Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

b.exe


  • This topic is locked This topic is locked
13 replies to this topic

#1 slashjive

slashjive

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 23 July 2009 - 05:57 PM

'b.exe has encountered a problem and needs to close. ' upon startup. random popups. I just want to remove it 'b.exe', please help. This is a new laptop and i believe i picked it up when i dl'ed motorola phone tools. I believe this is the only infection.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:56:12 PM, on 7/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Fingerprint Sensor\AtService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\AccelerometerSt.Exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\WINDOWS\msa.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Graphisoft\ArchiCAD 12\ArchiCAD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\MSPAINT.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...all&pf=cmnb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...all&pf=cmnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...all&pf=cmnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...all&pf=cmnb
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...all&pf=cmnb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.Exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Monopod] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\b.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{06B43A3E-061B-4815-BC60-BEA3F3852C40}: NameServer = 85.255.112.99,85.255.112.228
O17 - HKLM\System\CCS\Services\Tcpip\..\{8DC133D4-14B4-4B1D-B405-A90962D7F83E}: NameServer = 85.255.112.99,85.255.112.228
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.99,85.255.112.228
O17 - HKLM\System\CS1\Services\Tcpip\..\{06B43A3E-061B-4815-BC60-BEA3F3852C40}: NameServer = 85.255.112.99,85.255.112.228
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.99,85.255.112.228
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: ackpbsc - c:\WINDOWS\system32\ackpbsc.dll
O20 - Winlogon Notify: acunlock - c:\Program Files\ActivIdentity\ActivClient\acunlock.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: OneCard - c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - c:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 11614 bytes

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 25 July 2009 - 11:19 AM

Hello, my name is fenzodahl512 and welcome to Bleeping Computer.. Please do the following....



Please download The Comedian.exe by Rorschach112 to your desktop
  • Please disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..
  • Double click the program to run it. It will only take around several minutes to run.
  • It will do a series of tasks and tell you when each one is finished.
  • You will be prompted to press any key after each step
  • When it is done it will close and exit itself automatically.
  • You can delete The_Comedian.exe once it is finished
STOP! if you can't complete this step.. Tell me more about it..




NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>
Please rename the random filename or GMER into GAMERS
  • Open the renamed program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.
IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results



Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GAMERS result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 slashjive

slashjive
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 30 July 2009 - 11:50 AM

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 3

7/29/2009 3:25:22 PM
mbam-log-2009-07-29 (15-25-22).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 256405
Time elapsed: 1 hour(s), 13 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 5
Registry Data Items Infected: 15
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSIVXserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{06b43a3e-061b-4815-bc60-bea3f3852c40}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8dc133d4-14b4-4b1d-b405-a90962d7f83e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{06b43a3e-061b-4815-bc60-bea3f3852c40}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8dc133d4-14b4-4b1d-b405-a90962d7f83e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{06b43a3e-061b-4815-bc60-bea3f3852c40}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{8dc133d4-14b4-4b1d-b405-a90962d7f83e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.99,85.255.112.228 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\motorola phone tools\MPT_TEST_Info.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\program files\homeantivirus2010\htmlayout.dll (Rogue.AntiVirusPro2009) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\0101120101464849.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\0101120101464853.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wisdstr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

#4 slashjive

slashjive
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 30 July 2009 - 11:51 AM

RSIT LOG

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-07-29 15:30:39
Microsoft Windows XP Professional Service Pack 3
System drive C: has 84 GB (56%) free of 152 GB
Total RAM: 2042 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:30:50 PM, on 7/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Fingerprint Sensor\AtService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\AccelerometerSt.Exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...all&pf=cmnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...all&pf=cmnb
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...all&pf=cmnb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.Exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: ackpbsc - c:\WINDOWS\system32\ackpbsc.dll
O20 - Winlogon Notify: acunlock - c:\Program Files\ActivIdentity\ActivClient\acunlock.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: OneCard - c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - c:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10604 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\WGASetup.job
C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-02-03 1185120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"AccelerometerSysTrayApplet"=C:\WINDOWS\system32\AccelerometerSt.Exe [2008-05-08 77616]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-06-20 178712]
""= []
"accrdsub"=c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [2007-05-15 293168]
"PTHOSTTR"=c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2008-06-10 238896]
"CognizanceTS"=c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll [2008-06-02 24848]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-27 1040384]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-05-14 177456]
"Cpqset"=C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [2008-05-14 61440]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2008-04-04 1044480]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2008-03-24 884736]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-07-01 1948440]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-04-10 37888]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-20 177472]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"braviax"=C:\WINDOWS\system32\braviax.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Antivirus 2010]
C:\Program Files\HomeAntivirus2010\HomeAntivirus2010.exe /hide []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monopod]
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\b.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="APSHook.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ackpbsc]
c:\WINDOWS\system32\ackpbsc.dll [2007-05-15 112640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acunlock]
c:\Program Files\ActivIdentity\ActivClient\acunlock.dll [2007-05-15 281088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-06-02 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-01 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [2008-06-02 112400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableProfileQuota"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Graphisoft\ArchiCAD 12\ArchiCAD.exe"="C:\Program Files\Graphisoft\ArchiCAD 12\ArchiCAD.exe:*:Disabled:ArchiCAD 12.0.0 Component"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Graphisoft\ArchiCAD 10\ArchiCAD.exe"="C:\Program Files\Graphisoft\ArchiCAD 10\ArchiCAD.exe:*:Enabled:ArchiCAD 10.0.0 Component"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe"="C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe:*:Enabled:Camfrog Client Module"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f9de3e2-4fac-11de-bb19-00216a2ba902}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fec68bcd-36a3-11de-baf4-00216a2ba902}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-5-2-76-100017448-100022205-100013920-7411.com f:\
shell\Open\command - F:\RECYCLER\S-5-2-76-100017448-100022205-100013920-7411.com f:\


======File associations======

.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 3 months======

2009-07-29 15:30:38 ----D---- C:\rsit
2009-07-29 14:09:15 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-07-29 14:09:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-29 14:09:10 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-28 12:26:46 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-07-28 12:26:45 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-07-28 12:14:47 ----D---- C:\Program Files\Safari
2009-07-28 12:11:27 ----D---- C:\Program Files\iPod
2009-07-28 12:11:25 ----D---- C:\Program Files\iTunes
2009-07-24 09:22:06 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-07-24 09:19:22 ----D---- C:\79a584366ec5bcadf735
2009-07-24 09:12:23 ----HDC---- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-24 09:12:15 ----D---- C:\Program Files\Lavasoft
2009-07-24 09:12:15 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-07-24 09:06:45 ----A---- C:\WINDOWS\system32\irexa.com
2009-07-24 09:06:45 ----A---- C:\Program Files\Common Files\ozyx.dll
2009-07-24 09:06:45 ----A---- C:\Documents and Settings\All Users\Application Data\ixorari.dll
2009-07-24 09:06:45 ----A---- C:\Documents and Settings\Administrator\Application Data\jajad.exe
2009-07-24 09:06:44 ----A---- C:\WINDOWS\memajoc.com
2009-07-24 09:06:44 ----A---- C:\Documents and Settings\Administrator\Application Data\ypeqyjyb.bat
2009-07-23 20:16:28 ----D---- C:\Program Files\HomeAntivirus2010
2009-07-23 20:12:35 ----A---- C:\WINDOWS\system32\lysezybywe.com
2009-07-23 20:12:35 ----A---- C:\WINDOWS\maven.com
2009-07-23 20:12:35 ----A---- C:\Documents and Settings\All Users\Application Data\jido.vbs
2009-07-23 20:12:35 ----A---- C:\Documents and Settings\All Users\Application Data\imowotaj.com
2009-07-23 15:06:19 ----D---- C:\Program Files\Trend Micro
2009-07-23 13:22:00 ----D---- C:\WINDOWS\pss
2009-07-23 12:09:52 ----D---- C:\WINDOWS\Minidump
2009-07-22 14:32:04 ----A---- C:\WINDOWS\3DWarehouseClient.INI
2009-07-14 12:35:21 ----D---- C:\Program Files\Microsoft Silverlight
2009-07-10 22:43:08 ----D---- C:\Documents and Settings\Administrator\Application Data\dvdcss
2009-07-02 11:59:30 ----A---- C:\WINDOWS\system32\wdfcoinstaller01005.dll
2009-06-30 10:15:04 ----D---- C:\WINDOWS\Sun
2009-06-30 10:12:07 ----D---- C:\Program Files\WebEx
2009-06-30 09:51:27 ----A---- C:\WINDOWS\system32\AddPort.ini
2009-06-29 15:16:02 ----A---- C:\autorunsc.exe
2009-06-29 15:16:02 ----A---- C:\autoruns.exe
2009-06-21 01:43:35 ----D---- C:\Documents and Settings\Administrator\Application Data\Camfrog
2009-06-21 01:35:39 ----D---- C:\Program Files\Camfrog
2009-06-11 08:50:16 ----D---- C:\Program Files\Simpson
2009-06-11 06:42:06 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 06:41:58 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-06-11 06:41:51 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-10 21:44:53 ----A---- C:\WINDOWS\ModemLog_Motorola USB Modem.txt
2009-06-10 21:39:35 ----A---- C:\WINDOWS\ModemLog_Agere Systems HDA Modem #2.txt
2009-06-10 21:38:30 ----D---- C:\Program Files\Avanquest update
2009-06-10 21:36:49 ----D---- C:\Program Files\Common Files\Motorola Shared
2009-06-10 21:36:44 ----D---- C:\Program Files\Motorola Phone Tools
2009-06-10 21:36:44 ----D---- C:\Documents and Settings\All Users\Application Data\BVRP Software
2009-06-10 17:01:02 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-10 17:00:54 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-03 15:31:42 ----D---- C:\WINDOWS\system32\appmgmt
2009-06-02 21:47:13 ----D---- C:\Program Files\Graphisoft
2009-06-02 19:08:37 ----D---- C:\Program Files\CCleaner
2009-06-02 12:42:13 ----A---- C:\WINDOWS\system32\cdintf.dll
2009-06-02 12:29:50 ----A---- C:\WINDOWS\system32\WkExt32.dll
2009-06-02 12:29:50 ----A---- C:\WINDOWS\system32\WibuXpm4J32.dll
2009-06-02 12:29:50 ----A---- C:\WINDOWS\system32\wibuKJni.dll
2009-06-02 12:29:49 ----A---- C:\WINDOWS\system32\WkDos.exe
2009-06-02 12:29:48 ----A---- C:\WINDOWS\system32\WkWin32.dll
2009-06-02 12:29:43 ----D---- C:\Program Files\WIBU-SYSTEMS
2009-06-02 12:29:43 ----D---- C:\Program Files\WIBUKEY
2009-05-27 12:44:54 ----D---- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2009-05-27 12:44:01 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-05-27 12:43:58 ----D---- C:\Program Files\Yahoo!
2009-05-19 19:42:24 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2009-05-19 19:42:14 ----A---- C:\WINDOWS\system32\HPZipr12.dll
2009-05-19 19:42:14 ----A---- C:\WINDOWS\system32\HPZipm12.exe
2009-05-19 19:42:14 ----A---- C:\WINDOWS\system32\HPZinw12.exe
2009-05-19 19:42:14 ----A---- C:\WINDOWS\system32\HPZidr12.dll
2009-05-19 19:41:48 ----HD---- C:\Config.Msi
2009-05-19 19:41:30 ----A---- C:\WINDOWS\system32\HPZc3212.dll
2009-05-19 19:41:30 ----A---- C:\WINDOWS\system32\hpgwiamd.dll
2009-05-19 19:41:27 ----A---- C:\WINDOWS\system32\hpzcon12.dll
2009-05-19 19:41:27 ----A---- C:\WINDOWS\system32\hpzcoi12.dll
2009-05-19 19:41:19 ----D---- C:\Temp
2009-05-18 12:16:52 ----D---- C:\Program Files\GPLGS
2009-05-18 12:16:06 ----A---- C:\WINDOWS\system32\cpwmon2k.dll
2009-05-18 12:16:03 ----D---- C:\Program Files\Acro Software
2009-05-18 11:52:30 ----N---- C:\WINDOWS\system32\Msvcrt10.dll
2009-05-18 11:35:27 ----D---- C:\Program Files\7-Zip
2009-05-14 09:50:45 ----D---- C:\Documents and Settings\Administrator\Application Data\U3
2009-05-14 00:45:48 ----D---- C:\Documents and Settings\Administrator\Application Data\vlc
2009-05-14 00:45:05 ----D---- C:\Program Files\VideoLAN
2009-05-12 03:00:30 ----D---- C:\WINDOWS\system32\KB905474
2009-05-07 21:16:16 ----D---- C:\Program Files\Revit Architecture 2009
2009-05-06 23:32:18 ----D---- C:\Program Files\Xilisoft
2009-05-06 04:00:59 ----HD---- C:\$AVG8.VAULT$
2009-05-05 23:10:35 ----D---- C:\Documents and Settings\Administrator\Application Data\Graphisoft
2009-05-05 21:48:50 ----D---- C:\Program Files\Graphisoft 10
2009-05-05 21:48:13 ----A---- C:\WINDOWS\system32\javaws.exe
2009-05-05 21:48:13 ----A---- C:\WINDOWS\system32\javaw.exe
2009-05-05 21:48:13 ----A---- C:\WINDOWS\system32\java.exe
2009-05-05 21:47:55 ----D---- C:\Program Files\Java
2009-05-05 21:47:54 ----D---- C:\Program Files\Common Files\Java
2009-05-05 21:47:49 ----D---- C:\Documents and Settings\Administrator\Application Data\Sun
2009-05-05 17:08:49 ----D---- C:\Documents and Settings\Administrator\Application Data\Google
2009-05-05 17:08:34 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-05-04 17:30:55 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-05-04 17:30:23 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-05-04 17:30:10 ----D---- C:\Program Files\Common Files\Adobe
2009-05-04 17:30:10 ----D---- C:\Program Files\Adobe
2009-05-04 17:14:39 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-04 08:25:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-05-04 08:25:18 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-05-03 16:57:02 ----D---- C:\Program Files\Google
2009-05-03 15:37:02 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-05-03 15:37:02 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-05-03 15:37:02 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-05-03 15:37:02 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-05-03 15:37:02 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-05-03 15:37:02 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-05-03 15:37:02 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-05-03 15:37:02 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-05-03 15:37:01 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-05-03 15:37:01 ----N---- C:\WINDOWS\system32\px.dll
2009-05-03 15:37:00 ----D---- C:\Program Files\Winamp
2009-05-03 15:37:00 ----D---- C:\Documents and Settings\Administrator\Application Data\Winamp
2009-05-03 15:22:14 ----D---- C:\WINDOWS\Prefetch
2009-05-03 14:34:42 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-05-03 14:34:28 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
2009-05-03 14:34:15 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-05-03 14:34:02 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-05-03 14:33:49 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-05-03 14:33:37 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-05-03 14:33:23 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-05-03 14:33:10 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-05-03 14:32:58 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-05-03 14:32:45 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-05-03 14:32:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-05-03 14:32:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-05-03 14:32:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-05-03 14:31:48 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-05-03 14:31:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-05-03 14:31:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-05-03 14:31:05 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-05-03 14:30:50 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-05-03 14:30:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-05-03 14:30:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-05-03 14:30:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-05-03 14:29:57 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-05-03 14:29:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-05-03 14:29:32 ----HDC---- C:\WINDOWS\$NtUninstallKB949764$
2009-05-03 14:29:20 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-05-03 14:29:08 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-05-03 14:28:50 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-05-03 14:24:14 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-05-03 14:24:14 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-05-03 14:24:14 ----N---- C:\WINDOWS\system32\comsdupd.exe
2009-05-03 14:24:12 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-05-03 14:24:12 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-05-03 14:24:12 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-05-03 14:24:12 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-05-03 14:24:12 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-05-03 14:24:12 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-05-03 14:24:12 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-05-03 14:24:12 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-05-03 14:24:12 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-05-03 14:24:12 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-05-03 14:24:12 ----N---- C:\WINDOWS\system32\credssp.dll
2009-05-03 14:24:12 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-05-03 14:24:12 ----N---- C:\WINDOWS\system32\azroles.dll
2009-05-03 14:24:12 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-05-03 14:24:12 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-05-03 14:24:12 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-05-03 14:24:12 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-05-03 14:24:11 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-05-03 14:24:11 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-05-03 14:24:11 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-05-03 14:24:11 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-05-03 14:24:11 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-05-03 14:24:11 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-05-03 14:24:11 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-05-03 14:24:11 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-05-03 14:24:11 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-05-03 14:24:11 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-05-03 14:24:11 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-05-03 14:24:11 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-05-03 14:24:11 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-05-03 14:24:11 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-05-03 14:24:11 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-05-03 14:24:10 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-05-03 14:24:10 ----N---- C:\WINDOWS\system32\qutil.dll
2009-05-03 14:24:10 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-05-03 14:24:10 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-05-03 14:24:10 ----N---- C:\WINDOWS\system32\qagent.dll
2009-05-03 14:24:10 ----N---- C:\WINDOWS\system32\onex.dll
2009-05-03 14:24:10 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2009-05-03 14:24:10 ----N---- C:\WINDOWS\system32\napstat.exe
2009-05-03 14:24:10 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-05-03 14:24:10 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-05-03 14:24:10 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-05-03 14:24:10 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-05-03 14:24:10 ----N---- C:\WINDOWS\system32\mssha.dll
2009-05-03 14:24:10 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-05-03 14:24:10 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-05-03 14:24:10 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-05-03 14:24:10 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-05-03 14:24:10 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2009-05-03 14:24:09 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-05-03 14:24:09 ----N---- C:\WINDOWS\system32\verclsid.exe
2009-05-03 14:24:09 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-05-03 14:24:09 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-05-03 14:24:09 ----N---- C:\WINDOWS\system32\slserv.exe
2009-05-03 14:24:09 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-05-03 14:24:09 ----N---- C:\WINDOWS\system32\slgen.dll
2009-05-03 14:24:09 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-05-03 14:24:09 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-05-03 14:24:09 ----N---- C:\WINDOWS\system32\setupn.exe
2009-05-03 14:24:09 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-05-03 14:24:09 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-05-03 14:24:08 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-05-03 14:24:08 ----N---- C:\WINDOWS\slrundll.exe
2009-05-03 14:24:08 ----D---- C:\WINDOWS\system32\scripting
2009-05-03 14:24:07 ----D---- C:\WINDOWS\system32\en
2009-05-03 14:24:07 ----D---- C:\WINDOWS\system32\bits
2009-05-03 14:24:07 ----D---- C:\WINDOWS\l2schemas
2009-05-03 14:22:04 ----D---- C:\WINDOWS\ServicePackFiles
2009-05-03 14:21:06 ----D---- C:\WINDOWS\network diagnostic
2009-05-03 14:20:28 ----A---- C:\WINDOWS\003107_.tmp
2009-05-03 14:19:30 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-05-03 13:33:26 ----D---- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2009-05-03 13:33:23 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-05-03 13:33:14 ----D---- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-03 13:33:06 ----D---- C:\Program Files\Bonjour
2009-05-03 13:32:50 ----D---- C:\Program Files\QuickTime
2009-05-03 13:32:49 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-05-03 13:32:42 ----D---- C:\Program Files\Apple Software Update
2009-05-03 13:32:39 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-05-03 13:32:12 ----D---- C:\Program Files\Common Files\Apple
2009-05-03 13:32:11 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-05-03 13:12:20 ----D---- C:\Program Files\AutoCAD 2009
2009-05-03 13:12:20 ----D---- C:\Documents and Settings\All Users\Application Data\Autodesk
2009-05-03 13:11:52 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-05-03 13:11:48 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-05-03 13:11:17 ----D---- C:\Program Files\MSBuild
2009-05-03 13:09:26 ----D---- C:\WINDOWS\system32\XPSViewer
2009-05-03 13:09:24 ----D---- C:\WINDOWS\system32\en-us
2009-05-03 13:09:01 ----D---- C:\Program Files\Reference Assemblies
2009-05-03 13:08:47 ----N---- C:\WINDOWS\system32\spmsg2.dll
2009-05-03 13:08:32 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2009-05-03 13:07:55 ----D---- C:\Program Files\Common Files\Autodesk Shared
2009-05-03 13:07:55 ----D---- C:\Program Files\Autodesk
2009-05-03 13:07:55 ----D---- C:\Documents and Settings\Administrator\Application Data\Autodesk
2009-05-03 12:51:18 ----D---- C:\Program Files\PowerISO
2009-05-02 22:46:44 ----D---- C:\Program Files\uTorrent
2009-05-02 22:46:31 ----D---- C:\Documents and Settings\Administrator\Application Data\uTorrent
2009-05-01 19:06:05 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-05-01 01:57:41 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-05-01 01:55:45 ----D---- C:\ProgramData
2009-05-01 01:55:44 ----D---- C:\Users
2009-05-01 01:54:24 ----D---- C:\Program Files\ATI Technologies
2009-05-01 01:53:20 ----A---- C:\WINDOWS\system32\RAPI.DLL
2009-05-01 01:53:20 ----A---- C:\WINDOWS\system32\MSVCRTD.DLL
2009-05-01 01:53:20 ----A---- C:\WINDOWS\system32\MFC42D.DLL
2009-05-01 01:53:20 ----A---- C:\WINDOWS\system32\CEUTIL.DLL
2009-05-01 01:52:48 ----D---- C:\Program Files\NewSoft
2009-05-01 01:52:06 ----D---- C:\Program Files\HP Webcam Application
2009-05-01 01:51:45 ----D---- C:\Program Files\Common Files\SNP2UVC
2009-05-01 01:51:45 ----A---- C:\WINDOWS\system32\rsnp2uvc.dll
2009-05-01 01:51:00 ----D---- C:\WINDOWS\Hewlett-Packard
2009-05-01 01:50:33 ----N---- C:\WINDOWS\system32\wdmioctl.dll
2009-05-01 01:50:33 ----N---- C:\WINDOWS\system32\SMMedia.dll
2009-05-01 01:50:32 ----A---- C:\WINDOWS\system32\DSndUp.exe
2009-05-01 01:50:00 ----D---- C:\Program Files\WIDCOMM
2009-05-01 01:47:15 ----D---- C:\Program Files\Program Shortcuts
2009-05-01 01:42:39 ----A---- C:\WINDOWS\system32\uniime.dll
2009-05-01 01:42:38 ----A---- C:\WINDOWS\system32\imjp81k.dll
2009-05-01 01:42:37 ----A---- C:\WINDOWS\system32\Thawbrkr.dll
2009-05-01 01:42:37 ----A---- C:\WINDOWS\system32\kbdusa.dll
2009-05-01 01:42:37 ----A---- C:\WINDOWS\system32\c_iscii.dll
2009-05-01 01:42:36 ----A---- C:\WINDOWS\system32\ftlx041e.dll
2009-05-01 01:42:36 ----A---- C:\WINDOWS\system32\chtbrkr.dll
2009-05-01 01:42:36 ----A---- C:\WINDOWS\system32\chsbrkr.dll
2009-05-01 01:42:35 ----A---- C:\WINDOWS\system32\msir3jp.dll
2009-05-01 01:42:35 ----A---- C:\WINDOWS\system32\korwbrkr.dll
2009-05-01 01:42:32 ----A---- C:\WINDOWS\system32\c_g18030.dll
2009-05-01 01:42:31 ----A---- C:\WINDOWS\system32\kbd101a.dll
2009-05-01 01:42:29 ----A---- C:\WINDOWS\system32\kbdnecNT.dll
2009-05-01 01:42:29 ----A---- C:\WINDOWS\system32\kbdnecAT.dll
2009-05-01 01:42:29 ----A---- C:\WINDOWS\system32\kbdnec95.dll
2009-05-01 01:42:29 ----A---- C:\WINDOWS\system32\kbdlk41j.dll
2009-05-01 01:42:29 ----A---- C:\WINDOWS\system32\kbdlk41a.dll
2009-05-01 01:42:29 ----A---- C:\WINDOWS\system32\kbdibm02.dll
2009-05-01 01:42:29 ----A---- C:\WINDOWS\system32\kbdax2.dll
2009-05-01 01:42:29 ----A---- C:\WINDOWS\system32\kbd106n.dll
2009-05-01 01:42:29 ----A---- C:\WINDOWS\system32\kbd101.dll
2009-05-01 01:42:29 ----A---- C:\WINDOWS\system32\f3ahvoas.dll
2009-05-01 01:42:23 ----A---- C:\WINDOWS\system32\kbdkor.dll
2009-05-01 01:42:23 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2009-05-01 01:42:23 ----A---- C:\WINDOWS\system32\kbd106.dll
2009-05-01 01:42:23 ----A---- C:\WINDOWS\system32\kbd103.dll
2009-05-01 01:42:23 ----A---- C:\WINDOWS\system32\kbd101c.dll
2009-05-01 01:42:23 ----A---- C:\WINDOWS\system32\c_is2022.dll
2009-05-01 01:42:21 ----A---- C:\WINDOWS\system32\kbd101b.dll
2009-05-01 01:41:57 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-04-30 21:38:13 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-04-30 21:19:13 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2009-04-30 21:19:13 ----D---- C:\Documents and Settings\Administrator\Application Data\ATI
2009-04-30 20:00:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2009-04-30 20:00:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2009-04-30 20:00:18 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2009-04-30 20:00:13 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2009-04-30 20:00:05 ----HDC---- C:\WINDOWS\$NtUninstallKB961373_0$
2009-04-30 19:59:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2009-04-30 19:59:51 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-04-30 19:59:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2009-04-30 19:59:25 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-04-30 19:59:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2009-04-30 19:58:53 ----D---- C:\Program Files\MSXML 6.0
2009-04-30 19:58:44 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2_0$
2009-04-30 19:58:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-04-30 19:58:26 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2009-04-30 19:57:37 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-04-30 19:57:21 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2009-04-30 19:57:16 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2009-04-30 19:57:11 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-04-30 19:57:06 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-04-30 19:57:00 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2009-04-30 19:56:49 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2009-04-30 19:56:45 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-04-30 19:56:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-04-30 19:56:25 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-04-30 19:56:09 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2009-04-30 19:56:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958690_0$
2009-04-30 19:55:57 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-04-30 19:55:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2009-04-30 19:55:43 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2009-04-30 19:55:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2009-04-30 19:55:34 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2009-04-30 19:55:28 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2009-04-30 19:55:23 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2009-04-30 19:55:02 ----HDC---- C:\WINDOWS\$NtUninstallKB963027_0$
2009-04-30 19:54:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-04-30 19:54:40 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-04-30 19:54:19 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-04-30 19:54:13 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2009-04-30 19:37:50 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-04-30 19:37:42 ----D---- C:\Program Files\AVG
2009-04-30 19:37:42 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-04-30 19:17:16 ----D---- C:\Documents and Settings\Administrator\Application Data\Mozilla
2009-04-30 19:17:12 ----D---- C:\Program Files\Mozilla Firefox
2009-04-30 19:10:53 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-30 19:06:44 ----D---- C:\Documents and Settings\Administrator\Application Data\Macromedia
2009-04-30 19:06:28 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe
2009-04-30 19:06:05 ----D---- C:\WINDOWS\system32\PreInstall

======List of files/folders modified in the last 3 months======

2009-07-29 15:28:32 ----D---- C:\WINDOWS\Temp
2009-07-29 15:27:37 ----D---- C:\WINDOWS\system32\drivers
2009-07-29 15:27:37 ----D---- C:\WINDOWS\system32
2009-07-29 15:26:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-29 15:25:33 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-07-29 15:25:22 ----SD---- C:\WINDOWS\Tasks
2009-07-29 15:25:22 ----D---- C:\WINDOWS
2009-07-29 14:09:10 ----RD---- C:\Program Files
2009-07-29 13:53:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-29 13:52:02 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-28 21:58:06 ----D---- C:\WINDOWS\system32\wbem
2009-07-28 12:28:11 ----SHD---- C:\WINDOWS\Installer
2009-07-28 12:26:38 ----HD---- C:\WINDOWS\inf
2009-07-28 12:09:21 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-26 09:41:13 ----RASH---- C:\boot.ini
2009-07-26 09:41:13 ----A---- C:\WINDOWS\win.ini
2009-07-26 09:41:13 ----A---- C:\WINDOWS\system.ini
2009-07-24 09:12:11 ----D---- C:\WINDOWS\WinSxS
2009-07-24 09:06:45 ----D---- C:\Program Files\Common Files
2009-07-15 09:49:13 ----D---- C:\WINDOWS\Debug
2009-06-19 21:11:12 ----D---- C:\Program Files\NetMeeting
2009-06-11 12:00:38 ----D---- C:\WINDOWS\twain_32
2009-06-11 12:00:07 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-11 11:40:34 ----RSD---- C:\WINDOWS\Fonts
2009-06-11 06:41:49 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-10 21:38:30 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-10 21:37:10 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-06-10 16:37:02 ----D---- C:\WINDOWS\Help
2009-05-19 19:42:14 ----D---- C:\Program Files\HP
2009-05-12 23:01:37 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2009-05-07 08:32:35 ----A---- C:\WINDOWS\system32\localspl.dll
2009-05-05 14:24:04 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-05-05 01:01:20 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-05-03 15:21:43 ----D---- C:\WINDOWS\system32\Setup
2009-05-03 15:21:43 ----D---- C:\WINDOWS\AppPatch
2009-05-03 14:34:41 ----D---- C:\WINDOWS\security
2009-05-03 14:29:28 ----D---- C:\Program Files\Messenger
2009-05-03 14:24:13 ----D---- C:\WINDOWS\system32\inetsrv
2009-05-03 14:24:13 ----D---- C:\WINDOWS\ime
2009-05-03 14:24:08 ----D---- C:\WINDOWS\system32\usmt
2009-05-03 14:24:07 ----D---- C:\WINDOWS\PeerNet
2009-05-03 14:24:07 ----D---- C:\Program Files\Movie Maker
2009-05-03 14:24:07 ----D---- C:\Program Files\Internet Explorer
2009-05-03 14:21:59 ----D---- C:\WINDOWS\system32\Restore
2009-05-03 14:21:59 ----D---- C:\WINDOWS\system32\npp
2009-05-03 14:21:58 ----D---- C:\WINDOWS\mui
2009-05-03 14:21:58 ----D---- C:\WINDOWS\msagent
2009-05-03 14:21:57 ----D---- C:\WINDOWS\srchasst
2009-05-03 14:21:54 ----D---- C:\WINDOWS\system32\Com
2009-05-03 14:21:53 ----D---- C:\Program Files\Windows Media Player
2009-05-03 14:21:52 ----D---- C:\Program Files\Windows NT
2009-05-03 14:21:52 ----D---- C:\Program Files\Outlook Express
2009-05-03 14:21:51 ----D---- C:\Program Files\Common Files\System
2009-05-03 14:21:46 ----D---- C:\WINDOWS\system32\oobe
2009-05-03 14:21:45 ----D---- C:\WINDOWS\system
2009-05-03 14:20:26 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-05-03 14:19:29 ----D---- C:\WINDOWS\ehome
2009-05-03 13:16:07 ----RSD---- C:\WINDOWS\assembly
2009-05-03 13:16:07 ----D---- C:\WINDOWS\Microsoft.NET
2009-05-03 13:12:00 ----D---- C:\WINDOWS\system32\DirectX
2009-05-03 13:11:43 ----D---- C:\Program Files\Common Files\DESIGNER
2009-05-03 13:11:40 ----D---- C:\Program Files\Microsoft Office
2009-05-03 13:08:52 ----D---- C:\WINDOWS\system32\spool
2009-05-01 01:57:44 ----D---- C:\WINDOWS\SoftwareDistribution
2009-05-01 01:55:54 ----D---- C:\WINDOWS\system32\config
2009-05-01 01:55:54 ----D---- C:\SwSetup
2009-05-01 01:55:54 ----AHD---- C:\System.sav
2009-05-01 01:55:45 ----RD---- C:\Program Files\Online Services
2009-05-01 01:53:37 ----D---- C:\Program Files\Hewlett-Packard
2009-05-01 01:50:32 ----D---- C:\Program Files\Analog Devices
2009-05-01 01:45:24 ----D---- C:\WINDOWS\Registration
2009-04-30 19:44:25 ----SHD---- C:\System Volume Information
2009-04-30 19:12:46 ----SHD---- C:\RECYCLER
2009-04-30 19:06:28 ----D---- C:\Documents and Settings\Administrator\Application Data\hpqLog

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-01 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-01 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-02 108552]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 RsvLock;RsvLock; C:\WINDOWS\system32\drivers\RsvLock.sys [2008-06-05 12496]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-03-13 46652]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2008-05-07 46080]
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\WibuKey.sys [2008-06-26 72704]
R3 Accelerometer;HP Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2008-04-22 33456]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2008-04-11 338944]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-02-29 1202560]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-06-02 2881536]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver; C:\WINDOWS\System32\Drivers\ATSwpWDF.sys [2008-05-15 475520]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-05-14 879624]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-05-14 74688]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 e1yexpress;Intel® Gigabit Network Connections Driver; C:\WINDOWS\system32\DRIVERS\e1y5132.sys [2008-03-27 244368]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2008-04-28 9344]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-04-04 41216]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 NETw5x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit ; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-04-27 3626112]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 rismc32;RICOH Smart Card Reader; C:\WINDOWS\system32\DRIVERS\rismc32.sys [2006-12-19 47616]
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2008-04-10 1804160]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-03-27 224672]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-07-28 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-07-28 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-07-28 21744]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2006-12-13 20992]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wibukey2;Wibukey2; C:\WINDOWS\system32\drivers\wibukey2.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 accoca;ActivClient Middleware Service; c:\Program Files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2007-12-11 12800]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 ASBroker;Logon Session Broker; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 ASChannel;Local Communication Channel; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-06-02 540672]
R2 ATService;AuthenTec Fingerprint Service; c:\Program Files\Fingerprint Sensor\AtService.exe [2008-05-15 1176824]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-01 298776]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-05-12 264800]
R2 HP ProtectTools Service;HP ProtectTools Service; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2008-06-10 18944]
R2 HpFkCryptService;Drive Encryption Service; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-06-05 256512]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-06-20 354840]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-03 1029456]
R2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2008-04-14 4608]
R2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2008-04-14 117248]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [2008-04-16 165192]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-05-03 85096]
S3 Autodesk Network Licensing Service;Autodesk Network Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe [2006-08-11 902760]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

#5 slashjive

slashjive
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 30 July 2009 - 11:54 AM

INFO LOG

info.txt logfile of random's system information tool 1.06 2009-07-29 15:30:53

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office system-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
ActivClient 6.1 x86-->MsiExec.exe /I{AC194855-F7AC-4D04-B4C9-07BA46FCB697}
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Agere Systems HDA Modem-->agrsmdel
AOL Toolbar 5.0-->"C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe"
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArchiCAD 10 R1 USA-->C:\Program Files\Graphisoft\ArchiCAD 10\Uninstall.AC\uninstaller.exe
ArchiCAD 12 INT-->C:\Program Files\Graphisoft\ArchiCAD 12\Uninstall.AC\uninstaller.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AuthenTec Fingerprint System-->MsiExec.exe /I{FECEF9D2-9D3D-449B-9EA4-CFA775C99461}
AutoCAD 2009 - English-->C:\Program Files\AutoCAD 2009\Setup\Setup.exe /P {5783F2D7-7001-0409-0002-0060B0CE6BBA} /M ACAD
Autodesk Design Review 2009-->C:\Program Files\Autodesk\Autodesk Design Review\Setup\Setup.exe /P {450063AA-643B-417C-8CF5-405BA3F4EF40} /M ADR
Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\setup.exe -runfromtemp -l0x0009 -removeonly
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Catalyst Control Center - Branding-->MsiExec.exe /I{F2C19209-8474-4BCB-89EC-AA0150C2B036}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Credential Manager for HP ProtectTools-->rundll32.exe "c:\Program Files\Hewlett-Packard\IAM\Bin\SetupHelper.dll",ExecMain /Uninstall {583C712B-884A-424A-9DAC-F169C73FB275}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe
Drive Encryption for HP ProtectTools-->MsiExec.exe /I{FB05CD66-D5EC-4B2A-8C6C-D434133323F4}
Google Earth Connections AC12 INT-->C:\Program Files\Graphisoft\ArchiCAD 12\Uninstall.GE\uninstaller.exe
Google SketchUp 7-->MsiExec.exe /I{E5D52570-5EF1-4576-A434-6CCD92268F0F}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB949764)-->"C:\WINDOWS\$NtUninstallKB949764$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP 3D DriveGuard-->MsiExec.exe /X{17BD96DB-3876-463B-9A6F-06B407168258}
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Image Zone 4.2-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
HP JavaCard for HP ProtectTools-->MsiExec.exe /I{48DC0314-8310-4D35-B52D-878B5255F26A}
HP ProtectTools Security Manager Suite-->C:\WINDOWS\Installer\HPPTSuiteInstallEngine.exe /uninstall=C:\WINDOWS\Installer\58285100.msi
HP ProtectTools Security Manager-->MsiExec.exe /I{C43F0316-CAA1-45C3-AAA7-B2E52D7AE8CA}
HP PSC & OfficeJet 4.2-->"C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Quick Launch Buttons 6.40 E1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 -removeonly uninst
HP QuickLook 2-->"C:\Program Files\Hewlett-Packard\HP QuickLook 2\unins000.exe"
HP Software Setup 5.00.A.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70CEFEBA-F757-4DBE-8A21-027C326137CE}\SETUP.EXE" -l0x9
HP User Guide Bluetooth Addendum 0062-->MsiExec.exe /I{7FD8231E-3991-48D7-A2C8-2C42A7075FB1}
HP User Guides 0098-->MsiExec.exe /I{7A1F9988-F56D-4D70-B759-3189B56EB1B2}
HP Wallpaper-->MsiExec.exe /I{F173C2B3-296F-458C-98FF-1676A42EBA02}
HP Webcam Application-->C:\Program Files\InstallShield Installation Information\{154E4F71-DFC0-4B31-8D99-F97615031B02}\setup.exe -runfromtemp -l0x0009 -removeonly
HP Webcam-->C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0009 -removeonly
HP Wireless Assistant-->MsiExec.exe /I{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}
Intel® Matrix Storage Manager-->C:\WINDOWS\system32\imsmudlg.exe -uninstall
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MobileMe Control Panel-->MsiExec.exe /I{CADBCBBA-6CDD-4119-B5ED-4AE075B153E7}
Motorola Driver Installation-->MsiExec.exe /I{8F4507EF-C5F3-46CE-9718-9D3698821333}
Motorola Phone Tools-->C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe -runfromtemp -l0x0009 -removeonly
Mozilla Firefox (3.0.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
Presto! BizCard 5-->"C:\Program Files\InstallShield Installation Information\{272253C3-D9DD-4C0C-A586-7E7ABC7E9AA2}\setup.exe" -runfromtemp -l0x0009 -uninst -removeonly
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Revit Architecture 2009-->MsiExec.exe /X{A3A37DA6-70C0-497C-BCB1-148E9EC1D32E}
Safari-->MsiExec.exe /I{2D6ED011-055B-4041-B198-BB903827EBFB}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Simpson AutoCAD Menu-->c:\Program Files\Simpson\Uninstal.exe
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Office 2007 (KB934528)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80}
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WebEx Support Manager for Internet Explorer-->MsiExec.exe /I{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}
WIBU-KEY Setup (WIBU-KEY Remove)-->C:\Program Files\WIBUKEY\Setup\Setup32.exe /R:{00060000-0000-1004-8002-0000C06B5161}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Xilisoft iPod Rip-->C:\Program Files\Xilisoft\iPod Rip\Uninstall.exe

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: YOUR-A9279112E3
Event Code: 1002
Message: The IP address lease 10.0.1.197 for the Network Card with network address 00216A2BA902 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 6785
Source Name: Dhcp
Time Written: 20090625135216.000000-420
Event Type: error
User:

Computer Name: YOUR-A9279112E3
Event Code: 1002
Message: The IP address lease 192.168.1.2 for the Network Card with network address 00216A2BA902 has been
denied by the DHCP server 10.0.1.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 6740
Source Name: Dhcp
Time Written: 20090625085608.000000-420
Event Type: error
User:

Computer Name: YOUR-A9279112E3
Event Code: 1002
Message: The IP address lease 10.0.1.197 for the Network Card with network address 00216A2BA902 has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Record Number: 6729
Source Name: Dhcp
Time Written: 20090624183354.000000-420
Event Type: error
User:

Computer Name: YOUR-A9279112E3
Event Code: 7011
Message: Timeout (30000 milliseconds) waiting for a transaction response from the avg8wd service.

Record Number: 6724
Source Name: Service Control Manager
Time Written: 20090624165809.000000-420
Event Type: error
User:

Computer Name: YOUR-A9279112E3
Event Code: 7011
Message: Timeout (30000 milliseconds) waiting for a transaction response from the avg8wd service.

Record Number: 6723
Source Name: Service Control Manager
Time Written: 20090624165809.000000-420
Event Type: error
User:

=====Application event log=====

Computer Name: YOUR-A9279112E3
Event Code: 1002
Message: Hanging application ArchiCAD.exe, version 12.0.0.2156, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 13160
Source Name: Application Hang
Time Written: 20090715093947.000000-420
Event Type: error
User:

Computer Name: YOUR-A9279112E3
Event Code: 1002
Message: Hanging application ArchiCAD.exe, version 12.0.0.2156, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 13159
Source Name: Application Hang
Time Written: 20090715092933.000000-420
Event Type: error
User:

Computer Name: YOUR-A9279112E3
Event Code: 1002
Message: Hanging application ArchiCAD.exe, version 12.0.0.2156, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 13158
Source Name: Application Hang
Time Written: 20090715091837.000000-420
Event Type: error
User:

Computer Name: YOUR-A9279112E3
Event Code: 1002
Message: Hanging application ArchiCAD.exe, version 12.0.0.2156, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 13136
Source Name: Application Hang
Time Written: 20090714165214.000000-420
Event Type: error
User:

Computer Name: YOUR-A9279112E3
Event Code: 1000
Message: Faulting application explorer.exe, version 6.0.2900.5512, faulting module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Record Number: 12717
Source Name: Application Error
Time Written: 20090710190546.000000-420
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Program Files\ActivIdentity\ActivClient\;c:\Program Files\Hewlett-Packard\IAM\bin;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"OnlineServices"=Online Services
"Platform"=BNB
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------


GAMER

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-30 09:23:22
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF750787E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7507BFE]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\SafeBoot.sys The process cannot access the file because it is being used by another process.

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 8B16A400

---- Threads - GMER 1.0.15 ----

Thread System [4:880] AD7AFE52

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths@Directory C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1@CachePath C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2@CachePath C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3@CachePath C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache3
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4@CachePath C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache4

---- EOF - GMER 1.0.15 ----

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 30 July 2009 - 04:08 PM

IMPORTANT!! Please disable these programs (if present) before proceed with our fixes.. . Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

1. SpySweeper
2. Spyware Doctor
3. Windows Defender
4. Trojan Hunter
5. WinPatrol
6. Spybot S&D
7. Lavasoft Ad-Aware
8. Zone Alarm
9. AVG8



Please download The Comedian.exe by Rorschach112 to your desktop
  • Please disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..
  • Double click the program to run it. It will only take around several minutes to run.
  • It will do a series of tasks and tell you when each one is finished.
  • You will be prompted to press any key after each step
  • When it is done it will close and exit itself automatically.
  • You can delete The_Comedian.exe once it is finished
STOP! if you can't complete this step.. Tell me more about it..




NEXT


Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.




NEXT


Please download the OTM by OldTimer
  • Save it to your Desktop.
  • Please double-click OTM to run it. (Vista users, please right click on OTM and select "Run as an Administrator")
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :services
    
    :files
    C:\WINDOWS\system32\braviax.exe
    C:\WINDOWS\system32\irexa.com
    C:\Program Files\Common Files\ozyx.dll
    C:\Documents and Settings\All Users\Application Data\ixorari.dll
    C:\Documents and Settings\Administrator\Application Data\jajad.exe
    C:\WINDOWS\memajoc.com
    C:\Documents and Settings\Administrator\Application Data\ypeqyjyb.bat
    C:\Program Files\HomeAntivirus2010
    C:\WINDOWS\system32\lysezybywe.com
    C:\WINDOWS\maven.com
    C:\Documents and Settings\All Users\Application Data\jido.vbs
    C:\Documents and Settings\All Users\Application Data\imowotaj.com
    C:\autorunsc.exe
    C:\autoruns.exe
    
    :reg
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fec68bcd-36a3-11de-baf4-00216a2ba902}]
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTM
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT again... Post these logs in your next reply..

1. OTM
2. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 slashjive

slashjive
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 04 August 2009 - 03:08 PM

OTM


All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== FILES ==========
File/Folder C:\WINDOWS\system32\braviax.exe not found.
C:\WINDOWS\system32\irexa.com moved successfully.
LoadLibrary failed for C:\Program Files\Common Files\ozyx.dll
C:\Program Files\Common Files\ozyx.dll NOT unregistered.
C:\Program Files\Common Files\ozyx.dll moved successfully.
LoadLibrary failed for C:\Documents and Settings\All Users\Application Data\ixorari.dll
C:\Documents and Settings\All Users\Application Data\ixorari.dll NOT unregistered.
C:\Documents and Settings\All Users\Application Data\ixorari.dll moved successfully.
C:\Documents and Settings\Administrator\Application Data\jajad.exe moved successfully.
C:\WINDOWS\memajoc.com moved successfully.
C:\Documents and Settings\Administrator\Application Data\ypeqyjyb.bat moved successfully.
C:\Program Files\HomeAntivirus2010\Microsoft.VC80.CRT moved successfully.
C:\Program Files\HomeAntivirus2010\data moved successfully.
C:\Program Files\HomeAntivirus2010 moved successfully.
C:\WINDOWS\system32\lysezybywe.com moved successfully.
C:\WINDOWS\maven.com moved successfully.
C:\Documents and Settings\All Users\Application Data\jido.vbs moved successfully.
C:\Documents and Settings\All Users\Application Data\imowotaj.com moved successfully.
C:\autorunsc.exe moved successfully.
C:\autoruns.exe moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fec68bcd-36a3-11de-baf4-00216a2ba902}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fec68bcd-36a3-11de-baf4-00216a2ba902}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 314098676 bytes
->Temporary Internet Files folder emptied: 185942091 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 71543924 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
Windows Temp folder emptied: 2969 bytes
RecycleBin emptied: 4418264 bytes

Total Files Cleaned = 549.44 mb


OTM by OldTimer - Version 3.0.0.5 log created on 08042009_125450

Files moved on Reboot...

Registry entries deleted on Reboot...



RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-08-04 13:03:23
Microsoft Windows XP Professional Service Pack 3
System drive C: has 88 GB (58%) free of 152 GB
Total RAM: 2042 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:03:27 PM, on 8/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Fingerprint Sensor\AtService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\AccelerometerSt.Exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...all&pf=cmnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...all&pf=cmnb
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...all&pf=cmnb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.Exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: ackpbsc - c:\WINDOWS\system32\ackpbsc.dll
O20 - Winlogon Notify: acunlock - c:\Program Files\ActivIdentity\ActivClient\acunlock.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: OneCard - c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - c:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10377 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\WGASetup.job
C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-02-03 1185120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"AccelerometerSysTrayApplet"=C:\WINDOWS\system32\AccelerometerSt.Exe [2008-05-08 77616]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-06-20 178712]
""= []
"accrdsub"=c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [2007-05-15 293168]
"PTHOSTTR"=c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2008-06-10 238896]
"CognizanceTS"=c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll [2008-06-02 24848]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-27 1040384]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-05-14 177456]
"Cpqset"=C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [2008-05-14 61440]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2008-04-04 1044480]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2008-03-24 884736]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-07-01 1948440]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-04-10 37888]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-20 177472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Antivirus 2010]
C:\Program Files\HomeAntivirus2010\HomeAntivirus2010.exe /hide []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monopod]
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\b.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="APSHook.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ackpbsc]
c:\WINDOWS\system32\ackpbsc.dll [2007-05-15 112640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acunlock]
c:\Program Files\ActivIdentity\ActivClient\acunlock.dll [2007-05-15 281088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-06-02 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-01 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [2008-06-02 112400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableProfileQuota"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Graphisoft\ArchiCAD 12\ArchiCAD.exe"="C:\Program Files\Graphisoft\ArchiCAD 12\ArchiCAD.exe:*:Disabled:ArchiCAD 12.0.0 Component"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Graphisoft\ArchiCAD 10\ArchiCAD.exe"="C:\Program Files\Graphisoft\ArchiCAD 10\ArchiCAD.exe:*:Enabled:ArchiCAD 10.0.0 Component"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe"="C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe:*:Enabled:Camfrog Client Module"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6f9de3e2-4fac-11de-bb19-00216a2ba902}]
shell\AutoRun\command - F:\LaunchU3.exe -a


======File associations======

.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 3 months======

2009-08-04 12:54:50 ----D---- C:\_OTM
2009-07-30 16:02:32 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-29 16:30:44 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-07-29 15:30:38 ----D---- C:\rsit
2009-07-29 14:09:15 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-07-29 14:09:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-29 14:09:10 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-28 12:26:46 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-07-28 12:26:45 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-07-28 12:14:47 ----D---- C:\Program Files\Safari
2009-07-28 12:11:27 ----D---- C:\Program Files\iPod
2009-07-28 12:11:25 ----D---- C:\Program Files\iTunes
2009-07-24 09:22:06 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-07-24 09:19:22 ----D---- C:\79a584366ec5bcadf735
2009-07-24 09:12:23 ----HDC---- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-24 09:12:15 ----D---- C:\Program Files\Lavasoft
2009-07-24 09:12:15 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-07-23 15:06:19 ----D---- C:\Program Files\Trend Micro
2009-07-23 13:22:00 ----D---- C:\WINDOWS\pss
2009-07-23 12:09:52 ----D---- C:\WINDOWS\Minidump
2009-07-22 14:32:04 ----A---- C:\WINDOWS\3DWarehouseClient.INI
2009-07-14 12:35:21 ----D---- C:\Program Files\Microsoft Silverlight
2009-07-10 22:43:08 ----D---- C:\Documents and Settings\Administrator\Application Data\dvdcss
2009-07-02 11:59:30 ----A---- C:\WINDOWS\system32\wdfcoinstaller01005.dll
2009-06-30 10:15:04 ----D---- C:\WINDOWS\Sun
2009-06-30 10:12:07 ----D---- C:\Program Files\WebEx
2009-06-30 09:51:27 ----A---- C:\WINDOWS\system32\AddPort.ini
2009-06-21 01:43:35 ----D---- C:\Documents and Settings\Administrator\Application Data\Camfrog
2009-06-21 01:35:39 ----D---- C:\Program Files\Camfrog
2009-06-11 08:50:16 ----D---- C:\Program Files\Simpson
2009-06-11 06:42:06 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 06:41:58 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-06-11 06:41:51 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-10 21:44:53 ----A---- C:\WINDOWS\ModemLog_Motorola USB Modem.txt
2009-06-10 21:39:35 ----A---- C:\WINDOWS\ModemLog_Agere Systems HDA Modem #2.txt
2009-06-10 21:38:30 ----D---- C:\Program Files\Avanquest update
2009-06-10 21:36:49 ----D---- C:\Program Files\Common Files\Motorola Shared
2009-06-10 21:36:44 ----D---- C:\Program Files\Motorola Phone Tools
2009-06-10 21:36:44 ----D---- C:\Documents and Settings\All Users\Application Data\BVRP Software
2009-06-10 17:01:02 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-10 17:00:54 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-03 15:31:42 ----D---- C:\WINDOWS\system32\appmgmt
2009-06-02 21:47:13 ----D---- C:\Program Files\Graphisoft
2009-06-02 19:08:37 ----D---- C:\Program Files\CCleaner
2009-06-02 12:42:13 ----A---- C:\WINDOWS\system32\cdintf.dll
2009-06-02 12:29:50 ----A---- C:\WINDOWS\system32\WkExt32.dll
2009-06-02 12:29:50 ----A---- C:\WINDOWS\system32\WibuXpm4J32.dll
2009-06-02 12:29:50 ----A---- C:\WINDOWS\system32\wibuKJni.dll
2009-06-02 12:29:49 ----A---- C:\WINDOWS\system32\WkDos.exe
2009-06-02 12:29:48 ----A---- C:\WINDOWS\system32\WkWin32.dll
2009-06-02 12:29:43 ----D---- C:\Program Files\WIBU-SYSTEMS
2009-06-02 12:29:43 ----D---- C:\Program Files\WIBUKEY
2009-05-27 12:44:54 ----D---- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2009-05-27 12:44:01 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-05-27 12:43:58 ----D---- C:\Program Files\Yahoo!
2009-05-19 19:42:24 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2009-05-19 19:42:14 ----A---- C:\WINDOWS\system32\HPZipr12.dll
2009-05-19 19:42:14 ----A---- C:\WINDOWS\system32\HPZipm12.exe
2009-05-19 19:42:14 ----A---- C:\WINDOWS\system32\HPZinw12.exe
2009-05-19 19:42:14 ----A---- C:\WINDOWS\system32\HPZidr12.dll
2009-05-19 19:41:48 ----HD---- C:\Config.Msi
2009-05-19 19:41:30 ----A---- C:\WINDOWS\system32\HPZc3212.dll
2009-05-19 19:41:30 ----A---- C:\WINDOWS\system32\hpgwiamd.dll
2009-05-19 19:41:27 ----A---- C:\WINDOWS\system32\hpzcon12.dll
2009-05-19 19:41:27 ----A---- C:\WINDOWS\system32\hpzcoi12.dll
2009-05-19 19:41:19 ----D---- C:\Temp
2009-05-18 12:16:52 ----D---- C:\Program Files\GPLGS
2009-05-18 12:16:06 ----A---- C:\WINDOWS\system32\cpwmon2k.dll
2009-05-18 12:16:03 ----D---- C:\Program Files\Acro Software
2009-05-18 11:52:30 ----N---- C:\WINDOWS\system32\Msvcrt10.dll
2009-05-18 11:35:27 ----D---- C:\Program Files\7-Zip
2009-05-14 09:50:45 ----D---- C:\Documents and Settings\Administrator\Application Data\U3
2009-05-14 00:45:48 ----D---- C:\Documents and Settings\Administrator\Application Data\vlc
2009-05-14 00:45:05 ----D---- C:\Program Files\VideoLAN
2009-05-12 03:00:30 ----D---- C:\WINDOWS\system32\KB905474
2009-05-07 21:16:16 ----D---- C:\Program Files\Revit Architecture 2009
2009-05-06 23:32:18 ----D---- C:\Program Files\Xilisoft
2009-05-06 04:00:59 ----HD---- C:\$AVG8.VAULT$
2009-05-05 23:10:35 ----D---- C:\Documents and Settings\Administrator\Application Data\Graphisoft
2009-05-05 21:48:50 ----D---- C:\Program Files\Graphisoft 10
2009-05-05 21:48:13 ----A---- C:\WINDOWS\system32\javaws.exe
2009-05-05 21:48:13 ----A---- C:\WINDOWS\system32\javaw.exe
2009-05-05 21:48:13 ----A---- C:\WINDOWS\system32\java.exe
2009-05-05 21:47:55 ----D---- C:\Program Files\Java
2009-05-05 21:47:54 ----D---- C:\Program Files\Common Files\Java
2009-05-05 21:47:49 ----D---- C:\Documents and Settings\Administrator\Application Data\Sun
2009-05-05 17:08:49 ----D---- C:\Documents and Settings\Administrator\Application Data\Google
2009-05-05 17:08:34 ----D---- C:\Documents and Settings\All Users\Application Data\Google

======List of files/folders modified in the last 3 months======

2009-08-04 13:02:56 ----D---- C:\WINDOWS\Prefetch
2009-08-04 12:59:04 ----D---- C:\Program Files\Mozilla Firefox
2009-08-04 12:58:55 ----D---- C:\WINDOWS
2009-08-04 12:55:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-04 12:55:34 ----D---- C:\WINDOWS\Temp
2009-08-04 12:55:34 ----D---- C:\WINDOWS\system32
2009-08-04 12:55:01 ----RD---- C:\Program Files
2009-08-04 12:54:59 ----D---- C:\Program Files\Common Files
2009-08-04 08:32:10 ----HD---- C:\WINDOWS\inf
2009-08-04 08:31:19 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-30 16:02:33 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-07-30 08:38:47 ----D---- C:\WINDOWS\system32\drivers
2009-07-30 08:37:49 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-29 23:19:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-29 15:25:22 ----SD---- C:\WINDOWS\Tasks
2009-07-28 21:58:06 ----D---- C:\WINDOWS\system32\wbem
2009-07-28 12:36:07 ----D---- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2009-07-28 12:28:11 ----SHD---- C:\WINDOWS\Installer
2009-07-28 12:26:42 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-07-28 12:11:27 ----D---- C:\Program Files\Common Files\Apple
2009-07-28 12:10:41 ----D---- C:\Program Files\QuickTime
2009-07-28 12:09:21 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-26 09:41:13 ----RASH---- C:\boot.ini
2009-07-26 09:41:13 ----A---- C:\WINDOWS\win.ini
2009-07-26 09:41:13 ----A---- C:\WINDOWS\system.ini
2009-07-24 09:12:11 ----D---- C:\WINDOWS\WinSxS
2009-07-23 12:08:29 ----D---- C:\Documents and Settings\Administrator\Application Data\uTorrent
2009-07-15 09:49:13 ----D---- C:\WINDOWS\Debug
2009-07-09 12:16:16 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-07-07 08:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-01 09:24:21 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-06-19 21:11:12 ----D---- C:\Program Files\NetMeeting
2009-06-16 07:36:30 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-06-16 07:36:30 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-06-11 12:00:38 ----D---- C:\WINDOWS\twain_32
2009-06-11 12:00:07 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-11 11:40:34 ----RSD---- C:\WINDOWS\Fonts
2009-06-10 21:38:30 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-10 21:37:10 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-06-10 16:37:02 ----D---- C:\WINDOWS\Help
2009-06-03 15:36:23 ----D---- C:\Program Files\Adobe
2009-06-03 15:35:53 ----D---- C:\Program Files\Common Files\Adobe
2009-06-03 15:35:47 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-06-02 16:23:20 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe
2009-05-19 19:42:14 ----D---- C:\Program Files\HP
2009-05-12 23:01:37 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2009-05-11 14:09:53 ----D---- C:\Documents and Settings\All Users\Application Data\Autodesk
2009-05-11 14:09:53 ----D---- C:\Documents and Settings\Administrator\Application Data\Autodesk
2009-05-07 21:19:44 ----D---- C:\Program Files\Common Files\Autodesk Shared
2009-05-07 08:32:35 ----A---- C:\WINDOWS\system32\localspl.dll
2009-05-05 14:24:04 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-05-05 01:01:20 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-05-05 01:00:31 ----D---- C:\Documents and Settings\Administrator\Application Data\Winamp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-30 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-01 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-02 108552]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 RsvLock;RsvLock; C:\WINDOWS\system32\drivers\RsvLock.sys [2008-06-05 12496]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-03-13 46652]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2008-05-07 46080]
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\WibuKey.sys [2008-06-26 72704]
R3 Accelerometer;HP Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2008-04-22 33456]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2008-04-11 338944]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-02-29 1202560]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-06-02 2881536]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver; C:\WINDOWS\System32\Drivers\ATSwpWDF.sys [2008-05-15 475520]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-05-14 879624]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 e1yexpress;Intel® Gigabit Network Connections Driver; C:\WINDOWS\system32\DRIVERS\e1y5132.sys [2008-03-27 244368]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2008-04-28 9344]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-04-04 41216]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 NETw5x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit ; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-04-27 3626112]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 rismc32;RICOH Smart Card Reader; C:\WINDOWS\system32\DRIVERS\rismc32.sys [2006-12-19 47616]
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2008-04-10 1804160]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-03-27 224672]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-05-14 74688]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-07-28 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-07-28 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-07-28 21744]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2006-12-13 20992]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wibukey2;Wibukey2; C:\WINDOWS\system32\drivers\wibukey2.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 accoca;ActivClient Middleware Service; c:\Program Files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2007-12-11 12800]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 ASBroker;Logon Session Broker; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 ASChannel;Local Communication Channel; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-06-02 540672]
R2 ATService;AuthenTec Fingerprint Service; c:\Program Files\Fingerprint Sensor\AtService.exe [2008-05-15 1176824]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-01 298776]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-05-12 264800]
R2 HP ProtectTools Service;HP ProtectTools Service; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [2008-06-10 18944]
R2 HpFkCryptService;Drive Encryption Service; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2008-06-05 256512]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-06-20 354840]
R2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2008-04-14 4608]
R2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2008-04-14 117248]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [2008-04-16 165192]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-05-03 85096]
S3 Autodesk Network Licensing Service;Autodesk Network Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe [2006-08-11 902760]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-03 1029456]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 05 August 2009 - 12:18 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 slashjive

slashjive
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 11 August 2009 - 02:00 PM

First off, thanks for all your help, my cpu is running much smoother, no popups and stuff. Sorry for not getting back sooner, I've been crazy busy.

It seems like whenever I leave my laptop connected to the net and it doesn't go into hibernation (like at night when i want to charge my phone) I come back to a list of threats detected by avg and they cant be cleaned...It's not like I click or download anything manually, what can I do to combat this? Always disconnect when Im not online? Pay for an antivirus service? What if I use a different web browser like safari or google chrome? is firefox no longer safe because it has become so popular? Malware bytes found more threats, again that stupid home antivirus when we've already cleaned it once. Thank you in advance, and my response will be more timely next time. Here are the logs you requested:



Malwarebytes' Anti-Malware 1.40
Database version: 2602
Windows 5.1.2600 Service Pack 3

8/11/2009 10:04:33 AM
mbam-log-2009-08-11 (10-04-33).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 243437
Time elapsed: 1 hour(s), 7 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Administrator\Start Menu\Programs\HomeAntivirus2010 (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Administrator\Start Menu\Programs\HomeAntivirus2010\HomeAntivirus2010.lnk (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\HomeAntivirus2010\Uninstall.lnk (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\HomeAntivirus2010.lnk (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\WINDOWS\prxid93ps.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.











ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.5889
# api_version=3.0.2
# EOSSerial=bc6f71d732b0b14e8d1dbb93a9de7b49
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-08-11 06:35:43
# local_time=2009-08-11 11:35:43 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1026 21 83 100 10474502343750
# scanned=143847
# found=1
# cleaned=1
# scan_time=3067
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OR8ZE9OT\174[1].pdf PDF/Exploit.Gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Edited by slashjive, 11 August 2009 - 02:00 PM.


#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 11 August 2009 - 10:43 PM

It seems like whenever I leave my laptop connected to the net and it doesn't go into hibernation (like at night when i want to charge my phone) I come back to a list of threats detected by avg and they cant be cleaned...


Reboot the computer.. Do you still have the problem?

Firefox is good enough, I use it everyday..

tell me, what antivirus, antispyware, firewall that you use? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 slashjive

slashjive
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 12 August 2009 - 12:54 PM

Its not really a problem when im using the cpu, i really cant tell anythings wrong when im on it, it just happened when i came home after it was connected to the net for about a day, avg had a list of threats detected.

antivirus is avg free, antispyware would i guess be ad-aware, and i just use the windows xp firewall, i used to use zonealarm, what is a good free one?

#12 slashjive

slashjive
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 12 August 2009 - 12:56 PM

ok, i dl'd sygate i remember i used to use that,

#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 12 August 2009 - 01:37 PM

Lets use another scanner just to see if we miss anything...

Hello.. Please do an online scan with BitDefender Online Scan.
  • Click on I Agree
  • Allow the ActiveX control to install when prompted.
  • Click on I Agree again. It will then start the updating process
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.
Please note that this scan ONLY works with Internet Explorer

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 19 August 2009 - 12:44 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users