Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Hackers Steal $13.5 Million Across Three Days From Indian Bank

Featured Deal: Get 73% off of a Sticky Password Premium: Lifetime Subscription Deal

Search Redirects and Computer Randomly Downloads System Security

Started by TRCote10 , Jul 03 2009 01:01 PM

This topic is locked

9 replies to this topic

#1 TRCote10

Members
6 posts
OFFLINE

Local time:06:02 PM

Posted 03 July 2009 - 01:01 PM

Hi, recently when i search the internet using google, bing, and yahoo, my browser (Firefox) will redirect me to odd pages. If i hit back and click the result several times before it loads it will take me to the right page. At the time this started my computer would also download System Security at seemingly random times. I scanned using Malwarebytes and Ad-Aware and found six infections which i then removed. The search result problem kept occurring and a few days later my computer had system security again.

I have a Hijack this log that i made this morning, thanks in advance for helping!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:23 AM, on 7/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
Z:\Program Files\Adobe CS3\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\ctfmon.exe
Z:\Program Files\DAEMON Tools Pro\DTProAgent.exe
Z:\Program Files\Microsoft ActiveSync\Wcescomm.exe
Z:\PROGRA~1\MICROS~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
Z:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - Z:\Program Files\Adobe CS3\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - Z:\Program Files\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Z:\Program Files\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Z:\Program Files\Adobe CS3\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "Z:\Program Files\Adobe CS3\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "Z:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [H/PC Connection Agent] "Z:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://Z:\Program Files\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://Z:\Program Files\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://Z:\Program Files\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://Z:\Program Files\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://Z:\Program Files\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://Z:\Program Files\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://Z:\Program Files\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://Z:\Program Files\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - Z:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - Z:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - Z:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ghe3uydrt57iw54wuaehaamg80 - Unknown owner - C:\WINDOWS\ghe3uydrt57iw54wuaehaamg81.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10040 bytes

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 TRCote10

Topic Starter

Members
6 posts
OFFLINE

Local time:06:02 PM

Posted 05 July 2009 - 08:23 PM

I would like to apologize for not noticing the read this topic link above the posting. I have reposted because i needed to add the DDS logs, again sorry for wasting your time over something trivial like me forgetting to read.

DDS (Ver_09-06-26.01) - NTFSx86
Run by Tyler at 20:19:38.56 on Sun 07/05/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2527 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
Z:\Program Files\Adobe CS3\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\ctfmon.exe
Z:\Program Files\DAEMON Tools Pro\DTProAgent.exe
Z:\Program Files\Microsoft ActiveSync\Wcescomm.exe
Z:\PROGRA~1\MICROS~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tyler\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - c:\windows\system32\dvmurl.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - z:\program files\adobe cs3\/Adobe Contribute CS3/contributeieplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - z:\program files\adobe cs3\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - z:\program files\adobe cs3\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - z:\program files\adobe cs3\/Adobe Contribute CS3/contributeieplugin.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - z:\program files\adobe cs3\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [DAEMON Tools Pro Agent] "z:\program files\daemon tools pro\DTProAgent.exe"
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [H/PC Connection Agent] "z:\program files\microsoft activesync\Wcescomm.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Acrobat Assistant 8.0] "z:\program files\adobe cs3\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32
IE: Append to existing PDF - z:\program files\adobe cs3\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - z:\program files\adobe cs3\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - z:\program files\adobe cs3\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - z:\program files\adobe cs3\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - z:\program files\adobe cs3\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - z:\program files\adobe cs3\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - z:\program files\adobe cs3\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - z:\program files\adobe cs3\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - z:\progra~1\micros~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - z:\progra~1\micros~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mic273~1\office12\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tyler\applic~1\mozilla\firefox\profiles\7729wft3.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: z:\program files\adobe cs3\acrobat 8.0\acrobat\browser\nppdf32.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-1 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-25 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-25 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-25 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-25 298776]
R2 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2009-5-8 68136]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-5-11 24652]
S2 ghe3uydrt57iw54wuaehaamg80;ghe3uydrt57iw54wuaehaamg80;c:\windows\ghe3uydrt57iw54wuaehaamg81.exe --> c:\windows\ghe3uydrt57iw54wuaehaamg81.exe [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
S2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.SYS [2004-11-18 18848]
S3 Alpham1;Ideazon ZBoard USB Human Interface Device;c:\windows\system32\drivers\Alpham1.sys [2007-7-23 42624]
S3 Alpham2;Ideazon ZBoard MM USB Human Interface Device;c:\windows\system32\drivers\Alpham2.sys [2007-3-20 18432]

=============== Created Last 30 ================

2009-07-01 22:19 15,688 a------- c:\windows\system32\lsdelete.exe
2009-07-01 22:16 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-07-01 22:14 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-01 22:14 <DIR> --d----- c:\program files\Lavasoft
2009-07-01 18:40 <DIR> --d----- c:\windows\system32\LogFiles
2009-06-27 12:29 <DIR> --d----- c:\docume~1\tyler\applic~1\Malwarebytes
2009-06-27 12:29 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-27 12:29 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-27 12:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-27 12:29 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-16 21:00 30,592 ac------ c:\windows\system32\dllcache\rndismpx.sys
2009-06-16 21:00 12,800 ac------ c:\windows\system32\dllcache\usb8023x.sys
2009-06-16 21:00 30,592 a------- c:\windows\system32\drivers\rndismpx.sys
2009-06-16 21:00 12,800 a------- c:\windows\system32\drivers\usb8023x.sys
2009-06-16 21:00 <DIR> --d----- c:\program files\Samsung
2009-06-09 12:48 <DIR> --d----- c:\docume~1\tyler\applic~1\Xfire
2009-06-06 23:47 <DIR> --d----- c:\docume~1\tyler\applic~1\Ideazon
2009-06-06 09:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-05 23:17 <DIR> --d----- C:\ProgramData
2009-06-05 23:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Electronic Arts
2009-06-05 23:15 447,752 a----r-- c:\windows\system32\vp6vfw.dll
2009-06-05 23:15 <DIR> --d----- c:\program files\Microsoft WSE

==================== Find3M ====================

2009-07-02 20:45 16,608 a------- c:\windows\gdrv.sys
2009-06-25 08:32 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-25 08:32 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-05 09:18 685,816 a------- c:\windows\system32\drivers\sptd.sys
2009-05-30 19:38 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-05-25 17:25 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-21 15:50 41,808 a------- c:\windows\system32\xfcodec.dll
2009-05-10 09:45 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-07 13:32 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-05-01 00:31 1,657,376 a------- c:\windows\system32\nwiz.exe
2009-05-01 00:31 449,056 a------- c:\windows\system32\nvappbar.exe
2009-05-01 00:31 436,768 a------- c:\windows\system32\keystone.exe
2009-05-01 00:31 1,724,416 a------- c:\windows\system32\nvwdmcpl.dll
2009-05-01 00:31 1,507,328 a------- c:\windows\system32\nview.dll
2009-05-01 00:31 1,101,824 a------- c:\windows\system32\nvwimg.dll
2009-05-01 00:31 466,944 a------- c:\windows\system32\nvshell.dll
2009-04-30 22:02 9,994,240 a------- c:\windows\system32\nvoglnt.dll
2009-04-30 22:02 5,896,320 a------- c:\windows\system32\nv4_disp.dll
2009-04-30 22:02 1,720,320 a------- c:\windows\system32\nvcuda.dll
2009-04-30 22:02 1,579,630 a------- c:\windows\system32\nvdata.bin
2009-04-30 22:02 1,314,816 a------- c:\windows\system32\nvcuvenc.dll
2009-04-30 22:02 806,912 a------- c:\windows\system32\nvapi.dll
2009-04-30 22:02 663,552 a------- c:\windows\system32\nvcuvid.dll
2009-04-30 22:02 457,248 a------- c:\windows\system32\nvudisp.exe
2009-04-30 22:02 143,360 a------- c:\windows\system32\nvcodins.dll
2009-04-30 22:02 143,360 a------- c:\windows\system32\nvcod.dll
2009-04-27 00:42 457,248 a------- c:\windows\system32\NVUNINST.EXE

============= FINISH: 20:20:54.07 ===============

Attached Files

Attach.txt 9.08KB 0 downloads

#3 fenzodahl512

Members
6,738 posts
OFFLINE

Local time:07:02 AM

Posted 09 July 2009 - 12:34 AM

Hello, my name is fenzodahl512 and welcome to Bleeping Computer.. Please do the following....

Please download The Comedian.exe by Rorschach112 to your desktop

Please disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..
Double click the program to run it. It will only take around several minutes to run.
It will do a series of tasks and tell you when each one is finished.
You will be prompted to press any key after each step
When it is done it will close and exit itself automatically.
You can delete The_Comedian.exe once it is finished

STOP! if you can't complete this step.. Tell me more about it..

NEXT

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

NEXT

Please download RSIT by random/random and save it to your Desktop.

Double click on RSIT.exe to run RSIT
Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.

NEXT

Please download GMER and unzip it to your Desktop. <<mirror>>
Please rename the random filename or GMER into GAMERS

Open the renamed program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.

IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results

Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GAMERS result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive

#4 TRCote10

Topic Starter

Members
6 posts
OFFLINE

Local time:06:02 PM

Posted 09 July 2009 - 09:04 PM

Malwarebytes' Anti-Malware 1.38
Database version: 2398
Windows 5.1.2600 Service Pack 3

7/9/2009 12:34:22 PM
mbam-log-2009-07-09 (12-34-22).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|Z:\|)
Objects scanned: 328712
Time elapsed: 33 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ghe3uydrt57iw54wuaehaamg80 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of random's system information tool 1.06 (written by random/random)
Run by Tyler at 2009-07-09 12:39:42
Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (31%) free of 35 GB
Total RAM: 3326 MB (85% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:45 PM, on 7/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
Z:\Program Files\Adobe CS3\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
Z:\Program Files\DAEMON Tools Pro\DTProAgent.exe
Z:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
Z:\PROGRA~1\MICROS~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Tyler\Desktop\RSIT.exe
Z:\Program Files\Trend Micro\HijackThis\Tyler.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - Z:\Program Files\Adobe CS3\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - Z:\Program Files\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Z:\Program Files\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Z:\Program Files\Adobe CS3\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "Z:\Program Files\Adobe CS3\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "Z:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [H/PC Connection Agent] "Z:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: Append to existing PDF - res://Z:\Program Files\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://Z:\Program Files\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://Z:\Program Files\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://Z:\Program Files\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://Z:\Program Files\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://Z:\Program Files\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://Z:\Program Files\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://Z:\Program Files\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - Z:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - Z:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - Z:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9665 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - Z:\Program Files\Adobe CS3\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-05-25 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - Z:\Program Files\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - Z:\Program Files\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - Z:\Program Files\Adobe CS3\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-01-12 18084864]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-05-01 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-05-01 13750272]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-25 1948440]
"Acrobat Assistant 8.0"=Z:\Program Files\Adobe CS3\Acrobat 8.0\Acrobat\Acrotray.exe [2008-10-14 623992]
""= []
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-05-30 292136]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-07-01 520024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2009-04-27 49968]
"DAEMON Tools Pro Agent"=Z:\Program Files\DAEMON Tools Pro\DTProAgent.exe [2007-09-06 136136]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-04-29 3338240]
"H/PC Connection Agent"=Z:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]

C:\Documents and Settings\Tyler\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-06-25 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2009-01-11 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Counter Strike\hl.exe"="C:\Program Files\Counter Strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Counter Strike\hlds.exe"="C:\Program Files\Counter Strike\hlds.exe:*:Enabled:HLDS Launcher"
"C:\Program Files\Half Life 2\root\hl2.exe"="C:\Program Files\Half Life 2\root\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Counter-Strike 1.6\hl.exe"="C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Left 4 Dead\Left 4 Dead\left4dead.exe"="C:\Program Files\Left 4 Dead\Left 4 Dead\left4dead.exe:*:Enabled:left4dead"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"Z:\Azureus Downloads\Dead.Space.Multi-5.Repack.Skullptura\Dead Space\Dead Space.exe"="Z:\Azureus Downloads\Dead.Space.Multi-5.Repack.Skullptura\Dead Space\Dead Space.exe:*:Enabled:Dead Space ™"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"Z:\Games\Call of Duty 4 Modern Warfare Full-Rip Skullptura\Call of Duty 4 - Modern Warfare\iw3mp.exe"="Z:\Games\Call of Duty 4 Modern Warfare Full-Rip Skullptura\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:iw3mp"
"Z:\Program Files\Xfire\Xfire.exe"="Z:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"Z:\Program Files\Microsoft ActiveSync\rapimgr.exe"="Z:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"Z:\Program Files\Microsoft ActiveSync\wcescomm.exe"="Z:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"Z:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="Z:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"Z:\Program Files\Microsoft ActiveSync\rapimgr.exe"="Z:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"Z:\Program Files\Microsoft ActiveSync\wcescomm.exe"="Z:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"Z:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="Z:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

======List of files/folders created in the last 3 months======

2009-07-09 12:39:42 ----D---- C:\rsit
2009-07-09 08:18:04 ----D---- C:\Program Files\ERUNT
2009-07-05 19:59:11 ----D---- C:\WINDOWS\ERDNT
2009-07-01 22:19:19 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-07-01 22:14:35 ----HDC---- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-01 22:14:28 ----D---- C:\Program Files\Lavasoft
2009-07-01 22:14:28 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-07-01 18:40:07 ----D---- C:\WINDOWS\system32\LogFiles
2009-06-30 20:52:25 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-27 12:29:31 ----D---- C:\Documents and Settings\Tyler\Application Data\Malwarebytes
2009-06-27 12:29:20 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-06-27 12:29:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-20 12:40:04 ----D---- C:\Documents and Settings\Tyler\Application Data\dvdcss
2009-06-16 21:00:13 ----D---- C:\Program Files\Samsung
2009-06-11 12:07:19 ----A---- C:\WINDOWS\system32\UnInst.exe
2009-06-11 12:07:19 ----A---- C:\WINDOWS\system32\Twister.DLL
2009-06-11 12:07:19 ----A---- C:\WINDOWS\system32\SetupNT.exe
2009-06-11 12:07:19 ----A---- C:\WINDOWS\system32\pmpopo.dll
2009-06-11 12:07:19 ----A---- C:\WINDOWS\system32\Pelzoom.dll
2009-06-11 12:07:19 ----A---- C:\WINDOWS\system32\pelutil.dll
2009-06-11 12:07:19 ----A---- C:\WINDOWS\system32\pelscrll.dll
2009-06-11 12:07:19 ----A---- C:\WINDOWS\system32\pelhooks.dll
2009-06-11 12:07:19 ----A---- C:\WINDOWS\system32\pelcomm.dll
2009-06-11 12:07:19 ----A---- C:\WINDOWS\system32\iconspy.exe
2009-06-11 12:07:19 ----A---- C:\WINDOWS\system32\ico.exe
2009-06-11 12:07:19 ----A---- C:\WINDOWS\system32\hPppm.dll
2009-06-11 12:07:19 ----A---- C:\WINDOWS\system32\ergo5b.dll
2009-06-11 12:07:18 ----A---- C:\WINDOWS\system32\PMUninst.exe
2009-06-11 12:07:18 ----A---- C:\WINDOWS\system32\PMUninNT.exe
2009-06-11 12:07:18 ----A---- C:\WINDOWS\system32\PMTilt3.DLL
2009-06-11 12:07:18 ----A---- C:\WINDOWS\system32\PMTILT.DLL
2009-06-11 12:07:18 ----A---- C:\WINDOWS\system32\PMRESHP.DLL
2009-06-11 12:07:18 ----A---- C:\WINDOWS\system32\PMMO32R.DLL
2009-06-11 12:07:18 ----A---- C:\WINDOWS\system32\PMMo32.DLL
2009-06-11 12:07:18 ----A---- C:\WINDOWS\system32\PMIBM.DLL
2009-06-11 12:07:18 ----A---- C:\WINDOWS\system32\PMaria.DLL
2009-06-11 12:07:18 ----A---- C:\WINDOWS\system32\PINSTNPD.EXE
2009-06-11 12:07:18 ----A---- C:\WINDOWS\system32\PelSetup.exe
2009-06-11 12:07:18 ----A---- C:\WINDOWS\system32\Pelsetup.dll
2009-06-11 12:07:18 ----A---- C:\WINDOWS\system32\PELRESS.DLL
2009-06-11 12:07:18 ----A---- C:\WINDOWS\system32\PELMICED.EXE
2009-06-11 12:07:18 ----A---- C:\WINDOWS\system32\Notifier.dll
2009-06-11 12:07:14 ----A---- C:\WINDOWS\system32\LaunHelp-backup.exe
2009-06-11 12:07:14 ----A---- C:\WINDOWS\system32\LaunHelp.exe
2009-06-11 12:07:14 ----A---- C:\WINDOWS\system32\HPbdo.dll
2009-06-11 12:07:14 ----A---- C:\WINDOWS\system32\HorizontalScroll.exe
2009-06-11 12:07:13 ----A---- C:\WINDOWS\system32\HPWHEEL.dll
2009-06-11 12:07:13 ----A---- C:\WINDOWS\system32\Dynex5B.dll
2009-06-09 12:48:07 ----D---- C:\Documents and Settings\Tyler\Application Data\Xfire
2009-06-08 11:03:27 ----D---- C:\WINDOWS\Minidump
2009-06-06 23:47:55 ----D---- C:\Documents and Settings\Tyler\Application Data\Ideazon
2009-06-06 09:38:12 ----D---- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-06 09:29:40 ----D---- C:\Program Files\Apple Software Update
2009-06-05 23:17:06 ----D---- C:\ProgramData
2009-06-05 23:17:06 ----D---- C:\Documents and Settings\All Users\Application Data\Electronic Arts
2009-06-05 23:16:01 ----D---- C:\Program Files\Electronic Arts
2009-06-05 23:15:48 ----RA---- C:\WINDOWS\system32\vp6vfw.dll
2009-06-05 23:15:45 ----D---- C:\Program Files\Microsoft WSE
2009-06-05 09:35:59 ----D---- C:\Documents and Settings\Tyler\Application Data\DAEMON Tools Pro
2009-06-05 09:35:46 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2009-06-05 09:35:20 ----A---- C:\WINDOWS\system32\BASSMOD.dll
2009-06-03 08:19:45 ----D---- C:\Documents and Settings\Tyler\Application Data\Bioshock
2009-06-03 08:19:42 ----RHD---- C:\Documents and Settings\Tyler\Application Data\SecuROM
2009-06-03 07:59:06 ----D---- C:\Documents and Settings\Tyler\Application Data\vlc
2009-06-03 07:58:17 ----D---- C:\Program Files\VideoLAN
2009-06-02 08:06:18 ----D---- C:\Documents and Settings\Tyler\Application Data\Ubisoft
2009-06-02 08:06:18 ----D---- C:\Documents and Settings\All Users\Application Data\Ubisoft
2009-05-30 19:38:04 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2009-05-29 07:52:59 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2009-05-29 03:02:44 ----HD---- C:\$AVG8.VAULT$
2009-05-27 20:42:03 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2009-05-27 20:39:41 ----D---- C:\Program Files\Common Files\Control Panels
2009-05-27 20:38:21 ----D---- C:\Documents and Settings\All Users\Application Data\ALM
2009-05-27 20:24:10 ----A---- C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2009-05-27 20:24:10 ----A---- C:\WINDOWS\system32\NPSWF32.dll
2009-05-27 20:20:28 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-05-27 20:15:36 ----D---- C:\Program Files\Adobe
2009-05-27 20:10:48 ----D---- C:\Program Files\Common Files\Macrovision Shared
2009-05-27 20:07:28 ----D---- C:\Program Files\Common Files\Adobe
2009-05-25 17:25:30 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-05-25 17:25:12 ----D---- C:\Program Files\AVG
2009-05-25 17:25:12 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-05-22 08:39:53 ----D---- C:\Documents and Settings\Tyler\Application Data\WinRAR
2009-05-22 08:39:47 ----D---- C:\Program Files\WinRAR
2009-05-22 08:33:45 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-05-22 08:33:45 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-05-22 08:33:44 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-05-22 08:33:44 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-05-22 08:33:44 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-05-22 08:33:43 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-05-22 08:33:43 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-05-22 08:33:43 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-05-22 08:33:43 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-05-22 08:33:42 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-05-22 08:33:42 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-05-22 08:33:42 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-05-22 08:33:41 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-05-22 08:33:41 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-05-22 08:33:41 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-05-22 08:33:41 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-05-22 08:33:40 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-05-22 08:33:40 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-05-22 08:33:40 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-05-22 08:33:39 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-05-22 08:33:39 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-05-22 08:33:39 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-05-22 08:33:39 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-05-22 08:33:38 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-05-22 08:33:38 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-05-22 08:33:38 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-05-22 08:33:37 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2009-05-22 08:33:37 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2009-05-22 08:33:37 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-05-22 08:33:36 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2009-05-22 08:33:36 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-05-22 08:33:36 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-05-22 08:33:35 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-05-22 08:33:35 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-05-22 08:33:34 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-05-22 08:33:34 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-05-22 08:33:34 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-05-22 08:33:33 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-05-22 08:33:33 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-05-22 08:33:33 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-05-22 08:33:32 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-05-22 08:33:32 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-05-22 08:33:32 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-05-22 08:33:31 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-05-22 08:33:31 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-05-22 08:33:31 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-05-22 08:33:31 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-05-22 08:33:31 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-05-22 08:33:30 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-05-22 08:33:30 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-05-22 08:33:29 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-05-22 08:33:29 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-05-22 08:33:28 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-05-22 08:33:28 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-05-22 08:33:28 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-05-22 08:33:28 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-05-22 08:33:27 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-05-22 08:33:27 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-05-22 08:33:27 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-05-22 08:33:27 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-05-22 08:33:26 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-05-22 08:33:26 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-05-22 08:33:22 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-05-22 08:33:22 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-05-22 08:33:22 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-05-22 08:33:22 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-05-22 08:33:21 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-05-22 08:33:21 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-05-22 08:33:21 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-05-22 08:33:20 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-05-22 08:33:19 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-05-22 08:33:19 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-05-22 08:16:15 ----D---- C:\WINDOWS\Logs
2009-05-22 08:00:59 ----D---- C:\Program Files\Left 4 Dead
2009-05-21 19:58:28 ----D---- C:\Program Files\Counter-Strike 1.6
2009-05-21 19:42:36 ----D---- C:\Program Files\Common Files\Stardock
2009-05-21 19:35:46 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-05-21 19:35:46 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-05-21 19:35:45 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-05-21 19:35:45 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-05-21 19:35:45 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-05-21 19:35:45 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-05-21 19:35:45 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-05-21 19:35:45 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-05-21 19:35:45 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-05-21 19:35:45 ----N---- C:\WINDOWS\system32\px.dll
2009-05-21 19:35:42 ----D---- C:\Program Files\Winamp
2009-05-21 19:35:42 ----D---- C:\Documents and Settings\Tyler\Application Data\Winamp
2009-05-21 15:50:38 ----A---- C:\WINDOWS\system32\xfcodec.dll
2009-05-18 19:58:41 ----D---- C:\Documents and Settings\Tyler\Application Data\Viewpoint
2009-05-11 19:09:15 ----D---- C:\Program Files\Microsoft Expression
2009-05-11 18:54:41 ----A---- C:\WINDOWS\system32\msonpmon.dll
2009-05-11 18:54:11 ----D---- C:\Program Files\Microsoft Works
2009-05-11 18:54:03 ----D---- C:\Program Files\MSBuild
2009-05-11 18:53:41 ----D---- C:\Program Files\Microsoft Visual Studio
2009-05-11 18:53:41 ----D---- C:\Program Files\Common Files\DESIGNER
2009-05-11 18:52:58 ----D---- C:\Program Files\Microsoft.NET
2009-05-11 18:51:16 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-05-11 18:50:37 ----D---- C:\WINDOWS\SHELLNEW
2009-05-11 18:50:05 ----D---- C:\Program Files\Microsoft Office
2009-05-11 18:50:04 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-05-11 18:49:40 ----RHD---- C:\MSOCache
2009-05-11 15:28:10 ----D---- C:\Documents and Settings\Tyler\Application Data\acccore
2009-05-11 15:26:13 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-05-11 15:26:12 ----D---- C:\Program Files\Viewpoint
2009-05-11 15:26:12 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2009-05-11 15:26:00 ----D---- C:\Documents and Settings\All Users\Application Data\AOL OCP
2009-05-11 15:26:00 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2009-05-11 15:25:34 ----D---- C:\Program Files\Common Files\AOL
2009-05-11 15:25:23 ----D---- C:\Program Files\AIM6
2009-05-10 12:14:52 ----D---- C:\Documents and Settings\All Users\Application Data\Azureus
2009-05-10 12:14:51 ----D---- C:\Documents and Settings\Tyler\Application Data\Azureus
2009-05-10 12:13:35 ----D---- C:\Program Files\Vuze
2009-05-10 12:13:35 ----D---- C:\Program Files\Common Files\i4j_jres
2009-05-09 09:14:01 ----SHD---- C:\RECYCLER
2009-05-09 08:54:15 ----D---- C:\Documents and Settings\Tyler\Application Data\Apple Computer
2009-05-09 08:54:06 ----D---- C:\Program Files\iPod
2009-05-09 08:54:02 ----D---- C:\Program Files\iTunes
2009-05-09 08:53:54 ----D---- C:\Program Files\Bonjour
2009-05-09 08:53:36 ----D---- C:\Program Files\QuickTime
2009-05-09 08:53:35 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-05-09 08:53:03 ----D---- C:\Program Files\Common Files\Apple
2009-05-09 08:53:03 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-05-09 08:45:56 ----D---- C:\WINDOWS\Counter Strike
2009-05-09 08:45:56 ----D---- C:\Program Files\Counter Strike
2009-05-09 08:44:05 ----RSD---- C:\WINDOWS\assembly
2009-05-09 08:43:47 ----D---- C:\WINDOWS\Microsoft.NET
2009-05-09 08:35:35 ----A---- C:\WINDOWS\system32\msvcr71.dll
2009-05-09 08:35:35 ----A---- C:\WINDOWS\system32\MSVCP71.dll
2009-05-09 08:35:35 ----A---- C:\WINDOWS\system32\MFC71.dll
2009-05-09 08:35:31 ----D---- C:\Program Files\Alwil Software
2009-05-08 23:26:04 ----D---- C:\Documents and Settings\Tyler\Application Data\Mozilla
2009-05-08 23:21:59 ----D---- C:\Program Files\Mozilla Firefox
2009-05-08 23:21:50 ----D---- C:\Program Files\Half Life 2
2009-05-08 23:11:03 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
2009-05-08 23:10:54 ----D---- C:\Program Files\WinZip
2009-05-08 12:02:31 ----D---- C:\WINDOWS\system32\AGEIA
2009-05-08 12:02:31 ----D---- C:\Program Files\AGEIA Technologies
2009-05-08 12:02:22 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-05-08 12:02:17 ----A---- C:\WINDOWS\system32\nvudisp.exe
2009-05-08 12:02:07 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2009-05-08 12:01:57 ----D---- C:\NVIDIA
2009-05-08 11:56:54 ----D---- C:\Program Files\SystemRequirementsLab
2009-05-08 11:56:13 ----D---- C:\Documents and Settings\Tyler\Application Data\Adobe
2009-05-08 11:56:02 ----D---- C:\Documents and Settings\Tyler\Application Data\Macromedia
2009-05-08 11:46:16 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-05-08 09:13:13 ----RA---- C:\WINDOWS\system32\RtNicProp32.dll
2009-05-08 09:12:49 ----D---- C:\WINDOWS\OPTIONS
2009-05-08 09:12:35 ----D---- C:\WINDOWS\system32\Lang
2009-05-08 09:10:13 ----D---- C:\WINDOWS\system32\RTCOM
2009-05-08 09:10:11 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-05-08 09:10:06 ----A---- C:\WINDOWS\vncutil.exe
2009-05-08 09:10:06 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2009-05-08 09:10:06 ----A---- C:\WINDOWS\SkyTel.exe
2009-05-08 09:10:05 ----A---- C:\WINDOWS\system32\RtkCoInstXP.dll
2009-05-08 09:10:05 ----A---- C:\WINDOWS\RtlUpd.exe
2009-05-08 09:10:05 ----A---- C:\WINDOWS\RtkAudioService.exe
2009-05-08 09:10:03 ----A---- C:\WINDOWS\RTLCPL.EXE
2009-05-08 09:09:59 ----A---- C:\WINDOWS\RTHDCPL.EXE
2009-05-08 09:09:58 ----A---- C:\WINDOWS\MicCal.exe
2009-05-08 09:09:56 ----A---- C:\WINDOWS\ALCMTR.EXE
2009-05-08 09:09:55 ----D---- C:\Program Files\Realtek
2009-05-08 09:09:55 ----A---- C:\WINDOWS\ALCWZRD.EXE
2009-05-08 09:09:53 ----R---- C:\WINDOWS\RtlExUpd.dll
2009-05-08 09:09:42 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-05-08 09:09:39 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-05-08 09:09:38 ----D---- C:\Program Files\AMD
2009-05-08 09:09:36 ----D---- C:\Documents and Settings\Tyler\Application Data\InstallShield
2009-05-08 09:09:18 ----D---- C:\Program Files\Browser Configuration Utility
2009-05-08 09:09:18 ----A---- C:\WINDOWS\system32\dvmurl.dll
2009-05-08 09:09:05 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-08 09:09:05 ----D---- C:\Program Files\Gigabyte
2009-05-08 09:09:03 ----D---- C:\Program Files\Common Files\InstallShield
2009-05-08 09:07:44 ----D---- C:\Documents and Settings\Tyler\Application Data\Identities
2009-05-08 09:07:42 ----HD---- C:\Program Files\Uninstall Information
2009-05-08 09:07:28 ----SD---- C:\Documents and Settings\Tyler\Application Data\Microsoft
2009-05-08 09:07:28 ----ASH---- C:\Documents and Settings\Tyler\Application Data\desktop.ini
2009-05-08 09:06:39 ----D---- C:\WINDOWS\SoftwareDistribution
2009-05-08 09:06:36 ----D---- C:\WINDOWS\Prefetch
2009-05-08 09:06:35 ----SD---- C:\WINDOWS\system32\Microsoft
2009-05-08 09:06:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-08 09:06:13 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-05-07 13:38:33 ----D---- C:\WINDOWS\system32\xircom
2009-05-07 13:38:33 ----D---- C:\Program Files\xerox
2009-05-07 13:38:33 ----D---- C:\Program Files\microsoft frontpage
2009-05-07 13:36:58 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-05-07 13:36:45 ----A---- C:\WINDOWS\control.ini
2009-05-07 13:36:45 ----A---- C:\AUTOEXEC.BAT
2009-05-07 13:36:28 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-05-07 13:35:25 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-05-07 13:35:20 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-05-07 13:35:14 ----HD---- C:\Program Files\WindowsUpdate
2009-05-07 13:34:43 ----D---- C:\WINDOWS\system32\DirectX
2009-05-07 13:34:32 ----A---- C:\WINDOWS\system32\atrace.dll
2009-05-07 13:34:28 ----A---- C:\WINDOWS\system32\desktop.ini
2009-05-07 13:34:28 ----A---- C:\WINDOWS\desktop.ini
2009-05-07 13:34:18 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-05-07 13:34:16 ----A---- C:\WINDOWS\system32\acctres.dll
2009-05-07 13:34:15 ----D---- C:\Program Files\Common Files\Services
2009-05-07 13:34:10 ----SD---- C:\WINDOWS\Tasks
2009-05-07 13:34:09 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-05-07 13:34:08 ----D---- C:\Program Files\Common Files\MSSoap
2009-05-07 13:34:01 ----D---- C:\WINDOWS\srchasst
2009-05-07 13:34:00 ----D---- C:\WINDOWS\system32\Macromed
2009-05-07 13:33:57 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-05-07 13:33:57 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-05-07 13:33:57 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-05-07 13:33:57 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-05-07 13:33:56 ----A---- C:\WINDOWS\system32\wups.dll
2009-05-07 13:33:56 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-05-07 13:33:56 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-05-07 13:33:56 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-05-07 13:33:56 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-05-07 13:33:55 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-05-07 13:33:55 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-05-07 13:33:55 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2009-05-07 13:33:55 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-05-07 13:33:55 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-05-07 13:33:49 ----D---- C:\Program Files\Movie Maker
2009-05-07 13:33:13 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-05-07 13:33:13 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-05-07 13:33:13 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-05-07 13:33:13 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-05-07 13:33:06 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-05-07 13:33:06 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-05-07 13:33:05 ----D---- C:\WINDOWS\system32\Restore
2009-05-07 13:33:05 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-05-07 13:33:05 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-05-07 13:33:05 ----A---- C:\WINDOWS\system32\srclient.dll
2009-05-07 13:33:04 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-05-07 13:33:04 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-05-07 13:33:04 ----A---- C:\WINDOWS\system32\ils.dll
2009-05-07 13:33:03 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-05-07 13:33:03 ----A---- C:\WINDOWS\system32\msconf.dll
2009-05-07 13:33:03 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-05-07 13:32:59 ----D---- C:\Program Files\NetMeeting
2009-05-07 13:32:58 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-05-07 13:32:58 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-05-07 13:32:56 ----A---- C:\WINDOWS\system32\inetres.dll
2009-05-07 13:32:56 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-05-07 13:32:53 ----D---- C:\Program Files\Outlook Express
2009-05-07 13:32:53 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-05-07 13:32:52 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-05-07 13:32:52 ----A---- C:\WINDOWS\system32\mstask.dll
2009-05-07 13:32:51 ----A---- C:\WINDOWS\system32\isign32.dll
2009-05-07 13:32:51 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-05-07 13:32:51 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-05-07 13:32:51 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-05-07 13:32:40 ----D---- C:\Program Files\Common Files\System
2009-05-07 13:32:38 ----D---- C:\Program Files\Internet Explorer
2009-05-07 13:31:55 ----D---- C:\Program Files\ComPlus Applications
2009-05-07 13:31:53 ----A---- C:\WINDOWS\vbaddin.ini
2009-05-07 13:31:53 ----A---- C:\WINDOWS\vb.ini
2009-05-07 13:31:47 ----D---- C:\WINDOWS\Registration
2009-05-07 13:31:38 ----D---- C:\Program Files\Online Services
2009-05-07 13:31:24 ----D---- C:\Program Files\Windows Media Connect 2
2009-05-07 13:31:23 ----D---- C:\Program Files\Windows Media Player
2009-05-07 13:31:21 ----D---- C:\Program Files\Messenger
2009-05-07 13:31:16 ----D---- C:\Program Files\MSN Gaming Zone
2009-05-07 13:31:15 ----A---- C:\WINDOWS\system32\write.exe
2009-05-07 13:30:56 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-05-07 13:30:56 ----A---- C:\WINDOWS\system32\hticons.dll
2009-05-07 13:30:55 ----A---- C:\WINDOWS\system32\avwav.dll
2009-05-07 13:30:55 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-05-07 13:30:55 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-05-07 13:30:54 ----A---- C:\WINDOWS\system32\winchat.exe
2009-05-07 13:30:41 ----A---- C:\WINDOWS\system32\getuname.dll
2009-05-07 13:30:41 ----A---- C:\WINDOWS\system32\charmap.exe
2009-05-07 13:30:40 ----A---- C:\WINDOWS\system32\sol.exe
2009-05-07 13:30:40 ----A---- C:\WINDOWS\system32\calc.exe
2009-05-07 13:30:39 ----A---- C:\WINDOWS\system32\winmine.exe
2009-05-07 13:30:39 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-05-07 13:30:38 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-05-07 13:30:38 ----A---- C:\WINDOWS\system32\reset.exe
2009-05-07 13:30:38 ----A---- C:\WINDOWS\system32\freecell.exe
2009-05-07 13:30:37 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-05-07 13:30:37 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-05-07 13:30:37 ----A---- C:\WINDOWS\system32\tskill.exe
2009-05-07 13:30:37 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-05-07 13:30:37 ----A---- C:\WINDOWS\system32\tscon.exe
2009-05-07 13:30:37 ----A---- C:\WINDOWS\system32\shadow.exe
2009-05-07 13:30:37 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-05-07 13:30:36 ----A---- C:\WINDOWS\system32\regini.exe
2009-05-07 13:30:36 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-05-07 13:30:36 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-05-07 13:30:36 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-05-07 13:30:36 ----A---- C:\WINDOWS\system32\msg.exe
2009-05-07 13:30:35 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-05-07 13:30:35 ----A---- C:\WINDOWS\system32\logoff.exe
2009-05-07 13:30:35 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-05-07 13:30:24 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-05-07 13:30:08 ----D---- C:\Program Files\MSN
2009-05-07 13:30:07 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-05-07 13:30:06 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-05-07 13:30:06 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-05-07 13:30:06 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-05-07 13:30:05 ----D---- C:\Program Files\Windows NT
2009-05-07 13:30:05 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-05-07 13:30:05 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-05-07 13:30:04 ----A---- C:\WINDOWS\system32\spider.exe
2009-05-07 13:30:02 ----A---- C:\WINDOWS\system32\tsgqec.dll
2009-05-07 13:30:02 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-05-07 13:30:02 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2009-05-07 13:30:02 ----A---- C:\WINDOWS\system32\aaclient.dll
2009-05-07 13:30:01 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-05-07 13:30:01 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-05-07 13:30:00 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-05-07 13:30:00 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-05-07 13:30:00 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-05-07 13:30:00 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-05-07 13:30:00 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-05-07 13:29:59 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-05-07 13:29:59 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-05-07 13:29:59 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-05-07 13:29:59 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-05-07 13:29:59 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-05-07 13:29:59 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-05-07 13:29:58 ----D---- C:\WINDOWS\system32\MsDtc
2009-05-07 13:29:58 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-05-07 13:29:58 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-05-07 13:29:58 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-05-07 13:29:57 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-05-07 13:29:57 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-05-07 13:29:57 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-05-07 13:29:56 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-05-07 13:29:56 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-05-07 13:29:55 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-05-07 13:29:55 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-05-07 13:29:55 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-05-07 13:29:54 ----D---- C:\WINDOWS\system32\Com
2009-05-07 13:29:54 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-05-07 13:29:54 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-05-07 13:29:54 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-05-07 13:29:54 ----A---- C:\WINDOWS\system32\colbact.dll
2009-05-07 13:29:53 ----A---- C:\WINDOWS\system32\stclient.dll
2009-05-07 13:29:53 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-05-07 13:29:53 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-05-07 13:29:53 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-05-07 13:29:53 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-05-07 13:29:52 ----A---- C:\WINDOWS\system32\comuid.dll
2009-05-07 13:29:52 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-05-07 13:29:51 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-05-07 13:29:51 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-05-07 13:29:40 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-05-07 13:29:39 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-05-07 13:29:39 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-05-07 13:29:39 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-05-07 06:28:48 ----A---- C:\WINDOWS\system32\h323log.txt
2009-05-07 06:27:01 ----A---- C:\WINDOWS\system32\usbui.dll
2009-05-07 06:25:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-07 06:25:07 ----SHD---- C:\WINDOWS\Installer
2009-05-07 06:25:06 ----D---- C:\Program Files\Common Files\ODBC
2009-05-07 06:25:06 ----A---- C:\WINDOWS\ODBCINST.INI
2009-05-07 06:25:01 ----RD---- C:\Program Files
2009-05-07 06:25:01 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-05-07 06:25:01 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-05-07 06:25:01 ----D---- C:\Program Files\Common Files
2009-05-07 06:24:55 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-05-07 06:24:55 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-05-07 06:24:55 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-05-07 06:24:53 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-05-07 06:24:53 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-05-07 06:24:53 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-05-07 06:24:52 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-05-07 06:24:52 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-05-07 06:24:52 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-05-07 06:24:52 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-05-07 06:24:52 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-05-07 06:24:52 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-05-07 06:24:52 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-05-07 06:24:52 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-05-07 06:24:52 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-05-07 06:24:50 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-05-07 06:24:50 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-05-07 06:24:50 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-05-07 06:24:50 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-05-07 06:24:50 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-05-07 06:24:50 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-05-07 06:24:50 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-05-07 06:24:48 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-05-07 06:24:48 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-05-07 06:24:48 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-05-07 06:24:48 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-05-07 06:24:48 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-05-07 06:24:46 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-05-07 06:24:46 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-05-07 06:24:46 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-05-07 06:24:46 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-05-07 06:24:46 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-05-07 06:24:46 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-05-07 06:24:46 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-05-07 06:24:46 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-05-07 06:24:46 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-05-07 06:24:46 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-05-07 06:24:46 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-05-07 06:24:46 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-05-07 06:24:46 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-05-07 06:24:37 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-05-07 06:24:37 ----A---- C:\WINDOWS\system32\irclass.dll
2009-05-07 06:24:37 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-05-07 06:24:37 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-05-07 06:24:37 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-05-07 06:24:33 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-05-07 06:24:33 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-05-07 06:24:32 ----A---- C:\WINDOWS\system32\batt.dll
2009-05-07 06:24:32 ----A---- C:\WINDOWS\NOTEPAD.EXE
2009-05-07 06:24:31 ----A---- C:\WINDOWS\system32\storprop.dll
2009-05-07 06:24:23 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-05-07 06:22:37 ----RA---- C:\WINDOWS\SET8.tmp
2009-05-07 06:22:32 ----RA---- C:\WINDOWS\SET4.tmp
2009-05-07 06:22:30 ----RA---- C:\WINDOWS\SET3.tmp
2009-05-07 06:22:21 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-07 06:22:21 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-07 06:22:15 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-05-07 06:21:46 ----D---- C:\Documents and Settings
2009-05-07 06:21:45 ----SHD---- C:\System Volume Information
2009-05-07 06:20:45 ----SH---- C:\boot.ini
2009-05-07 06:15:19 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-05-07 06:15:19 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-07 06:15:19 ----RSD---- C:\WINDOWS\Fonts
2009-05-07 06:15:19 ----RD---- C:\WINDOWS\Web
2009-05-07 06:15:19 ----HD---- C:\WINDOWS\inf
2009-05-07 06:15:19 ----D---- C:\WINDOWS\WinSxS
2009-05-07 06:15:19 ----D---- C:\WINDOWS\WBEM
2009-05-07 06:15:19 ----D---- C:\WINDOWS\twain_32
2009-05-07 06:15:19 ----D---- C:\WINDOWS\Temp
2009-05-07 06:15:19 ----D---- C:\WINDOWS\system32\wins
2009-05-07 06:15:19 ----D---- C:\WINDOWS\system32\wbem
2009-05-07 06:15:19 ----D---- C:\WINDOWS\system32\usmt
2009-05-07 06:15:19 ----D---- C:\WINDOWS\system32\spool
2009-05-07 06:15:19 ----D---- C:\WINDOWS\system32\ShellExt
2009-05-07 06:15:19 ----D---- C:\WINDOWS\system32\Setup
2009-05-07 06:15:19 ----D---- C:\WINDOWS\system32\scripting
2009-05-07 06:15:19 ----D---- C:\WINDOWS\system32\ras
2009-05-07 06:15:19 ----D---- C:\WINDOWS\system32\oobe
2009-05-07 06:15:19 ----D---- C:\WINDOWS\system32\npp
2009-05-07 06:15:19 ----D---- C:\WINDOWS\system32\mui
2009-05-07 06:15:19 ----D---- C:\WINDOWS\system32\inetsrv
2009-05-07 06:15:19 ----D---- C:\WINDOWS\system32\IME
2009-05-07 06:15:19 ----D---- C:\WINDOWS\system32\icsxml
2009-05-07 06:15:19 ----D---- C:\WINDOWS\system32\ias
2009-05-07 06:15:19 ----D---- C:\WINDOWS\system32\export
2009-05-07 06:15:19 ----D---- C:\WINDOWS\system32\en-US
2009-05-07 06:15:19 ----D---- C:\WINDOWS\system32\en
2009-05-07 06:15:19 ----D---- C:\WINDOWS\system32\drivers
2009-05-07 06:15:19 ----D---- C:\WINDOWS\system32\dhcp
2009-05-07 06:15:19 ----D---- C:\WINDOWS\system32\config
2009-05-07 06:15:19 ----D---- C:\WINDOWS\system32\3com_dmi
2009-05-07 06:15:19 ----D---- C:\WINDOWS\system32\3076
2009-05-07 06:15:19 ----D---- C:\WINDOWS\system32\2052
2009-05-07 06:15:19 ----D---- C:\WINDOWS\system32\1054
2009-05-07 06:15:19 ----D---- C:\WINDOWS\system32\1042
2009-05-07 06:15:19 ----D---- C:\WINDOWS\system32\1041
2009-05-07 06:15:19 ----D---- C:\WINDOWS\system32\1037
2009-05-07 06:15:19 ----D---- C:\WINDOWS\system32\1033
2009-05-07 06:15:19 ----D---- C:\WINDOWS\system32\1031
2009-05-07 06:15:19 ----D---- C:\WINDOWS\system32\1028
2009-05-07 06:15:19 ----D---- C:\WINDOWS\system32\1025
2009-05-07 06:15:19 ----D---- C:\WINDOWS\system32
2009-05-07 06:15:19 ----D---- C:\WINDOWS\system
2009-05-07 06:15:19 ----D---- C:\WINDOWS\security
2009-05-07 06:15:19 ----D---- C:\WINDOWS\Resources
2009-05-07 06:15:19 ----D---- C:\WINDOWS\repair
2009-05-07 06:15:19 ----D---- C:\WINDOWS\Provisioning
2009-05-07 06:15:19 ----D---- C:\WINDOWS\PeerNet
2009-05-07 06:15:19 ----D---- C:\WINDOWS\pchealth
2009-05-07 06:15:19 ----D---- C:\WINDOWS\Offline Web Pages
2009-05-07 06:15:19 ----D---- C:\WINDOWS\Network Diagnostic
2009-05-07 06:15:19 ----D---- C:\WINDOWS\mui
2009-05-07 06:15:19 ----D---- C:\WINDOWS\msapps
2009-05-07 06:15:19 ----D---- C:\WINDOWS\msagent
2009-05-07 06:15:19 ----D---- C:\WINDOWS\Media
2009-05-07 06:15:19 ----D---- C:\WINDOWS\L2Schemas
2009-05-07 06:15:19 ----D---- C:\WINDOWS\java
2009-05-07 06:15:19 ----D---- C:\WINDOWS\ime
2009-05-07 06:15:19 ----D---- C:\WINDOWS\Help
2009-05-07 06:15:19 ----D---- C:\WINDOWS\ehome
2009-05-07 06:15:19 ----D---- C:\WINDOWS\Driver Cache
2009-05-07 06:15:19 ----D---- C:\WINDOWS\Debug
2009-05-07 06:15:19 ----D---- C:\WINDOWS\Cursors
2009-05-07 06:15:19 ----D---- C:\WINDOWS\Connection Wizard
2009-05-07 06:15:19 ----D---- C:\WINDOWS\Config
2009-05-07 06:15:19 ----D---- C:\WINDOWS\AppPatch
2009-05-07 06:15:19 ----D---- C:\WINDOWS\addins
2009-05-07 06:15:19 ----D---- C:\WINDOWS
2009-05-01 00:31:10 ----A---- C:\WINDOWS\system32\nwiz.exe
2009-05-01 00:31:08 ----A---- C:\WINDOWS\system32\nvappbar.exe
2009-05-01 00:31:08 ----A---- C:\WINDOWS\system32\keystone.exe
2009-05-01 00:31:06 ----A---- C:\WINDOWS\system32\nvwimg.dll
2009-05-01 00:31:06 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll
2009-05-01 00:31:06 ----A---- C:\WINDOWS\system32\nvshell.dll
2009-05-01 00:31:06 ----A---- C:\WINDOWS\system32\nview.dll
2009-05-01 00:30:58 ----A---- C:\WINDOWS\system32\nvcplui.exe
2009-05-01 00:30:48 ----A---- C:\WINDOWS\system32\nvwddi.dll
2009-05-01 00:30:36 ----A---- C:\WINDOWS\system32\nvwss.dll
2009-05-01 00:30:30 ----A---- C:\WINDOWS\system32\nvvitvs.dll
2009-05-01 00:30:26 ----A---- C:\WINDOWS\system32\nvmobls.dll
2009-05-01 00:30:26 ----A---- C:\WINDOWS\system32\nvmccss.dll
2009-05-01 00:30:24 ----A---- C:\WINDOWS\system32\nvgames.dll
2009-05-01 00:30:18 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2009-05-01 00:30:18 ----A---- C:\WINDOWS\system32\nvdisps.dll
2009-05-01 00:30:18 ----A---- C:\WINDOWS\system32\nvcolor.exe
2009-05-01 00:30:16 ----A---- C:\WINDOWS\system32\nvmctray.dll
2009-05-01 00:30:16 ----A---- C:\WINDOWS\system32\nvcpl.dll
2009-05-01 00:30:14 ----A---- C:\WINDOWS\system32\nvmccs.dll
2009-04-30 22:02:00 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2009-04-30 22:02:00 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2009-04-30 22:02:00 ----A---- C:\WINDOWS\system32\nvcuvenc.dll
2009-04-30 22:02:00 ----A---- C:\WINDOWS\system32\nvcuda.dll
2009-04-30 22:02:00 ----A---- C:\WINDOWS\system32\nvcodins.dll
2009-04-30 22:02:00 ----A---- C:\WINDOWS\system32\nvcod.dll
2009-04-30 22:02:00 ----A---- C:\WINDOWS\system32\nvapi.dll
2009-04-30 22:02:00 ----A---- C:\WINDOWS\system32\nv4_disp.dll

======List of files/folders modified in the last 3 months======

2009-05-13 18:39:36 ----A---- C:\WINDOWS\win.ini
2009-05-07 06:25:00 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-06-25 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-25 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-25 108552]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-08-23 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-08-23 55936]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-01-20 5027840]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-10-30 117888]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S2 MLPTDR_Q;MLPTDR_Q; \??\C:\WINDOWS\system32\MLPTDR_Q.sys []
S3 Alpham1;Ideazon ZBoard USB Human Interface Device; C:\WINDOWS\system32\DRIVERS\Alpham1.sys [2007-07-23 42624]
S3 Alpham2;Ideazon ZBoard MM USB Human Interface Device; C:\WINDOWS\system32\DRIVERS\Alpham2.sys [2007-03-20 18432]
S3 avhqz50y;avhqz50y; C:\WINDOWS\system32\drivers\avhqz50y.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Tyler\LOCALS~1\Temp\catchme.sys []
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-14 12800]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-01-11 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-01-11 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-25 298776]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ES lite Service;ES lite Service for program management.; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [2009-02-05 68136]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-05-01 168004]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-05-27 654848]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-05-30 541992]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-01 1029456]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-07-09 12:39:47

======Uninstall list======

-->MsiExec /X{1C4551A6-4743-4093-91E4-1477CD655043}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Add or Remove Adobe Creative Suite 3 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\4dcfd9b7e901b57f81f667144603236\Setup.exe
Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe After Effects CS3-->MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Contribute CS3-->MsiExec.exe /I{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe Encore CS3 Codecs-->MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}
Adobe Encore CS3-->MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3-->MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content-->MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Premiere Pro CS3-->MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Setup-->MsiExec.exe /I{4458C442-7376-4CF9-AF58-E8CEA6722363}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Soundbooth CS3 Codecs-->MsiExec.exe /I{0327FA9D-975C-448C-A086-577D57BB25B8}
Adobe Soundbooth CS3-->MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server-->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0009 -removeonly
Apple Mobile Device Support-->MsiExec.exe /I{659B48CD-0608-4ED5-94C0-0B6C87114F10}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Browser Configuration Utility-->"C:\Program Files\InstallShield Installation Information\{E8AEA11B-E60A-455E-B008-E4E763604612}\setup.exe" -runfromtemp -l0x0009 -removeonly
CCleaner (remove only)-->"Z:\Program Files\CCleaner\uninst.exe"
EA Download Manager-->C:\Program Files\Electronic Arts\EADM\Uninstall.exe
EasySaver B9.0205.1 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{07300F01-89CA-4CF8-92BD-2A605EB83C95}\setup.exe" -l0x9 -removeonly
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
HijackThis 2.0.2-->"Z:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes-->MsiExec.exe /I{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}
KONICA MINOLTA PagePro 1350W-->MUINST_Q.EXE /PRN:"KONICA MINOLTA PagePro 1350W"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Expression Web MUI (English)-->MsiExec.exe /X{90120000-0026-0409-0000-0000000FF1CE}
Microsoft Expression Web-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall WEBDESIGNER /dll ESETUP.DLL
Microsoft Expression Web-->MsiExec.exe /X{90120000-0026-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mouse Suite-->C:\Program Files\InstallShield Installation Information\{EEDBE2DF-4141-44A9-8614-9832B16637E6}\setup.exe -runfromtemp -l0x0009 -removeonly
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{1C4551A6-4743-4093-91E4-1477CD655043}
OCCT Perestroika 3.1.0-->"Z:\Program Files\OCCT\unins000.exe"
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9 -removeonly
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{E9ED0801-253D-4FE9-AB20-F63DEFE72547}
SpeedFan (remove only)-->"Z:\Program Files\SpeedFan\uninstall.exe"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
The Sims™ 3-->"C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\Sims3Setup.exe" -runfromtemp -l0x0009 -removeonly
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vuze-->C:\Program Files\Vuze\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Xfire (remove only)-->"Z:\Program Files\Xfire\uninst.exe"
Zune Desktop Theme-->MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}

======Security center information======

AV: AVG Anti-Virus Free (disabled)

======System event log======

Computer Name: ----------
Event Code: 50
Message: {Delayed Write Failed}
Windows was unable to save all the data for the file . The data has been lost.
This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.

Record Number: 187
Source Name: Fastfat
Time Written: 20090509085112.000000-420
Event Type: warning
User:

Computer Name: ----------
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 00241D1CFFE9. The IP address being used is 169.254.46.99.

Record Number: 153
Source Name: Dhcp
Time Written: 20090509082405.000000-420
Event Type: warning
User:

Computer Name: ----------
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00241D1CFFE9. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 152
Source Name: Dhcp
Time Written: 20090509082356.000000-420
Event Type: warning
User:

Computer Name: ----------
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 148
Source Name: W32Time
Time Written: 20090509014555.000000-420
Event Type: warning
User:

Computer Name: ----------
Event Code: 34
Message: The time service has detected that the system time needs to be
changed by -61219 seconds. The time service will not change the system
time by more than -54000 seconds. Verify that your time and time zone
are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.103:123->207.46.232.182:123) is working properly.

Record Number: 93
Source Name: W32Time
Time Written: 20090508114606.000000-420
Event Type: error
User:

=====Application event log=====

Computer Name: ----------
Event Code: 1000
Message: Faulting application wcesmgr.exe, version 4.5.5096.0, faulting module unknown, version 0.0.0.0, fault address 0x12aebeab.

Record Number: 771
Source Name: Application Error
Time Written: 20090701222616.000000-420
Event Type: error
User:

Computer Name: ----------
Event Code: 0
Message:
Record Number: 770
Source Name: Lavasoft Ad-Aware Service
Time Written: 20090701221501.000000-420
Event Type: error
User:

Computer Name: ----------
Event Code: 1002
Message: Hanging application WCESMgr.exe, version 4.5.5096.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 732
Source Name: Application Hang
Time Written: 20090616215645.000000-420
Event Type: error
User:

Computer Name: ----------
Event Code: 1000
Message: Faulting application rocketdock.exe, version 0.0.0.0, faulting module stackdocklet.dll, version 0.0.0.0, fault address 0x00048d18.

Record Number: 688
Source Name: Application Error
Time Written: 20090606094616.000000-420
Event Type: error
User:

Computer Name: ----------
Event Code: 1000
Message: Faulting application assassinscreed_dx9.exe, version 1.0.0.1, faulting module assassinscreed_dx9.exe, version 1.0.0.1, fault address 0x00622a89.

Record Number: 626
Source Name: Application Error
Time Written: 20090604111034.000000-420
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=16
"PROCESSOR_IDENTIFIER"=x86 Family 16 Model 4 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0402
"NUMBER_OF_PROCESSORS"=4
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-09 20:57:50
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

Code 89DCD208 ZwEnumerateKey
Code 89DC2E18 ZwFlushInstructionCache
Code 89A2C56E IofCallDriver
Code 898B4C56 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EF196 5 Bytes JMP 89A2C573
.text ntkrnlpa.exe!IofCompleteRequest 804EF226 5 Bytes JMP 898B4C5B
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6806 5 Bytes JMP 89DC2E1C
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FC6 5 Bytes JMP 89DCD20C
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? System32\Drivers\avhqz50y.SYS The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload B33E78AC 5 Bytes JMP 8A4B61C8

---- User code sections - GMER 1.0.15 ----

.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[788] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003B000A
.text C:\WINDOWS\system32\winlogon.exe[836] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 0066000A
.text C:\WINDOWS\system32\services.exe[888] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003A000A
.text C:\WINDOWS\system32\nvsvc32.exe[1092] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 006A000A
.text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[1140] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003A000A
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EBEAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EBEC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EBEB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EBF748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EBF61E] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A6961E8

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbohci \Device\USBPDO-0 8A4BF1E8
Device \Driver\usbohci \Device\USBPDO-1 8A4BF1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A69A1E8
Device \Driver\dmio \Device\DmControl\DmConfig 8A69A1E8
Device \Driver\dmio \Device\DmControl\DmPnP 8A69A1E8
Device \Driver\dmio \Device\DmControl\DmInfo 8A69A1E8
Device \Driver\usbehci \Device\USBPDO-2 8A4D1410
Device \Driver\usbohci \Device\USBPDO-3 8A4BF1E8
Device \Driver\usbohci \Device\USBPDO-4 8A4BF1E8

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbehci \Device\USBPDO-5 8A4D1410
Device \Driver\usbohci \Device\USBPDO-6 8A4BF1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A6F61E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A6F61E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{1221AB32-1247-4405-B98A-3DECED066FEB} 898B5790
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A6F61E8
Device \Driver\PCI_NTPNP6168 \Device\0000004a sptd.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 898B5790
Device \Driver\NetBT \Device\NetbiosSmb 898B5790

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbohci \Device\USBFDO-0 8A4BF1E8
Device \Driver\usbohci \Device\USBFDO-1 8A4BF1E8
Device \Driver\USBSTOR \Device\0000007a 897EA790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 897C7790
Device \Driver\usbehci \Device\USBFDO-2 8A4D1410
Device \Driver\usbohci \Device\USBFDO-3 8A4BF1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 897C7790
Device \Driver\Ftdisk \Device\FtControl 8A6F61E8
Device \Driver\usbohci \Device\USBFDO-4 8A4BF1E8
Device \Driver\USBSTOR \Device\0000007d 897EA790
Device \Driver\usbehci \Device\USBFDO-5 8A4D1410
Device \Driver\usbohci \Device\USBFDO-6 8A4BF1E8
Device \Driver\avhqz50y \Device\Scsi\avhqz50y1Port7Path0Target1Lun0 8A4D21E8
Device \Driver\adpu160m \Device\Scsi\adpu160m1Port5Path0Target0Lun0 8A6981E8
Device \Driver\adpu160m \Device\Scsi\adpu160m1 8A6981E8
Device \Driver\adpu160m \Device\Scsi\adpu160m2 8A6981E8
Device \Driver\avhqz50y \Device\Scsi\avhqz50y1Port7Path0Target0Lun0 8A4D21E8
Device \Driver\avhqz50y \Device\Scsi\avhqz50y1 8A4D21E8
Device \FileSystem\Cdfs \Cdfs 89775660

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\hjgruiiysindsk.sys (*** hidden *** ) [SYSTEM] hjgruiflmbdpln <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruiflmbdpln
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruiflmbdpln@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruiflmbdpln@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruiflmbdpln@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruiflmbdpln@imagepath \systemroot\system32\drivers\hjgruiiysindsk.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruiflmbdpln\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruiflmbdpln\main@aid 11102
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruiflmbdpln\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruiflmbdpln\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruiflmbdpln\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruiflmbdpln\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruiflmbdpln\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruiflmbdpln\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruiflmbdpln\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruiflmbdpln\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruiiysindsk.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruiflmbdpln\modules@hjgruicmd.dll \systemroot\system32\hjgruixwxftvrf.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruiflmbdpln\modules@hjgruilog.dat \systemroot\system32\hjgruixsomvihy.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruiflmbdpln\modules@hjgruiwsp.dll \systemroot\system32\hjgruiyievpnnc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruiflmbdpln\modules@hjgrui.dat \systemroot\system32\hjgruijbbfcvlj.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 Z:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x85 0xE2 0x53 0xF3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6A 0x4A 0x2D 0x17 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x45 0x6E 0xD0 0xC5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xE5 0x22 0xD7 0xF8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0xAA 0xEB 0x4F 0xF6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xE5 0x22 0xD7 0xF8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiflmbdpln
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiflmbdpln@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiflmbdpln@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiflmbdpln@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiflmbdpln@imagepath \systemroot\system32\drivers\hjgruiiysindsk.sys
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiflmbdpln\main
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiflmbdpln\main@aid 11102
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiflmbdpln\main@sid 0
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiflmbdpln\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiflmbdpln\main\delete
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiflmbdpln\main\injector
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiflmbdpln\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiflmbdpln\main\tasks
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiflmbdpln\modules
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiflmbdpln\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruiiysindsk.sys
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiflmbdpln\modules@hjgruicmd.dll \systemroot\system32\hjgruixwxftvrf.dll
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiflmbdpln\modules@hjgruilog.dat \systemroot\system32\hjgruixsomvihy.dat
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiflmbdpln\modules@hjgruiwsp.dll \systemroot\system32\hjgruiyievpnnc.dll
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiflmbdpln\modules@hjgrui.dat \systemroot\system32\hjgruijbbfcvlj.dat
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 Z:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x85 0xE2 0x53 0xF3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6A 0x4A 0x2D 0x17 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x45 0x6E 0xD0 0xC5 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xE5 0x22 0xD7 0xF8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0xAA 0xEB 0x4F 0xF6 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xE5 0x22 0xD7 0xF8 ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\hjgruiiysindsk.sys 68608 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\hjgruijbbfcvlj.dat 93 bytes
File C:\WINDOWS\system32\hjgruixsomvihy.dat 183307 bytes
File C:\WINDOWS\system32\hjgruixwxftvrf.dll 44032 bytes executable
File C:\WINDOWS\system32\hjgruiyievpnnc.dll 18944 bytes executable
File C:\WINDOWS\Temp\hjgruibrapcfdqpt.tmp 93 bytes
File C:\WINDOWS\Temp\hjgruiljxcptrxfq.tmp 18944 bytes executable
File C:\WINDOWS\Temp\hjgruillfdpoerqo.tmp 93 bytes
File C:\WINDOWS\Temp\hjgruixxylhotqcv.tmp 18944 bytes executable

---- EOF - GMER 1.0.15 ----

#5 fenzodahl512

Members
6,738 posts
OFFLINE

Local time:07:02 AM

Posted 09 July 2009 - 11:14 PM

A pm has been sent to you.. Please follow the instruction via pm and then run it.. Post the log here :thumbup2:

#6 TRCote10

Topic Starter

Members
6 posts
OFFLINE

Local time:06:02 PM

Posted 10 July 2009 - 12:04 AM

ComboFix 09-07-09.06 - Tyler 07/09/2009 23:46.1.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2939 [GMT -7:00]
Running from: c:\documents and settings\Tyler\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Install.txt
c:\windows\Installer\17d5fe.msi
c:\windows\Installer\1e1d19.msi
c:\windows\Installer\83a46dc.msi
c:\windows\system32\config\systemprofile\Desktop\System Security 2009.lnk
c:\windows\system32\config\systemprofile\Start Menu\Programs\System Security
c:\windows\system32\config\systemprofile\Start Menu\Programs\System Security\System Security
c:\windows\system32\drivers\hjgruiiysindsk.sys
c:\windows\system32\hjgruijbbfcvlj.dat
c:\windows\system32\hjgruixsomvihy.dat
c:\windows\system32\hjgruixwxftvrf.dll
c:\windows\system32\hjgruiyievpnnc.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hjgruiflmbdpln
-------\Legacy_MSNCACHE
-------\Legacy_SOPIDKC

((((((((((((((((((((((((( Files Created from 2009-06-10 to 2009-07-10 )))))))))))))))))))))))))))))))
.

2009-07-09 19:39 . 2009-07-09 19:39 -------- d-----w- C:\rsit
2009-07-09 15:18 . 2009-07-09 15:18 -------- d-----w- c:\program files\ERUNT
2009-07-07 21:35 . 2009-07-07 21:35 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Installer2884
2009-07-07 21:24 . 2009-07-07 21:24 -------- d-----w- c:\documents and settings\Tyler\Local Settings\Application Data\Installer2816
2009-07-06 18:49 . 2007-03-20 21:49 2781184 ----a-w- c:\documents and settings\Tyler\Application Data\Adobe\Dreamweaver 9\Configuration\Flash Player\authplay.dll
2009-07-02 05:19 . 2009-07-02 05:16 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-07-02 05:14 . 2009-07-02 05:14 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-02 05:14 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-07-02 05:14 . 2009-07-02 05:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-02 05:14 . 2009-07-02 05:14 -------- d-----w- c:\program files\Lavasoft
2009-07-02 01:40 . 2009-07-02 01:40 -------- d-----w- c:\windows\system32\LogFiles
2009-07-01 03:54 . 2009-07-01 03:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-07-01 03:53 . 2009-07-01 03:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-06-27 19:29 . 2009-06-27 19:29 -------- d-----w- c:\documents and settings\Tyler\Application Data\Malwarebytes
2009-06-27 19:29 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-27 19:29 . 2009-06-27 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-27 19:29 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-27 19:29 . 2009-06-27 19:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-20 19:40 . 2009-06-20 19:40 -------- d-----w- c:\documents and settings\Tyler\Application Data\dvdcss
2009-06-17 04:00 . 2008-04-14 07:26 30592 -c--a-w- c:\windows\system32\dllcache\rndismpx.sys
2009-06-17 04:00 . 2008-04-14 07:26 30592 ----a-w- c:\windows\system32\drivers\rndismpx.sys
2009-06-17 04:00 . 2008-04-14 07:26 12800 -c--a-w- c:\windows\system32\dllcache\usb8023x.sys
2009-06-17 04:00 . 2008-04-14 07:26 12800 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2009-06-17 04:00 . 2009-06-17 04:00 -------- d-----w- c:\program files\Samsung

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-10 06:56 . 2009-05-08 16:08 16608 ----a-w- c:\windows\gdrv.sys
2009-07-09 05:18 . 2009-07-02 05:16 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-09 05:18 . 2009-07-02 05:16 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-09 05:17 . 2009-07-02 05:16 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-07 18:58 . 2009-05-10 19:14 -------- d-----w- c:\documents and settings\Tyler\Application Data\Azureus
2009-07-02 04:35 . 2009-05-09 15:54 -------- d-----w- c:\documents and settings\Tyler\Application Data\Apple Computer
2009-06-25 15:32 . 2009-05-26 00:25 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-25 15:32 . 2009-05-26 00:25 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-25 15:32 . 2009-05-26 00:25 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-17 04:00 . 2009-05-08 16:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-17 04:00 . 2009-05-08 16:09 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-11 04:19 . 2009-06-09 19:48 -------- d-----w- c:\documents and settings\Tyler\Application Data\Xfire
2009-06-09 19:48 . 2009-06-09 19:48 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire
2009-06-07 06:47 . 2009-06-07 06:47 -------- d-----w- c:\documents and settings\Tyler\Application Data\Ideazon
2009-06-07 06:35 . 2009-06-03 15:19 -------- d-----w- c:\documents and settings\Tyler\Application Data\Bioshock
2009-06-06 16:38 . 2009-06-06 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-06 16:38 . 2009-05-09 15:54 -------- d-----w- c:\program files\iTunes
2009-06-06 16:38 . 2009-05-09 15:53 -------- d-----w- c:\program files\Common Files\Apple
2009-06-06 16:35 . 2009-06-06 16:35 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-06 16:34 . 2009-05-09 15:53 -------- d-----w- c:\program files\QuickTime
2009-06-06 16:32 . 2009-05-09 15:53 -------- d-----w- c:\program files\Bonjour
2009-06-06 16:29 . 2009-06-06 16:29 -------- d-----w- c:\program files\Apple Software Update
2009-06-06 06:17 . 2009-06-06 06:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-06-06 06:16 . 2009-06-06 06:16 -------- d-----w- c:\program files\Electronic Arts
2009-06-06 06:15 . 2009-06-06 06:15 10134 ----a-r- c:\documents and settings\Tyler\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-06 06:15 . 2009-06-06 06:15 -------- d-----w- c:\program files\Microsoft WSE
2009-06-05 16:36 . 2009-06-05 16:35 -------- d-----w- c:\documents and settings\Tyler\Application Data\DAEMON Tools Pro
2009-06-05 16:35 . 2009-06-05 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-06-05 16:18 . 2009-06-05 16:18 685816 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-03 15:19 . 2009-06-03 15:19 -------- d--h--r- c:\documents and settings\Tyler\Application Data\SecuROM
2009-06-03 15:10 . 2009-06-03 14:59 -------- d-----w- c:\documents and settings\Tyler\Application Data\vlc
2009-06-03 14:58 . 2009-06-03 14:58 -------- d-----w- c:\program files\VideoLAN
2009-06-02 15:06 . 2009-06-02 15:06 -------- d-----w- c:\documents and settings\Tyler\Application Data\Ubisoft
2009-06-02 15:06 . 2009-06-02 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Ubisoft
2009-06-02 14:59 . 2009-05-29 14:58 8 ----a-w- c:\windows\system32\nvModes.dat
2009-05-31 02:38 . 2009-05-31 02:38 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-05-29 14:52 . 2009-05-29 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-05-28 04:23 . 2009-05-09 15:50 69320 ----a-w- c:\documents and settings\Tyler\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-28 03:42 . 2009-05-28 03:42 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-05-28 03:41 . 2009-05-28 03:07 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-28 03:39 . 2009-05-28 03:39 -------- d-----w- c:\program files\Common Files\Control Panels
2009-05-28 03:38 . 2009-05-28 03:38 -------- d-----w- c:\documents and settings\All Users\Application Data\ALM
2009-05-28 03:10 . 2009-05-28 03:10 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-05-26 00:25 . 2009-05-26 00:25 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-26 00:25 . 2009-05-26 00:25 -------- d-----w- c:\program files\AVG
2009-05-26 00:25 . 2009-05-26 00:25 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-05-22 15:43 . 2009-05-22 15:00 -------- d-----w- c:\program files\Left 4 Dead
2009-05-22 03:11 . 2009-05-22 02:35 -------- d-----w- c:\documents and settings\Tyler\Application Data\Winamp
2009-05-22 03:04 . 2009-05-22 02:58 -------- d-----w- c:\program files\Counter-Strike 1.6
2009-05-22 02:42 . 2009-05-22 02:42 -------- d-----w- c:\program files\Common Files\Stardock
2009-05-22 02:38 . 2009-05-22 02:35 -------- d-----w- c:\program files\Winamp
2009-05-21 22:50 . 2009-05-21 22:50 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-05-19 02:58 . 2009-05-19 02:58 -------- d-----w- c:\documents and settings\Tyler\Application Data\Viewpoint
2009-05-12 02:10 . 2009-05-12 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-12 02:09 . 2009-05-12 02:09 -------- d-----w- c:\program files\Microsoft Expression
2009-05-12 01:54 . 2009-05-12 01:54 -------- d-----w- c:\program files\Microsoft Works
2009-05-12 01:54 . 2009-05-12 01:54 -------- d-----w- c:\program files\MSBuild
2009-05-12 01:52 . 2009-05-12 01:52 -------- d-----w- c:\program files\Microsoft.NET
2009-05-12 01:51 . 2009-05-12 01:51 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-05-11 22:28 . 2009-05-11 22:28 -------- d-----w- c:\documents and settings\Tyler\Application Data\acccore
2009-05-11 22:28 . 2009-05-11 22:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP
2009-05-11 22:27 . 2009-05-11 22:25 -------- d-----w- c:\program files\AIM6
2009-05-11 22:26 . 2009-05-11 22:26 -------- d-----w- c:\program files\Viewpoint
2009-05-11 22:26 . 2009-05-11 22:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-11 22:26 . 2009-05-11 22:26 -------- d-----w- c:\documents and settings\All Users\Application Data\acccore
2009-05-11 22:26 . 2009-05-11 22:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-05-11 22:25 . 2009-05-11 22:25 -------- d-----w- c:\program files\Common Files\AOL
2009-05-10 16:45 . 2009-05-07 20:35 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-09 06:30 . 2009-05-09 06:30 167376 ----a-w- c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\7729wft3.default\FlashGot.exe
2009-05-09 06:26 . 2009-05-09 06:26 0 ----a-w- c:\windows\nsreg.dat
2009-05-08 18:57 . 2009-05-08 18:56 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-08 18:56 . 2009-05-08 18:56 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-05-07 20:32 . 2009-05-07 20:32 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-05-01 07:31 . 2009-05-01 07:31 1657376 ----a-w- c:\windows\system32\nwiz.exe
2009-05-01 07:31 . 2009-05-01 07:31 449056 ----a-w- c:\windows\system32\nvappbar.exe
2009-05-01 07:31 . 2009-05-01 07:31 436768 ----a-w- c:\windows\system32\keystone.exe
2009-05-01 07:31 . 2009-05-01 07:31 466944 ----a-w- c:\windows\system32\nvshell.dll
2009-05-01 07:31 . 2009-05-01 07:31 1724416 ----a-w- c:\windows\system32\nvwdmcpl.dll
2009-05-01 07:31 . 2009-05-01 07:31 1507328 ----a-w- c:\windows\system32\nview.dll
2009-05-01 07:31 . 2009-05-01 07:31 1101824 ----a-w- c:\windows\system32\nvwimg.dll
2009-05-01 05:02 . 2009-05-08 19:02 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-05-01 05:02 . 2009-05-01 05:02 9994240 ----a-w- c:\windows\system32\nvoglnt.dll
2009-05-01 05:02 . 2009-05-01 05:02 806912 ----a-w- c:\windows\system32\nvapi.dll
2009-05-01 05:02 . 2009-05-01 05:02 8055584 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-05-01 05:02 . 2009-05-01 05:02 663552 ----a-w- c:\windows\system32\nvcuvid.dll
2009-05-01 05:02 . 2009-05-01 05:02 5896320 ----a-w- c:\windows\system32\nv4_disp.dll
2009-05-01 05:02 . 2009-05-01 05:02 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-05-01 05:02 . 2009-05-01 05:02 1579630 ----a-w- c:\windows\system32\nvdata.bin
2009-05-01 05:02 . 2009-05-01 05:02 143360 ----a-w- c:\windows\system32\nvcodins.dll
2009-05-01 05:02 . 2009-05-01 05:02 143360 ----a-w- c:\windows\system32\nvcod.dll
2009-05-01 05:02 . 2009-05-01 05:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-04-27 07:42 . 2009-05-08 19:02 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
.

------- Sigcheck -------

[-] 2009-01-12 02:44 1614848 362BC5AF8EAF712832C58CC13AE05750 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-04-27 49968]
"DAEMON Tools Pro Agent"="z:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-04-29 3338240]
"H/PC Connection Agent"="z:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-01 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-25 1948440]
"Acrobat Assistant 8.0"="z:\program files\Adobe CS3\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-02 520024]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-01-13 18084864]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-05-01 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]

c:\documents and settings\Tyler\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-25 15:32 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Half Life 2\\root\\hl2.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Left 4 Dead\\Left 4 Dead\\left4dead.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"z:\\Games\\Call of Duty 4 Modern Warfare Full-Rip Skullptura\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"z:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"z:\program files\Microsoft ActiveSync\rapimgr.exe"= z:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"z:\program files\Microsoft ActiveSync\wcescomm.exe"= z:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"z:\program files\Microsoft ActiveSync\WCESMgr.exe"= z:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/1/2009 10:16 PM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/25/2009 5:25 PM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/25/2009 5:25 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/25/2009 5:25 PM 298776]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [5/8/2009 9:09 AM 68136]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/11/2009 3:26 PM 24652]
S2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.SYS [11/18/2004 9:13 PM 18848]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 12:06 PM 1029456]
.
Contents of the 'Scheduled Tasks' folder

2009-07-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 05:16]

2009-07-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - z:\program files\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - z:\program files\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - z:\program files\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - z:\program files\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - z:\program files\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - z:\program files\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - z:\program files\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - z:\program files\Adobe CS3\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
FF - ProfilePath - c:\documents and settings\Tyler\Application Data\Mozilla\Firefox\Profiles\7729wft3.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: z:\program files\Adobe CS3\Acrobat 8.0\Acrobat\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-09 23:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-484763869-1292428093-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:09,5a,b1,51,e8,57,be,ea,29,3a,da,16,7d,26,02,57,4b,26,51,27,df,27,85,
01,24,f7,a9,de,7a,a8,2c,89,42,ef,1d,fa,c5,6d,6f,00,22,ea,0f,16,4a,dc,f3,fd,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(556)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
z:\progra~1\MICROS~1\rapimgr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-07-10 0:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-10 07:02

Pre-Run: 11,155,308,544 bytes free
Post-Run: 14,054,256,640 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

298

#7 fenzodahl512

Members
6,738 posts
OFFLINE

Local time:07:02 AM

Posted 10 July 2009 - 01:21 AM

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

How's the computer now? :thumbup2:

#8 TRCote10

Topic Starter

Members
6 posts
OFFLINE

Local time:06:02 PM

Posted 10 July 2009 - 09:44 AM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# IEXPLORE.EXE=7.00.5730.13 (longhorn(wmbla).070711-1130)
# OnlineScanner.ocx=1.0.0.5886
# api_version=3.0.2
# EOSSerial=4750ad6a61a43a468ece18c3d8bdf21c
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-07-10 04:24:30
# local_time=2009-07-10 09:24:30 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1026 37 83 100 12991375008750
# scanned=228526
# found=1
# cleaned=1
# scan_time=2459
C:\WINDOWS\Counter Strike\uninstall.exe MSIL/TrojanClicker.NAC virus (deleted - quarantined) 00000000000000000000000000000000 C

#9 fenzodahl512

Members
6,738 posts
OFFLINE

Local time:07:02 AM

Posted 10 July 2009 - 10:47 AM

Looks good to me.. Lets do some cleanup...

Please download OTC by OldTimer and save it to Desktop.

Make sure you have internet connection..
Double-click OTC
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes

Please read these excellent articles write by my friends:
Preventing Malware and Safe Computing by Rorschach112
What makes your machine slow? by Artellos

Also, please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

Read these great info's about safe internet surfing..

http://www.pcpitstop.com/spycheck/safesurfing.asp
http://bluefive.pair.com/practice_safe_surfing.htm

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread

Have a safe and happy computing day!

Regards
fenzodahl512