then you will get infected again.
I would recommend that you uninstall Vuze (Azureus), however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.




Registry Cleaner Program Warning!

Uniblue RegistryBooster 2

Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.




We need to run Lop S&D
  • Download Lop S&D by Eric_71 and save it to your desktop.
    Lop S&D will only run on Windows XP and Windows Vista
  • Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.
    To see how to disable security programs visit this tutorial
  • Double-click LopSD.exe
    If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.
  • Choose the language by typing of the corresponding letter and press Enter
  • Click OK at the informative window
  • Type 1, to choose Option 1 (Search) then press Enter
  • Wait until the end of the scan
  • A report will be generated, post the contents of it in your next reply.
(Copy of the report can be found at this location: %SystemDrive%\lopR.txt, in most cases C:\lopR.txt)

In your next reply, please include the following:
  • lopR.txt

Edited by aommaster, 03 July 2009 - 05:25 AM.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#7 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:11:12 PM

Posted 06 July 2009 - 05:10 AM

Hello eddieroq
Are you still with us?

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#8 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:12 PM

Posted 08 July 2009 - 07:50 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image

#9 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:12 PM

Posted 08 July 2009 - 09:23 AM

Reopened upon request.
Microsoft MVP Consumer Security
Posted Image

Posted Image

#10 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:11:12 PM

Posted 08 July 2009 - 09:31 AM

Hello eddieroq
Please let me know where you are in the fix I last posted. If you have not carried out the fix I posted and have not made any changes to your computer, please continue through with it. If not, please post up a new RSIT log so I can take a look at the current condition of your system.

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#11 eddieroq

eddieroq
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 08 July 2009 - 10:41 AM

Hi Thanks , Here is the LOP log as requested & RSIT LOGS. I have deleted all the torrents I had .


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel® Pentium® D CPU 2.80GHz )
BIOS : BIOS Date: 07/26/2006 Ver: 08.00.12
USER : trevor ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090707-0] 4.8.1335 (Not Activated)
C:\ (Local Disk) - NTFS - Total:127 Go (Free:50 Go)
D:\ (Local Disk) - FAT32 - Total:372 Go (Free:26 Go)
E:\ (Local Disk) - NTFS - Total:104 Go (Free:26 Go)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (CD or DVD)
L:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 08/07/2009|17:04 )

--------------------\\ Listing folders in APPLIC~1

[25/06/2009|19:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{83C91755-2546-441D-AC40-9A6B4B860800}
[02/07/2009|14:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[27/04/2009|16:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[04/04/2009|16:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[24/04/2009|13:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[02/07/2009|14:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[30/03/2009|20:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[24/06/2009|15:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Drive four meta program
[24/04/2009|13:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\EPSON
[25/04/2009|15:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[07/07/2009|23:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[30/03/2009|17:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IM
[30/03/2009|17:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IncrediMail
[25/06/2009|19:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[01/04/2009|00:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LightScribe
[30/03/2009|17:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
[22/06/2009|19:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[31/03/2009|17:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[06/07/2009|02:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[30/03/2009|16:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[30/03/2009|19:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[19/05/2009|09:06] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[30/03/2009|00:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[30/03/2009|00:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[30/03/2009|00:16] C:\DOCUME~1\DEFAUL~1\APPLIC~1\WinRAR

[30/03/2009|19:39] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[25/06/2009|19:17] C:\DOCUME~1\LOCALS~1\APPLIC~1\Mozilla

[30/03/2009|00:24] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[31/03/2009|00:49] C:\DOCUME~1\trevor\APPLIC~1\Acoustica
[27/04/2009|15:59] C:\DOCUME~1\trevor\APPLIC~1\Adobe
[30/03/2009|02:21] C:\DOCUME~1\trevor\APPLIC~1\AdobeUM
[23/05/2009|15:41] C:\DOCUME~1\trevor\APPLIC~1\Ahead
[02/07/2009|15:26] C:\DOCUME~1\trevor\APPLIC~1\Apple Computer
[24/04/2009|13:06] C:\DOCUME~1\trevor\APPLIC~1\Audacity
[08/07/2009|17:04] C:\DOCUME~1\trevor\APPLIC~1\Azureus
[01/04/2009|15:17] C:\DOCUME~1\trevor\APPLIC~1\DivX
[13/05/2009|19:24] C:\DOCUME~1\trevor\APPLIC~1\EPSON
[09/04/2009|09:45] C:\DOCUME~1\trevor\APPLIC~1\FastStone
[24/04/2009|13:07] C:\DOCUME~1\trevor\APPLIC~1\GetRightToGo
[23/04/2009|23:05] C:\DOCUME~1\trevor\APPLIC~1\Google
[30/03/2009|21:18] C:\DOCUME~1\trevor\APPLIC~1\Help
[24/04/2009|17:18] C:\DOCUME~1\trevor\APPLIC~1\HouseCall 6.6
[30/03/2009|00:47] C:\DOCUME~1\trevor\APPLIC~1\Identities
[30/03/2009|16:35] C:\DOCUME~1\trevor\APPLIC~1\InstallShield
[30/03/2009|17:59] C:\DOCUME~1\trevor\APPLIC~1\Macromedia
[09/04/2009|21:31] C:\DOCUME~1\trevor\APPLIC~1\Media Player Classic
[09/04/2009|19:28] C:\DOCUME~1\trevor\APPLIC~1\Microsoft
[31/03/2009|00:08] C:\DOCUME~1\trevor\APPLIC~1\Mozilla
[31/03/2009|17:17] C:\DOCUME~1\trevor\APPLIC~1\Nero
[12/06/2009|16:30] C:\DOCUME~1\trevor\APPLIC~1\Real
[14/06/2009|22:26] C:\DOCUME~1\trevor\APPLIC~1\Samsung
[30/03/2009|00:47] C:\DOCUME~1\trevor\APPLIC~1\Styler
[30/03/2009|00:32] C:\DOCUME~1\trevor\APPLIC~1\Sun
[30/03/2009|01:55] C:\DOCUME~1\trevor\APPLIC~1\Talkback
[15/04/2009|15:40] C:\DOCUME~1\trevor\APPLIC~1\Torrent Episode Downloader
[31/03/2009|19:45] C:\DOCUME~1\trevor\APPLIC~1\Uniblue
[30/03/2009|00:16] C:\DOCUME~1\trevor\APPLIC~1\WinRAR

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[08/07/2009 15:28][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[08/07/2009 17:01][--a------] C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[08/07/2009 17:01][--a------] C:\WINDOWS\tasks\WGASetup.job
[06/07/2009 19:49][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[08/07/2009 17:01][--a------] C:\WINDOWS\tasks\Google Software Updater.job
[04/07/2009 10:11][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/07/2009 17:00][--ah-----] C:\WINDOWS\tasks\SA.DAT
[22/08/2001 23:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[30/03/2009|16:37] C:\Program Files\ABBYY FineReader 6.0 Sprint
[31/03/2009|00:50] C:\Program Files\Acoustica CD Label Maker
[31/03/2009|19:12] C:\Program Files\Acoustica Photos Forever
[27/04/2009|16:48] C:\Program Files\Adobe
[30/03/2009|00:34] C:\Program Files\Alky for Applications
[30/03/2009|09:46] C:\Program Files\Alwil Software
[24/04/2009|13:06] C:\Program Files\Apple Software Update
[30/03/2009|19:20] C:\Program Files\Audacity 1.3 Beta (Unicode)
[30/03/2009|19:19] C:\Program Files\Belarc
[02/07/2009|14:46] C:\Program Files\Bonjour
[30/03/2009|00:31] C:\Program Files\CCleaner
[31/03/2009|19:27] C:\Program Files\Combined Community Codec Pack
[02/07/2009|14:43] C:\Program Files\Common Files
[30/03/2009|00:21] C:\Program Files\ComPlus Applications
[30/03/2009|00:16] C:\Program Files\Desktop
[14/06/2009|22:01] C:\Program Files\DIFX
[31/03/2009|19:04] C:\Program Files\DivX
[13/04/2009|19:56] C:\Program Files\easetech
[24/04/2009|13:27] C:\Program Files\Easy Icon Maker
[24/04/2009|13:28] C:\Program Files\epson
[30/03/2009|17:10] C:\Program Files\Euromat
[31/03/2009|00:46] C:\Program Files\FastStone Image Viewer
[24/04/2009|13:06] C:\Program Files\FLV Player
[17/05/2009|20:21] C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
[07/07/2009|14:19] C:\Program Files\Free FLV Converter
[16/05/2009|18:48] C:\Program Files\GetData
[19/05/2009|09:06] C:\Program Files\Google
[30/03/2009|19:15] C:\Program Files\Google Hacks
[30/03/2009|00:16] C:\Program Files\HashTab Shell Extension
[31/03/2009|00:28] C:\Program Files\IncrediMail
[25/06/2009|19:10] C:\Program Files\InstallShield Installation Information
[28/06/2009|09:17] C:\Program Files\Internet Explorer
[02/07/2009|14:47] C:\Program Files\iPod
[02/07/2009|14:47] C:\Program Files\iTunes
[16/06/2009|08:03] C:\Program Files\Java
[30/03/2009|00:33] C:\Program Files\Kristanix
[25/06/2009|19:34] C:\Program Files\Lavasoft
[30/03/2009|00:17] C:\Program Files\LClock
[31/03/2009|00:24] C:\Program Files\MagicISO
[21/04/2009|20:23] C:\Program Files\MD Multimedia
[30/03/2009|17:14] C:\Program Files\Micrografx
[30/03/2009|17:02] C:\Program Files\Microsoft ActiveSync
[30/03/2009|17:02] C:\Program Files\Microsoft Office
[30/03/2009|00:16] C:\Program Files\Microsoft PowerToys
[25/06/2009|19:34] C:\Program Files\Microsoft Windows Security Update
[30/03/2009|17:00] C:\Program Files\Microsoft.NET
[08/07/2009|17:03] C:\Program Files\Mozilla Firefox
[30/03/2009|00:28] C:\Program Files\MSBuild
[27/06/2009|03:01] C:\Program Files\MSXML 4.0
[01/04/2009|00:20] C:\Program Files\Nero
[30/03/2009|00:23] C:\Program Files\Online Services
[30/03/2009|00:22] C:\Program Files\Outlook Express
[22/06/2009|19:01] C:\Program Files\PC Camer@
[24/06/2009|23:18] C:\Program Files\PopUp Eraser
[02/07/2009|14:46] C:\Program Files\QuickTime
[31/03/2009|00:12] C:\Program Files\RADVideo
[02/05/2009|20:00] C:\Program Files\Real
[30/03/2009|19:35] C:\Program Files\Realtek
[30/03/2009|19:29] C:\Program Files\Realtek AC97
[30/03/2009|00:28] C:\Program Files\Reference Assemblies
[30/03/2009|00:33] C:\Program Files\Resource Hacker 3.4.0
[14/06/2009|21:34] C:\Program Files\SAMSUNG
[30/03/2009|00:33] C:\Program Files\Stardock
[30/03/2009|00:47] C:\Program Files\Styler
[19/06/2009|06:56] C:\Program Files\Thomson
[24/04/2009|13:28] C:\Program Files\Torrent Episode Downloader
[31/03/2009|19:39] C:\Program Files\Trend Micro
[30/03/2009|19:22] C:\Program Files\Uniblue
[13/04/2009|19:30] C:\Program Files\Uninstall Information
[30/03/2009|00:17] C:\Program Files\Unlocker
[30/03/2009|00:17] C:\Program Files\Utilities
[30/03/2009|00:19] C:\Program Files\VistaExperience.org
[13/04/2009|00:30] C:\Program Files\Vuze
[30/03/2009|00:36] C:\Program Files\Windows Media Connect 2
[30/03/2009|00:36] C:\Program Files\Windows Media Player
[30/03/2009|00:16] C:\Program Files\Windows NT
[30/03/2009|00:34] C:\Program Files\Windows Sidebar
[30/03/2009|00:23] C:\Program Files\WindowsUpdate
[30/03/2009|00:16] C:\Program Files\WinRAR
[30/03/2009|17:46] C:\Program Files\Zone Labs

--------------------\\ Listing Folders in C:\Program Files\Common Files

[27/04/2009|16:48] C:\Program Files\Common Files\Adobe
[31/03/2009|20:33] C:\Program Files\Common Files\Ahead
[02/07/2009|14:47] C:\Program Files\Common Files\Apple
[30/03/2009|17:02] C:\Program Files\Common Files\DESIGNER
[31/03/2009|19:03] C:\Program Files\Common Files\DivX Shared
[30/03/2009|16:40] C:\Program Files\Common Files\InstallShield
[30/03/2009|00:32] C:\Program Files\Common Files\Java
[31/03/2009|19:19] C:\Program Files\Common Files\LightScribe
[13/04/2009|19:30] C:\Program Files\Common Files\Microsoft Shared
[30/03/2009|00:22] C:\Program Files\Common Files\MSSoap
[31/03/2009|17:50] C:\Program Files\Common Files\Nero
[30/03/2009|01:52] C:\Program Files\Common Files\ODBC
[22/06/2009|19:01] C:\Program Files\Common Files\PCCamera
[02/05/2009|20:00] C:\Program Files\Common Files\Real
[30/03/2009|00:22] C:\Program Files\Common Files\Services
[30/03/2009|01:52] C:\Program Files\Common Files\SpeechEngines
[24/04/2009|13:28] C:\Program Files\Common Files\Stardock
[30/03/2009|00:22] C:\Program Files\Common Files\System
[02/05/2009|20:00] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 51 Processes )

IEXPLORE.EXE ~ [PID:1940]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-08 17:05:52
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


C:\DOCUME~1\trevor\LOCALS~1\APPLIC~1\osgka.dat
C:\DOCUME~1\trevor\LOCALS~1\APPLIC~1\osgka.exe
C:\DOCUME~1\trevor\LOCALS~1\APPLIC~1\osgka_nav.dat
C:\DOCUME~1\trevor\LOCALS~1\APPLIC~1\osgka_navps.dat
==> EGDACCESS <==

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\trevor\My Documents\downloads\Incredimail XE premium + registration key\Incredimail crack
C:\DOCUME~1\trevor\My Documents\downloads\Incredimail XE premium + registration key\Incredimail crack\Crack Instructions.txt
C:\DOCUME~1\trevor\My Documents\downloads\Incredimail XE premium + registration key\Incredimail crack\IncrediMail.reg
C:\DOCUME~1\trevor\My Documents\downloads\Incredimail XE premium + registration key\Incredimail crack\IncrediMailXE_5xx_crack.exe
C:\DOCUME~1\trevor\My Documents\My Pictures\wallpaper2\Just sheer awesomenes\Textures\cracks.psd
C:\DOCUME~1\trevor\My Documents\My Pictures\wallpaper2\Just sheer awesomenes\Textures\MudCracks.jpg
C:\DOCUME~1\trevor\My Documents\pos\PlexisKeygen.exe
C:\DOCUME~1\trevor\My Documents\Torrents\Age of Empires III inc Warchiefs, Asian Dynasties and Cracks-Patches[h33t][mattlb0619][Requested].torrent
C:\DOCUME~1\trevor\My Documents\Torrents\AVG 8.5 with keygen(PUTTU).torrent
C:\DOCUME~1\trevor\My Documents\Torrents\BitDefender Antivirus 2009 v12.0.11.4 Incl Keygen .torrent
C:\DOCUME~1\trevor\Recent\optenet pc parental control software 9.4.1 crack.lnk
C:\DOCUME~1\trevor\Recent\Optenet_control_parental_9.4.1_Crack.lnk


[F:940][D:43]-> C:\DOCUME~1\trevor\LOCALS~1\Temp
[F:37][D:0]-> C:\DOCUME~1\trevor\Cookies
[F:1122][D:6]-> C:\DOCUME~1\trevor\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 08/07/2009|16:34 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 08/07/2009|16:47 - Option : [2]
3 - "C:\Lop SD\LopR_3.txt" - 08/07/2009|16:51 - Option : [2]
4 - "C:\Lop SD\LopR_4.txt" - 08/07/2009|17:07 - Option : [1]

--------------------\\ Scan completed at 17:07:09




Logfile of random's system information tool 1.06 (written by random/random)
Run by trevor at 2009-07-08 17:23:58
Microsoft Windows XP Professional Service Pack 3
System drive C: has 52 GB (40%) free of 131 GB
Total RAM: 1023 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:24:00, on 08/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Windows Security Update\groupmanager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\trevor\local settings\application data\osgka.exe
C:\Program Files\Styler\Styler.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\trevor\My Documents\Azureus Downloads\My Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\trevor.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [meta program mapi mags] C:\Documents and Settings\All Users\Application Data\Drive four meta program\List title.exe
O4 - HKLM\..\Run: [GroupManager] C:\Program Files\Microsoft Windows Security Update\groupmanager.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [osgka] "c:\documents and settings\trevor\local settings\application data\osgka.exe" osgka
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Styler.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\WebMenuImg.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9b21de2c0ade6) (gupdate1c9b21de2c0ade6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 8503 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-25 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - C:\Program Files\Styler\TB\StylerTB.dll [2006-05-02 102400]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LClock"=C:\Program Files\LClock\LClock.exe [2004-09-19 65536]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-02-13 16857600]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"nwiz"=nwiz.exe /install []
"SW20"=C:\WINDOWS\system32\sw20.exe []
"SW24"=C:\WINDOWS\system32\sw24.exe [2006-04-04 69632]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-03-17 86016]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-05-02 198160]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-03-17 7561216]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]
"meta program mapi mags"=C:\Documents and Settings\All Users\Application Data\Drive four meta program\List title.exe [2009-07-08 823296]
"GroupManager"=C:\Program Files\Microsoft Windows Security Update\groupmanager.exe [2009-02-14 32256]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-06-29 520024]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-03-22 1271808]
"Uniblue SpeedUpMyPC"= []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2006-03-01 90112]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-03-21 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-04-25 39408]
"osgka"=c:\documents and settings\trevor\local settings\application data\osgka.exe [2009-06-27 256000]

C:\Documents and Settings\trevor\Start Menu\Programs\Startup
Styler.lnk - C:\Documents and Settings\trevor\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-07-08 16:31:36 ----A---- C:\lopR.txt
2009-07-08 16:30:45 ----D---- C:\Lop SD
2009-07-02 14:47:34 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-07-02 14:47:12 ----D---- C:\Program Files\iPod
2009-07-02 14:47:07 ----D---- C:\Program Files\iTunes
2009-07-02 14:47:07 ----D---- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-02 14:46:46 ----D---- C:\Program Files\Bonjour
2009-07-02 14:45:39 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-07-02 14:43:41 ----D---- C:\Program Files\Common Files\Apple
2009-06-30 08:04:22 ----D---- C:\rsit
2009-06-28 09:23:44 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-06-28 08:59:55 ----D---- C:\WINDOWS\ie8updates
2009-06-28 08:56:59 ----HDC---- C:\WINDOWS\ie8
2009-06-28 08:06:55 ----A---- C:\WINDOWS\system32\MRT.exe
2009-06-27 03:08:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-06-27 03:08:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-06-27 03:08:34 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-06-27 03:08:24 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-06-27 03:08:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-06-27 03:08:05 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-06-27 03:07:57 ----D---- C:\WINDOWS\system32\KB905474
2009-06-27 03:07:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-06-27 03:07:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-06-27 03:07:26 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-06-27 03:07:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-06-27 03:06:59 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-27 03:06:50 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-06-27 03:06:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-06-27 03:06:30 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-27 03:06:20 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-06-27 03:05:55 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-06-27 03:05:46 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-06-27 03:05:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-06-27 03:05:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-06-27 03:05:15 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-06-27 03:05:06 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-06-27 03:04:42 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-06-27 03:04:33 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-06-27 03:04:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-06-27 03:03:52 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-06-27 03:03:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-06-27 03:03:36 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-06-27 03:03:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-06-27 03:03:19 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-27 03:02:49 ----D---- C:\WINDOWS\ie7updates
2009-06-27 03:02:35 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-06-27 03:02:26 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-27 03:02:16 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-06-27 03:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-06-27 03:01:58 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-06-27 03:01:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-06-27 03:01:33 ----D---- C:\Program Files\MSXML 4.0
2009-06-27 03:01:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-06-27 03:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-06-27 03:00:33 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-06-26 03:39:40 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-06-26 03:01:14 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-06-26 03:00:28 ----D---- C:\WINDOWS\system32\PreInstall
2009-06-26 03:00:26 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-06-26 03:00:26 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-25 19:40:10 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-06-25 19:35:08 ----HDC---- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-06-25 19:34:04 ----D---- C:\Program Files\Microsoft Windows Security Update
2009-06-25 19:09:41 ----A---- C:\WINDOWS\OptRemove.exe
2009-06-25 19:09:40 ----A---- C:\WINDOWS\OptChecker.exe
2009-06-24 23:07:12 ----D---- C:\Program Files\PopUp Eraser
2009-06-24 15:22:02 ----D---- C:\Documents and Settings\All Users\Application Data\Drive four meta program
2009-06-24 08:56:33 ----D---- C:\Program Files\Lavasoft
2009-06-24 08:56:33 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-06-22 19:01:59 ----A---- C:\WINDOWS\system32\PAStiSvc.exe
2009-06-22 19:01:55 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-06-22 19:01:22 ----D---- C:\WINDOWS\PixArt
2009-06-22 19:01:22 ----D---- C:\Program Files\PC Camer@
2009-06-22 19:01:22 ----D---- C:\Program Files\Common Files\PCCamera
2009-06-22 19:00:56 ----D---- C:\WINDOWS\Downloaded Installations
2009-06-19 06:56:09 ----D---- C:\Program Files\Thomson
2009-06-19 06:49:41 ----A---- C:\UNWISE.EXE
2009-06-16 08:03:54 ----A---- C:\WINDOWS\system32\javaws.exe
2009-06-16 08:03:54 ----A---- C:\WINDOWS\system32\javaw.exe
2009-06-16 08:03:54 ----A---- C:\WINDOWS\system32\java.exe
2009-06-14 22:50:33 ----D---- C:\WINDOWS\Minidump
2009-06-14 22:26:33 ----D---- C:\Documents and Settings\trevor\Application Data\Samsung
2009-06-14 22:02:02 ----A---- C:\WINDOWS\system32\framedyn.dll
2009-06-14 22:01:50 ----D---- C:\Program Files\DIFX
2009-06-14 22:01:48 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-06-14 21:34:32 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers

======List of files/folders modified in the last 1 months======

2009-07-08 17:23:42 ----D---- C:\Documents and Settings\trevor\Application Data\Azureus
2009-07-08 17:03:43 ----D---- C:\Program Files\Mozilla Firefox
2009-07-08 17:02:01 ----D---- C:\WINDOWS\Temp
2009-07-08 17:01:19 ----SD---- C:\WINDOWS\Tasks
2009-07-08 16:45:27 ----RD---- C:\Program Files
2009-07-08 07:28:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-07 23:52:24 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-07-07 14:19:11 ----D---- C:\Program Files\Free FLV Converter
2009-07-07 14:19:06 ----D---- C:\WINDOWS\system32
2009-07-07 14:09:59 ----D---- C:\WINDOWS\Prefetch
2009-07-07 00:59:22 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-06 02:23:50 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-07-05 18:41:51 ----RD---- C:\My Music
2009-07-05 08:38:36 ----D---- C:\WINDOWS\Network Diagnostic
2009-07-02 15:26:48 ----D---- C:\Documents and Settings\trevor\Application Data\Apple Computer
2009-07-02 14:54:17 ----D---- C:\WINDOWS
2009-07-02 14:53:34 ----D---- C:\Config.Msi
2009-07-02 14:48:04 ----SHD---- C:\WINDOWS\Installer
2009-07-02 14:47:37 ----HD---- C:\WINDOWS\inf
2009-07-02 14:47:37 ----D---- C:\WINDOWS\system32\drivers
2009-07-02 14:46:23 ----D---- C:\Program Files\QuickTime
2009-07-02 14:43:41 ----D---- C:\Program Files\Common Files
2009-06-29 20:08:42 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-28 09:17:33 ----D---- C:\WINDOWS\system32\en-US
2009-06-28 09:17:29 ----D---- C:\WINDOWS\system32\dllcache
2009-06-28 09:17:29 ----D---- C:\WINDOWS\Media
2009-06-28 09:17:29 ----D---- C:\WINDOWS\Help
2009-06-28 09:17:29 ----D---- C:\Program Files\Internet Explorer
2009-06-28 09:00:11 ----A---- C:\WINDOWS\imsins.BAK
2009-06-28 08:06:57 ----D---- C:\WINDOWS\Debug
2009-06-27 03:20:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-27 03:15:23 ----D---- C:\WINDOWS\system32\wbem
2009-06-27 03:15:21 ----D---- C:\WINDOWS\AppPatch
2009-06-27 03:06:51 ----D---- C:\WINDOWS\WinSxS
2009-06-26 05:17:37 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-25 19:40:20 ----D---- C:\WINDOWS\SoftwareDistribution
2009-06-25 19:10:55 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-24 21:02:38 ----A---- C:\WINDOWS\system32\TubeFinder.exe
2009-06-22 19:17:16 ----A---- C:\WINDOWS\win.ini
2009-06-22 19:10:06 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-06-22 19:01:23 ----D---- C:\WINDOWS\twain_32
2009-06-19 09:07:08 ----D---- C:\Documents and Settings
2009-06-16 08:03:53 ----D---- C:\Program Files\Java
2009-06-14 21:34:22 ----D---- C:\Program Files\SAMSUNG
2009-06-12 16:30:44 ----D---- C:\Documents and Settings\trevor\Application Data\Real

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-03-21 36352]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-06-14 5632]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-03-21 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-03-17 3655712]
R3 PAC207;SoC PC-Camer@; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
R3 RT61;Conceptronic RT61 54g Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2006-01-19 363008]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-03-21 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-03-21 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-03-21 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-03-21 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-03-21 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-03-21 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-03-21 26368]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-07 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-03-21 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-03-21 10368]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-03-21 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-03-21 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-03-21 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-07 61824]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-03-21 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-03-21 11136]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 ssm_bus;Samsung Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-05-20 52416]
S3 ssm_mdfl;Samsung Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-05-20 6096]
S3 ssm_mdm;Samsung Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-05-20 84512]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-03-21 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-03-21 60032]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-03-21 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-21 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-03-17 73728]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-03-17 143426]
R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-03-21 267776]
S2 gupdate1c9b21de2c0ade6;Google Update Service (gupdate1c9b21de2c0ade6); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-31 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-25 183280]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-06-29 1029456]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-03-21 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

Attached Files

  • Attached File  info.txt   22.21KB   1 downloads


#12 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:11:12 PM

Posted 08 July 2009 - 02:10 PM

Hello, eddieroq.
We need to download and install Navilog
  • Download and save Navilog1 (by IL-MAFIOSO) to your desktop.
  • Next, run Naviloog1.exe to install it.
  • A new shortcut will be created on your desktop. The installation file for Navilog1.exe can now be deleted.
NEXT:

We need to run a Navilog Auto-remove in Normal Mode
  • Double click on the Navilog1 shortcut on your desktop to run it, and follow the prompts.
  • On the main menu, select 1 and press Enter. Check to make sure that you selected 1, not 2
  • Follow the instructions and wait for the scan to complete. Reboot your computer, if prompted.
  • Press any key as requested.
  • Reboot your computer if prompted.
  • Wait for the ***Scan finished....* message
  • Press any key when prompted.
  • A notepad document will be opened. Please copy/paste the contents of this report in your next reply.
  • The report is also saved in C:\cleannavi.txt
In your next reply, please include the following:
  • Navilog Log file

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#13 eddieroq

eddieroq
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 09 July 2009 - 04:36 AM

Hi , Here is the Navilog file

Fix Navipromo version 4.0.0 began on 09/07/2009 at 11:19:35.35

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!

Fix running from C:\Program Files\navilog1

Updated on 19.06.2009 at 20h00 by IL-MAFIOSO

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel® Pentium® D CPU 2.80GHz )
BIOS : BIOS Date: 07/26/2006 Ver: 08.00.12
USER : trevor ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1335 [VPS 090708-0] 4.8.1335 (Activated)


C:\ (Local Disk) - NTFS - Total:127 Go (Free:55 Go)
D:\ (Local Disk) - FAT32 - Total:372 Go (Free:26 Go)
E:\ (Local Disk) - NTFS - Total:104 Go (Free:22 Go)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (CD or DVD)
L:\ (USB)


Search done in normal mode

Cleanning stage done on Reboot


C:\Documents and Settings\trevor\locals~1\applic~1\osgka.exe deleted !
C:\Documents and Settings\trevor\locals~1\applic~1\osgka.dat deleted !
C:\Documents and Settings\trevor\locals~1\applic~1\osgka_nav.dat deleted !
C:\Documents and Settings\trevor\locals~1\applic~1\osgka_navps.dat deleted !


Cleaning of C:\WINDOWS\Temp done !
Cleaning of C:\Documents and Settings\trevor\locals~1\Temp done !


*** Copy Registry to Safebackup folder ***

Backing up Registry done !

*** Cleaning Registry ***

Registry cleaned




*** Scan completed the 09/07/2009 at 11:29:16.28 ***


I should also add that the computer hasnt shut down properly ,I cant shut down from the start menu , Navilog didnt shut it down also no luck from Task manager, I had to pull the plug. Thanks
eddieroq

#14 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:11:12 PM

Posted 09 July 2009 - 09:48 AM

Hi eddieroq
Please post up a fresh RSIT log so I can take a look at what to do next.

Also, your shut down problem, it is still there, or was it only during the run of Navilog?

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#15 eddieroq

eddieroq
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 09 July 2009 - 10:26 AM

Hi , Here is the new rsit log, it appears to me that i had the problem prior to 24th June as i installed Lavasoft then , I know I was looking for the problem then, also the problem with not being able to restart the computer started about that time !!!, i just didn't connect the two Thanks for your help its really appreciated
Eddieroq


Logfile of random's system information tool 1.06 (written by random/random)
Run by trevor at 2009-07-09 17:10:51
Microsoft Windows XP Professional Service Pack 3
System drive C: has 56 GB (43%) free of 131 GB
Total RAM: 1023 MB (22% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:10:58, on 09/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Program Files\Vuze\Azureus.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\IncrediMail\bin\ImNotfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\trevor\My Documents\Azureus Downloads\My Downloads\RSIT.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\trevor.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [meta program mapi mags] C:\Documents and Settings\All Users\Application Data\Drive four meta program\List title.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Styler.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\WebMenuImg.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9b21de2c0ade6) (gupdate1c9b21de2c0ade6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 8440 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-25 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - C:\Program Files\Styler\TB\StylerTB.dll [2006-05-02 102400]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LClock"=C:\Program Files\LClock\LClock.exe [2004-09-19 65536]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-02-13 16857600]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"nwiz"=nwiz.exe /install []
"SW20"=C:\WINDOWS\system32\sw20.exe []
"SW24"=C:\WINDOWS\system32\sw24.exe [2006-04-04 69632]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-03-17 86016]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-05-02 198160]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-03-17 7561216]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]
"meta program mapi mags"=C:\Documents and Settings\All Users\Application Data\Drive four meta program\List title.exe [2009-07-09 823296]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-06-29 520024]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-03-22 1271808]
"Uniblue SpeedUpMyPC"= []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2006-03-01 90112]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-03-21 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-04-25 39408]

C:\Documents and Settings\trevor\Start Menu\Programs\Startup
Styler.lnk - C:\Documents and Settings\trevor\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-07-09 11:19:35 ----A---- C:\cleannavi.txt
2009-07-09 11:18:17 ----D---- C:\Program Files\Navilog1
2009-07-09 08:49:42 ----D---- C:\Program Files\NavNet
2009-07-08 23:50:26 ----A---- C:\Documents and Settings\trevor\Application Data\inst.exe
2009-07-08 23:50:25 ----D---- C:\Documents and Settings\trevor\Application Data\Vso
2009-07-08 23:50:17 ----D---- C:\Program Files\vso
2009-07-08 23:10:45 ----D---- C:\Documents and Settings\All Users\Application Data\Anvsoft
2009-07-08 17:36:47 ----D---- C:\rsit
2009-07-08 16:31:36 ----A---- C:\lopR.txt
2009-07-08 16:30:45 ----D---- C:\Lop SD
2009-07-02 14:47:34 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-07-02 14:47:12 ----D---- C:\Program Files\iPod
2009-07-02 14:47:07 ----D---- C:\Program Files\iTunes
2009-07-02 14:47:07 ----D---- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-02 14:46:46 ----D---- C:\Program Files\Bonjour
2009-07-02 14:45:39 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-07-02 14:43:41 ----D---- C:\Program Files\Common Files\Apple
2009-06-28 09:23:44 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-06-28 08:59:55 ----D---- C:\WINDOWS\ie8updates
2009-06-28 08:56:59 ----HDC---- C:\WINDOWS\ie8
2009-06-28 08:06:55 ----A---- C:\WINDOWS\system32\MRT.exe
2009-06-27 03:08:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-06-27 03:08:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-06-27 03:08:34 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-06-27 03:08:24 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-06-27 03:08:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-06-27 03:08:05 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-06-27 03:07:57 ----D---- C:\WINDOWS\system32\KB905474
2009-06-27 03:07:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-06-27 03:07:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-06-27 03:07:26 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-06-27 03:07:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-06-27 03:06:59 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-27 03:06:50 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-06-27 03:06:39 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-06-27 03:06:30 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-27 03:06:20 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-06-27 03:05:55 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-06-27 03:05:46 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-06-27 03:05:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-06-27 03:05:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-06-27 03:05:15 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-06-27 03:05:06 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-06-27 03:04:42 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-06-27 03:04:33 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-06-27 03:04:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-06-27 03:03:52 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-06-27 03:03:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-06-27 03:03:36 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-06-27 03:03:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-06-27 03:03:19 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-27 03:02:49 ----D---- C:\WINDOWS\ie7updates
2009-06-27 03:02:35 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-06-27 03:02:26 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-27 03:02:16 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-06-27 03:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-06-27 03:01:58 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-06-27 03:01:49 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-06-27 03:01:33 ----D---- C:\Program Files\MSXML 4.0
2009-06-27 03:01:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-06-27 03:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-06-27 03:00:33 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-06-26 03:39:40 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-06-26 03:01:14 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-06-26 03:00:28 ----D---- C:\WINDOWS\system32\PreInstall
2009-06-26 03:00:26 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-06-26 03:00:26 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-25 19:40:10 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-06-25 19:35:08 ----HDC---- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-06-25 19:34:04 ----D---- C:\Program Files\Microsoft Windows Security Update
2009-06-25 19:09:41 ----A---- C:\WINDOWS\OptRemove.exe
2009-06-25 19:09:40 ----A---- C:\WINDOWS\OptChecker.exe
2009-06-24 23:07:12 ----D---- C:\Program Files\PopUp Eraser
2009-06-24 15:22:02 ----D---- C:\Documents and Settings\All Users\Application Data\Drive four meta program
2009-06-24 08:56:33 ----D---- C:\Program Files\Lavasoft
2009-06-24 08:56:33 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-06-22 19:01:59 ----A---- C:\WINDOWS\system32\PAStiSvc.exe
2009-06-22 19:01:55 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-06-22 19:01:22 ----D---- C:\WINDOWS\PixArt
2009-06-22 19:01:22 ----D---- C:\Program Files\PC Camer@
2009-06-22 19:01:22 ----D---- C:\Program Files\Common Files\PCCamera
2009-06-22 19:00:56 ----D---- C:\WINDOWS\Downloaded Installations
2009-06-19 06:56:09 ----D---- C:\Program Files\Thomson
2009-06-19 06:49:41 ----A---- C:\UNWISE.EXE
2009-06-16 08:03:54 ----A---- C:\WINDOWS\system32\javaws.exe
2009-06-16 08:03:54 ----A---- C:\WINDOWS\system32\javaw.exe
2009-06-16 08:03:54 ----A---- C:\WINDOWS\system32\java.exe
2009-06-14 22:50:33 ----D---- C:\WINDOWS\Minidump
2009-06-14 22:26:33 ----D---- C:\Documents and Settings\trevor\Application Data\Samsung
2009-06-14 22:02:02 ----A---- C:\WINDOWS\system32\framedyn.dll
2009-06-14 22:01:50 ----D---- C:\Program Files\DIFX
2009-06-14 22:01:48 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-06-14 21:34:32 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers

======List of files/folders modified in the last 1 months======

2009-07-09 17:10:41 ----D---- C:\Documents and Settings\trevor\Application Data\Azureus
2009-07-09 17:10:09 ----D---- C:\Program Files\Mozilla Firefox
2009-07-09 17:04:23 ----D---- C:\WINDOWS\Temp
2009-07-09 15:19:40 ----D---- C:\WINDOWS\Prefetch
2009-07-09 15:19:07 ----SD---- C:\WINDOWS\Tasks
2009-07-09 11:42:03 ----D---- C:\WINDOWS\system32
2009-07-09 11:28:10 ----D---- C:\WINDOWS
2009-07-09 11:27:36 ----D---- C:\WINDOWS\system32\Macromed
2009-07-09 11:18:17 ----RD---- C:\Program Files
2009-07-09 00:53:28 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-07-08 23:50:33 ----HD---- C:\WINDOWS\inf
2009-07-08 23:50:33 ----D---- C:\WINDOWS\system32\drivers
2009-07-08 23:16:09 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-07-08 23:12:45 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-08 22:26:41 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-08 20:33:33 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-08 07:28:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-07 14:19:11 ----D---- C:\Program Files\Free FLV Converter
2009-07-05 18:41:51 ----RD---- C:\My Music
2009-07-05 08:38:36 ----D---- C:\WINDOWS\Network Diagnostic
2009-07-02 15:26:48 ----D---- C:\Documents and Settings\trevor\Application Data\Apple Computer
2009-07-02 14:53:34 ----D---- C:\Config.Msi
2009-07-02 14:48:04 ----SHD---- C:\WINDOWS\Installer
2009-07-02 14:46:23 ----D---- C:\Program Files\QuickTime
2009-07-02 14:43:41 ----D---- C:\Program Files\Common Files
2009-06-28 09:17:33 ----D---- C:\WINDOWS\system32\en-US
2009-06-28 09:17:29 ----D---- C:\WINDOWS\system32\dllcache
2009-06-28 09:17:29 ----D---- C:\WINDOWS\Media
2009-06-28 09:17:29 ----D---- C:\WINDOWS\Help
2009-06-28 09:17:29 ----D---- C:\Program Files\Internet Explorer
2009-06-28 09:00:11 ----A---- C:\WINDOWS\imsins.BAK
2009-06-28 08:06:57 ----D---- C:\WINDOWS\Debug
2009-06-27 03:20:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-27 03:15:23 ----D---- C:\WINDOWS\system32\wbem
2009-06-27 03:15:21 ----D---- C:\WINDOWS\AppPatch
2009-06-27 03:06:51 ----D---- C:\WINDOWS\WinSxS
2009-06-26 05:17:37 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-25 19:40:20 ----D---- C:\WINDOWS\SoftwareDistribution
2009-06-25 19:10:55 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-24 21:02:38 ----A---- C:\WINDOWS\system32\TubeFinder.exe
2009-06-22 19:17:16 ----A---- C:\WINDOWS\win.ini
2009-06-22 19:10:06 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-06-22 19:01:23 ----D---- C:\WINDOWS\twain_32
2009-06-19 09:07:08 ----D---- C:\Documents and Settings
2009-06-16 08:03:53 ----D---- C:\Program Files\Java
2009-06-14 21:34:22 ----D---- C:\Program Files\SAMSUNG
2009-06-12 16:30:44 ----D---- C:\Documents and Settings\trevor\Application Data\Real

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-03-21 36352]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-06-14 5632]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-03-21 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-03-17 3655712]
R3 PAC207;SoC PC-Camer@; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-07-08 47360]
R3 RT61;Conceptronic RT61 54g Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2006-01-19 363008]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-03-21 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-03-21 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-03-21 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-03-21 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-03-21 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-03-21 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-03-21 26368]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-07 60800]
S3 catchme;catchme; \??\C:\DOCUME~1\trevor\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-03-21 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-03-21 10368]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-03-21 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-03-21 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-03-21 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-07 61824]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-03-21 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-03-21 11136]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 ssm_bus;Samsung Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-05-20 52416]
S3 ssm_mdfl;Samsung Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-05-20 6096]
S3 ssm_mdm;Samsung Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-05-20 84512]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-03-21 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-03-21 60032]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-03-21 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-21 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-06-29 1029456]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-03-17 73728]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-03-17 143426]
R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-03-21 267776]
S2 gupdate1c9b21de2c0ade6;Google Update Service (gupdate1c9b21de2c0ade6); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-31 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-25 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-03-21 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users