Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

my computer is running slow


  • This topic is locked This topic is locked
17 replies to this topic

#1 nouara

nouara

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 28 July 2009 - 02:44 PM

Hello,

My computer freezes (blue screen) and reboots with the messsage that my system has recovered from a serious problem. I've been cleaning my computer, ran spybot sd, adaware and regcure, as well as disk defrag, etc. Everything seems to be running better, only it still takes a long time for the computer to reboot. I'm not sure if the problem is spyware attaches to a start up program? I'd appreciate any advice. Thanks

nouara



DDS (Ver_09-06-26.01) - NTFSx86
Run by Me at 12:27:31.54 on Tue 07/28/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.61 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

DDS (Ver_09-06-26.01) - NTFSx86
Run by Me at 12:27:31.54 on Tue 07/28/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.61 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\RegCure\RegCure.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Me\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1248660447&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-US
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: AutorunsDisabled\skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-26 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-7 335752]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-7-30 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-6-7 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-4 907032]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-5 298776]
R2 BCMNTIO;BCMNTIO;c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2009-6-5 3744]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
R2 MAPMEM;MAPMEM;c:\progra~1\checkit\diagno~1\MAPMEM.sys [2009-6-5 3904]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2007-7-30 20160]
S4 Boonty Games;Boonty Games; [x]

=============== Created Last 30 ================

2009-07-26 18:54 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-07-26 18:49 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-26 16:49 389,120 a------- c:\windows\system32\CF20882.exe
2009-07-26 16:37 389,120 a------- c:\windows\system32\CF18612.exe
2009-07-26 16:30 389,120 a------- c:\windows\system32\CF16646.exe
2009-07-26 12:54 389,120 a------- c:\windows\system32\CF7576.exe
2009-07-26 03:30 389,120 a------- c:\windows\system32\CF28209.exe
2009-07-26 03:06 389,120 a------- c:\windows\system32\CF23500.exe
2009-07-26 02:57 389,120 a------- c:\windows\system32\CF21822.exe
2009-07-26 02:47 389,120 a------- c:\windows\system32\CF19820.exe
2009-07-26 02:42 389,120 a------- c:\windows\system32\CF18259.exe
2009-07-26 01:35 578,560 ac------ c:\windows\system32\dllcache\user32.dll
2009-07-26 01:33 <DIR> --d----- c:\windows\ERUNT
2009-07-26 01:30 <DIR> --d----- C:\SDFix
2009-07-26 00:57 1,714 a------- c:\windows\system32\tmp.reg
2009-07-26 00:48 78,336 a------- c:\windows\system32\Agent.OMZ.Fix.exe
2009-07-26 00:48 80,384 a------- c:\windows\system32\o4Patch.exe
2009-07-26 00:48 82,944 a------- c:\windows\system32\IEDFix.C.exe
2009-07-26 00:48 82,432 a------- c:\windows\system32\404Fix.exe
2009-07-26 00:48 87,552 a------- c:\windows\system32\VACFix.exe
2009-07-26 00:48 82,944 a------- c:\windows\system32\IEDFix.exe
2009-07-26 00:48 75,776 a------- c:\windows\system32\WS2Fix.exe
2009-07-26 00:48 289,144 a------- c:\windows\system32\VCCLSID.exe
2009-07-26 00:48 288,417 a------- c:\windows\system32\SrchSTS.exe
2009-07-26 00:48 51,200 a------- c:\windows\system32\dumphive.exe
2009-07-26 00:48 53,248 a------- c:\windows\system32\Process.exe
2009-07-23 23:56 <DIR> --d----- c:\docume~1\me\applic~1\Malwarebytes
2009-07-23 23:56 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-23 23:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-23 23:56 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-23 23:56 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-23 20:14 <DIR> --d----- c:\docume~1\me\applic~1\IObit
2009-07-23 20:14 <DIR> --d----- c:\program files\IObit
2009-07-23 17:26 <DIR> --d----- c:\program files\common files\ODBC
2009-07-23 16:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DriverScanner
2009-07-23 15:24 <DIR> --d----- c:\program files\Trend Micro
2009-07-21 07:47 <DIR> --dsh--- c:\documents and settings\me\IECompatCache
2009-07-14 08:59 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-14 08:43 <DIR> --dsh--- c:\documents and settings\me\PrivacIE
2009-07-14 08:29 <DIR> --dsh--- c:\documents and settings\me\IETldCache
2009-07-13 22:17 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-07-13 22:16 <DIR> --d----- c:\windows\ie8updates
2009-07-13 22:14 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-07-13 22:14 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-07-13 22:11 <DIR> -cd-h--- c:\windows\ie8
2009-07-13 20:45 4,816 a------- c:\windows\system32\drivers\aeaudio.sys
2009-07-13 20:45 3,744 a------- c:\windows\system32\drivers\smsens.sys
2009-07-13 20:45 720,896 ac------ c:\windows\system32\dllcache\a3d.dll
2009-07-13 20:45 720,896 a------- c:\windows\system32\a3d.dll
2009-07-13 20:45 580,992 a------- c:\windows\system32\drivers\smwdm.sys
2009-07-13 20:45 45,056 a------- c:\windows\system32\CleanUp.exe
2009-07-13 20:45 <DIR> --d----- c:\program files\Analog Devices
2009-07-13 20:45 49,152 a------- c:\windows\system32\DSndUp.exe
2009-07-13 20:35 446,464 a----r-- c:\windows\system32\hhactivex.dll
2009-07-13 20:35 645,616 a------- c:\windows\system32\MSCOMCT2.OCX
2009-07-13 20:35 414,944 a------- c:\windows\system32\COMCT332.OCX
2009-07-13 20:35 328,480 a------- c:\windows\system32\ssa3d30.ocx
2009-07-13 20:35 176,128 a------- c:\windows\system32\RcdScan.dll
2009-07-13 20:35 171,967 a------- c:\windows\system32\Odbcjet.hlp
2009-07-13 20:35 7,348 a------- c:\windows\system32\Odbcjet.cnt
2009-07-13 20:35 89,360 a------- c:\windows\system32\VB5DB.DLL
2009-07-13 20:35 13,632 -------- c:\windows\system32\drivers\omci.sys
2009-06-28 22:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\RegCure

==================== Find3M ====================

2009-07-14 08:58 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-04 08:13 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-29 17:57 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 12:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-12 22:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2008-04-09 01:28 0 ac------ c:\program files\temp01
2007-09-03 15:14 774,144 ac------ c:\program files\RngInterstitial.dll
2008-09-03 22:24 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090320080904\index.dat

============= FINISH: 12:28:57.39 ===============



C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\RegCure\RegCure.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Me\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1248660447&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-US
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: AutorunsDisabled\skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-26 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-7 335752]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-7-30 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-6-7 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-4 907032]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-5 298776]
R2 BCMNTIO;BCMNTIO;c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2009-6-5 3744]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
R2 MAPMEM;MAPMEM;c:\progra~1\checkit\diagno~1\MAPMEM.sys [2009-6-5 3904]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2007-7-30 20160]
S4 Boonty Games;Boonty Games; [x]

=============== Created Last 30 ================

2009-07-26 18:54 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-07-26 18:49 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-26 16:49 389,120 a------- c:\windows\system32\CF20882.exe
2009-07-26 16:37 389,120 a------- c:\windows\system32\CF18612.exe
2009-07-26 16:30 389,120 a------- c:\windows\system32\CF16646.exe
2009-07-26 12:54 389,120 a------- c:\windows\system32\CF7576.exe
2009-07-26 03:30 389,120 a------- c:\windows\system32\CF28209.exe
2009-07-26 03:06 389,120 a------- c:\windows\system32\CF23500.exe
2009-07-26 02:57 389,120 a------- c:\windows\system32\CF21822.exe
2009-07-26 02:47 389,120 a------- c:\windows\system32\CF19820.exe
2009-07-26 02:42 389,120 a------- c:\windows\system32\CF18259.exe
2009-07-26 01:35 578,560 ac------ c:\windows\system32\dllcache\user32.dll
2009-07-26 01:33 <DIR> --d----- c:\windows\ERUNT
2009-07-26 01:30 <DIR> --d----- C:\SDFix
2009-07-26 00:57 1,714 a------- c:\windows\system32\tmp.reg
2009-07-26 00:48 78,336 a------- c:\windows\system32\Agent.OMZ.Fix.exe
2009-07-26 00:48 80,384 a------- c:\windows\system32\o4Patch.exe
2009-07-26 00:48 82,944 a------- c:\windows\system32\IEDFix.C.exe
2009-07-26 00:48 82,432 a------- c:\windows\system32\404Fix.exe
2009-07-26 00:48 87,552 a------- c:\windows\system32\VACFix.exe
2009-07-26 00:48 82,944 a------- c:\windows\system32\IEDFix.exe
2009-07-26 00:48 75,776 a------- c:\windows\system32\WS2Fix.exe
2009-07-26 00:48 289,144 a------- c:\windows\system32\VCCLSID.exe
2009-07-26 00:48 288,417 a------- c:\windows\system32\SrchSTS.exe
2009-07-26 00:48 51,200 a------- c:\windows\system32\dumphive.exe
2009-07-26 00:48 53,248 a------- c:\windows\system32\Process.exe
2009-07-23 23:56 <DIR> --d----- c:\docume~1\me\applic~1\Malwarebytes
2009-07-23 23:56 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-23 23:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-23 23:56 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-23 23:56 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-23 20:14 <DIR> --d----- c:\docume~1\me\applic~1\IObit
2009-07-23 20:14 <DIR> --d----- c:\program files\IObit
2009-07-23 17:26 <DIR> --d----- c:\program files\common files\ODBC
2009-07-23 16:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DriverScanner
2009-07-23 15:24 <DIR> --d----- c:\program files\Trend Micro
2009-07-21 07:47 <DIR> --dsh--- c:\documents and settings\me\IECompatCache
2009-07-14 08:59 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-14 08:43 <DIR> --dsh--- c:\documents and settings\me\PrivacIE
2009-07-14 08:29 <DIR> --dsh--- c:\documents and settings\me\IETldCache
2009-07-13 22:17 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-07-13 22:16 <DIR> --d----- c:\windows\ie8updates
2009-07-13 22:14 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-07-13 22:14 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-07-13 22:11 <DIR> -cd-h--- c:\windows\ie8
2009-07-13 20:45 4,816 a------- c:\windows\system32\drivers\aeaudio.sys
2009-07-13 20:45 3,744 a------- c:\windows\system32\drivers\smsens.sys
2009-07-13 20:45 720,896 ac------ c:\windows\system32\dllcache\a3d.dll
2009-07-13 20:45 720,896 a------- c:\windows\system32\a3d.dll
2009-07-13 20:45 580,992 a------- c:\windows\system32\drivers\smwdm.sys
2009-07-13 20:45 45,056 a------- c:\windows\system32\CleanUp.exe
2009-07-13 20:45 <DIR> --d----- c:\program files\Analog Devices
2009-07-13 20:45 49,152 a------- c:\windows\system32\DSndUp.exe
2009-07-13 20:35 446,464 a----r-- c:\windows\system32\hhactivex.dll
2009-07-13 20:35 645,616 a------- c:\windows\system32\MSCOMCT2.OCX
2009-07-13 20:35 414,944 a------- c:\windows\system32\COMCT332.OCX
2009-07-13 20:35 328,480 a------- c:\windows\system32\ssa3d30.ocx
2009-07-13 20:35 176,128 a------- c:\windows\system32\RcdScan.dll
2009-07-13 20:35 171,967 a------- c:\windows\system32\Odbcjet.hlp
2009-07-13 20:35 7,348 a------- c:\windows\system32\Odbcjet.cnt
2009-07-13 20:35 89,360 a------- c:\windows\system32\VB5DB.DLL
2009-07-13 20:35 13,632 -------- c:\windows\system32\drivers\omci.sys
2009-06-28 22:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\RegCure

==================== Find3M ====================

2009-07-14 08:58 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-04 08:13 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-29 17:57 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 12:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-12 22:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2008-04-09 01:28 0 ac------ c:\program files\temp01
2007-09-03 15:14 774,144 ac------ c:\program files\RngInterstitial.dll
2008-09-03 22:24 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090320080904\index.dat

============= FINISH: 12:28:57.39 ===============

Attached Files

  • Attached File  DDS.txt   9.42KB   9 downloads


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:37 PM

Posted 06 August 2009 - 07:18 PM

Hello and welcome to Bleeping Computer.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 nouara

nouara
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 10 August 2009 - 10:17 AM

thanks,

I just read your advice, will get on it tonight..if you can keep open a spot for me in the queque i'd appreciate it.

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:37 PM

Posted 10 August 2009 - 12:33 PM

Ok, I will wait for your logs.

unite.jpg


#5 nouara

nouara
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 11 August 2009 - 10:22 AM

Hi Syler,

Thanks for your help.
Here are the logs
Malwarebytes' Anti-Malware 1.40
Database version: 2594
Windows 5.1.2600 Service Pack 3

8/10/2009 18:36:03
mbam-log-2009-08-10 (18-36-03).txt

Scan type: Full Scan (C:\|)
Objects scanned: 143896
Time elapsed: 1 hour(s), 10 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)Logfile of random's system information tool 1.06 (written by random/random)
Run by Me at 2009-08-11 08:07:00
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 66 GB (86%) free of 76 GB
Total RAM: 255 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:08:02, on 8/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Me\Local Settings\Temporary Internet Files\Content.IE5\7XHLTZPA\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\Me.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin...5&mkt=en-US
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4498 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure Startup.job
C:\WINDOWS\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-14 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Boonty Games"=3
"usnjsvc"=3

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-06-29 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Paltalk Messenger\paltalk.exe"="C:\Program Files\Paltalk Messenger\paltalk.exe:*:Enabled:Paltalk 9.1"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2009-08-05 19:55:01 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-07-28 20:50:31 ----D---- C:\Documents and Settings\Me\Application Data\Paltalk
2009-07-28 20:50:21 ----D---- C:\Program Files\Paltalk Messenger
2009-07-28 20:49:44 ----A---- C:\WINDOWS\PaltalkScene Setup Log.txt
2009-07-28 17:02:48 ----D---- C:\Program Files\KraiSoft Games
2009-07-26 18:49:22 ----HDC---- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-26 16:49:30 ----A---- C:\WINDOWS\system32\CF20882.exe
2009-07-26 16:48:52 ----A---- C:\Bug.txt
2009-07-26 16:37:59 ----A---- C:\WINDOWS\system32\CF18612.exe
2009-07-26 16:30:55 ----A---- C:\WINDOWS\system32\CF16646.exe
2009-07-26 14:40:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-26 12:54:25 ----A---- C:\WINDOWS\system32\CF7576.exe
2009-07-26 03:30:26 ----A---- C:\WINDOWS\system32\CF28209.exe
2009-07-26 03:06:33 ----A---- C:\WINDOWS\system32\CF23500.exe
2009-07-26 02:57:47 ----A---- C:\WINDOWS\system32\CF21822.exe
2009-07-26 02:47:56 ----A---- C:\WINDOWS\system32\CF19820.exe
2009-07-26 02:42:48 ----D---- C:\WINDOWS\ERDNT
2009-07-26 02:42:10 ----A---- C:\WINDOWS\system32\CF18259.exe
2009-07-26 02:39:23 ----D---- C:\Qoobox
2009-07-26 01:46:04 ----D---- C:\Documents and Settings\Me\Application Data\WinRAR
2009-07-26 01:33:31 ----D---- C:\WINDOWS\ERUNT
2009-07-26 01:30:05 ----D---- C:\SDFix
2009-07-26 00:57:10 ----A---- C:\WINDOWS\system32\tmp.txt
2009-07-26 00:56:15 ----A---- C:\rapport.txt
2009-07-26 00:48:39 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-07-26 00:48:38 ----A---- C:\WINDOWS\system32\o4Patch.exe
2009-07-26 00:48:37 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2009-07-26 00:48:36 ----A---- C:\WINDOWS\system32\404Fix.exe
2009-07-26 00:48:34 ----A---- C:\WINDOWS\system32\IEDFix.exe
2009-07-26 00:48:33 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2009-07-26 00:48:32 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2009-07-26 00:48:29 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2009-07-26 00:48:29 ----A---- C:\WINDOWS\system32\dumphive.exe
2009-07-26 00:48:24 ----A---- C:\WINDOWS\system32\Process.exe
2009-07-25 15:21:18 ----D---- C:\rsit
2009-07-23 23:56:36 ----D---- C:\Documents and Settings\Me\Application Data\Malwarebytes
2009-07-23 23:56:20 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-23 23:56:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-23 20:14:08 ----D---- C:\Documents and Settings\Me\Application Data\IObit
2009-07-23 20:14:05 ----D---- C:\Program Files\IObit
2009-07-23 17:26:19 ----D---- C:\Program Files\Common Files\ODBC
2009-07-23 16:54:05 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner
2009-07-23 15:24:44 ----D---- C:\Program Files\Trend Micro
2009-07-18 11:05:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-18 11:04:57 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-18 10:51:46 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-14 08:59:35 ----A---- C:\WINDOWS\system32\javaws.exe
2009-07-14 08:59:34 ----A---- C:\WINDOWS\system32\javaw.exe
2009-07-14 08:59:32 ----A---- C:\WINDOWS\system32\java.exe
2009-07-13 22:16:16 ----D---- C:\WINDOWS\ie8updates
2009-07-13 22:11:32 ----HDC---- C:\WINDOWS\ie8
2009-07-13 20:45:44 ----A---- C:\WINDOWS\system32\a3d.dll
2009-07-13 20:45:43 ----D---- C:\Program Files\Analog Devices
2009-07-13 20:45:43 ----A---- C:\WINDOWS\system32\CleanUp.exe
2009-07-13 20:45:42 ----A---- C:\WINDOWS\system32\DSndUp.exe
2009-07-13 20:35:16 ----RA---- C:\WINDOWS\system32\hhactivex.dll
2009-07-13 20:35:16 ----A---- C:\WINDOWS\system32\RcdScan.dll
2009-07-13 20:35:09 ----A---- C:\WINDOWS\system32\VB5DB.DLL

======List of files/folders modified in the last 1 months======

2009-08-11 08:06:56 ----D---- C:\WINDOWS\Prefetch
2009-08-11 05:53:57 ----D---- C:\WINDOWS\Temp
2009-08-10 17:15:21 ----D---- C:\WINDOWS\system32\drivers
2009-08-10 04:08:06 ----HD---- C:\$AVG8.VAULT$
2009-08-07 16:47:26 ----D---- C:\WINDOWS
2009-08-07 16:40:34 ----D---- C:\WINDOWS\system32
2009-08-07 08:09:03 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-06 08:40:49 ----AC---- C:\WINDOWS\wininit.ini
2009-08-01 09:59:42 ----D---- C:\WINDOWS\network diagnostic
2009-07-29 09:22:55 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-28 20:50:21 ----AD---- C:\Program Files
2009-07-28 16:59:15 ----D---- C:\Program Files\Atomaders
2009-07-28 00:00:47 ----D---- C:\WINDOWS\Minidump
2009-07-28 00:00:35 ----D---- C:\WINDOWS\system32\config
2009-07-28 00:00:34 ----D---- C:\WINDOWS\SoftwareDistribution
2009-07-28 00:00:34 ----D---- C:\WINDOWS\Debug
2009-07-28 00:00:32 ----SHD---- C:\WINDOWS\Installer
2009-07-28 00:00:32 ----D---- C:\Program Files\WinRAR
2009-07-27 19:08:41 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-27 18:58:39 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-27 18:25:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-26 18:55:25 ----SD---- C:\WINDOWS\Tasks
2009-07-26 18:49:21 ----HD---- C:\Config.Msi
2009-07-26 18:48:49 ----D---- C:\Program Files\Lavasoft
2009-07-26 18:48:49 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-07-26 18:18:12 ----HD---- C:\WINDOWS\inf
2009-07-26 16:36:23 ----D---- C:\Program Files\Common Files
2009-07-26 16:36:23 ----D---- C:\Program Files\Ahead
2009-07-26 16:31:46 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-07-25 21:34:26 ----D---- C:\Program Files\Real
2009-07-25 21:11:51 ----SH---- C:\boot.ini
2009-07-25 21:11:51 ----A---- C:\WINDOWS\win.ini
2009-07-25 21:11:51 ----A---- C:\WINDOWS\system.ini
2009-07-25 21:03:11 ----D---- C:\WINDOWS\Help
2009-07-25 19:40:18 ----D---- C:\Documents and Settings
2009-07-23 22:46:39 ----D---- C:\WINDOWS\system32\DirectX
2009-07-23 22:30:38 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-23 17:40:08 ----D---- C:\Documents and Settings\Me\Application Data\Games
2009-07-23 17:37:33 ----D---- C:\WINDOWS\system32\NtmsData
2009-07-23 14:40:46 ----D---- C:\My Games
2009-07-23 14:40:08 ----D---- C:\My Download Files
2009-07-18 11:05:21 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-18 11:05:14 ----A---- C:\WINDOWS\imsins.BAK
2009-07-14 08:58:29 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-14 08:28:29 ----D---- C:\WINDOWS\system32\en-US
2009-07-14 08:28:28 ----D---- C:\WINDOWS\Media
2009-07-14 08:28:28 ----D---- C:\Program Files\Internet Explorer
2009-07-13 20:46:01 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-13 20:35:07 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-12 22:21:00 ----D---- C:\Program Files\Windows Live Toolbar
2009-07-12 22:05:29 ----D---- C:\Program Files\Java
2009-07-12 12:36:42 ----D---- C:\Program Files\Common Files\InstallShield
2009-07-12 12:35:11 ----D---- C:\WINDOWS\system
2009-07-12 12:29:08 ----D---- C:\Documents and Settings\Me\Application Data\Move Networks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-04 335752]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-29 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-07 108552]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R2 BCMNTIO;BCMNTIO; \??\C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys []
R2 MAPMEM;MAPMEM; \??\C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2003-11-03 1330940]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-06 580992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter; C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]
S3 catchme;catchme; \??\C:\DOCUME~1\Me\LOCALS~1\Temp\catchme.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744]
S3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-04 907032]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-29 298776]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-14 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2003-11-03 73728]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-26 1029456]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

-----------------EOF--------------
An info.txt file did not open, but I found this file from the last time

info.txt logfile of random's system information tool 1.06 2009-07-25 15:22:18

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.4-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"
Atomaders-->"C:\Program Files\Atomaders\ReflexiveArcade\unins000.exe"
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
CheckIt Diagnostics-->C:\PROGRA~1\CheckIt\DIAGNO~1\UNWISE.EXE C:\PROGRA~1\CheckIt\DIAGNO~1\INSTALL.LOG
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
ebgcInfra-->MsiExec.exe /X{39B1BD87-561E-4762-AED9-7C5213B06C24}
ebgcRes-->MsiExec.exe /X{2F9DFF65-7A7A-4B70-A53D-378EE67F9F25}
ebgcRes-->MsiExec.exe /X{DC32544C-86ED-4B8E-80BC-9DC99023A313}
ebgcSDK-->MsiExec.exe /X{28E7B64D-150F-4A9E-B7A3-5A6AC8C2F822}
ebgcSDK-->MsiExec.exe /X{53B2D537-21CF-44D5-A03A-0DAF993B5728}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update-->MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
Java™ 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero Digital-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nvdd.inf
PaltalkScene-->"C:\WINDOWS\PaltalkScene\uninstall.exe" "/U:C:\Program Files\Paltalk Messenger\irunin.xml"
PerformanceTest v6.0-->"C:\Program Files\PerformanceTest\unins000.exe"
Quick StartUp 2.3-->"C:\Program Files\Quick StartUp\unins000.exe"
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RegCure 1.6.0.0-->C:\Program Files\RegCure\uninst.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

=====HijackThis Backups=====

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-23]
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-23]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/ [2009-07-23]
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2009-07-23]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2009-07-23]
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-23]
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-07-23]
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-07-23]
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/popcap/zuma/popcaploader_v6.cab [2009-07-23]
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mystery%20P.I.%20-%20Lost%20in%20Los%20Angeles/Images/stg_drm.ocx [2009-07-23]
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll [2009-07-23]
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll [2009-07-25]
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [2009-07-25]

======Hosts File======

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: HOME-DA7C1EF26F
Event Code: 1003
Message: Error code 1000007e, parameter1 c0000005, parameter2 f8d98b7b, parameter3 ef0b9c84, parameter4 ef0b9980.

Record Number: 98695
Source Name: System Error
Time Written: 20090621164631.000000-420
Event Type: error
User:

Computer Name: HOME-DA7C1EF26F
Event Code: 1003
Message: Error code 0000004e, parameter1 00000099, parameter2 00000000, parameter3 00000000, parameter4 00000000.

Record Number: 98668
Source Name: System Error
Time Written: 20090621045604.000000-420
Event Type: error
User:

Computer Name: HOME-DA7C1EF26F
Event Code: 10010
Message: The server {F81CD990-910B-4BBF-9CB3-6A77F3D697B3} did not register with DCOM within the required timeout.

Record Number: 98648
Source Name: DCOM
Time Written: 20090621014244.000000-420
Event Type: error
User: HOME-DA7C1EF26F\Me

Computer Name: HOME-DA7C1EF26F
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 98647
Source Name: W32Time
Time Written: 20090620224109.000000-420
Event Type: warning
User:

Computer Name: HOME-DA7C1EF26F
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 98643
Source Name: W32Time
Time Written: 20090620053025.000000-420
Event Type: warning
User:

=====Application event log=====

Computer Name: HOME-DA7C1EF26F
Event Code: 1000
Message: Faulting application avgwdsvc.exe, version 8.0.0.223, faulting module ntdll.dll, version 5.1.2600.5755, fault address 0x000011e8.

Record Number: 17
Source Name: Application Error
Time Written: 20090417101417.000000-420
Event Type: error
User:

Computer Name: HOME-DA7C1EF26F
Event Code: 1000
Message: Faulting application explorer.exe, version 6.0.2900.5512, faulting module ntdll.dll, version 5.1.2600.5755, fault address 0x000011a5.

Record Number: 16
Source Name: Application Error
Time Written: 20090417101411.000000-420
Event Type: error
User:

Computer Name: HOME-DA7C1EF26F
Event Code: 1000
Message: Faulting application ssstars.scr, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.5755, fault address 0x000011a5.

Record Number: 15
Source Name: Application Error
Time Written: 20090417101350.000000-420
Event Type: error
User:

Computer Name: HOME-DA7C1EF26F
Event Code: 1000
Message: Faulting application amazingadventuresbundle.exe, version 1.0.0.0, faulting module bass.dll, version 2.3.0.3, fault address 0x00001b9b.

Record Number: 8
Source Name: Application Error
Time Written: 20090408172343.000000-420
Event Type: error
User:

Computer Name: HOME-DA7C1EF26F
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 3
Source Name: usnjsvc
Time Written: 20090408164625.000000-420
Event Type:
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip

-----------------EOF-----------------

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:37 PM

Posted 11 August 2009 - 02:21 PM

Hello,

You haven't posted all of the Rsit log the top part is missing, post the log again please, also I see you have been running combofix.

ComboFix should not be run unless requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Post the contents of C:\ComboFix.txt in your next reply, do not run combofix again unless asked.


We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Post back with the Gmer log and combofix.txt.

unite.jpg


#7 nouara

nouara
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 11 August 2009 - 04:47 PM

I re-ran the log files, hope i got it all this time?

I understand about the combo fix, i was playing with fire and have no intention of running the program again. Thanks for your warning. I searched for the combofix.txt file... but it does not exist. I know that I tried to uninstall combofix when I realized that I was way over my head.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Me at 2009-08-11 13:29:55
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 66 GB (86%) free of 76 GB
Total RAM: 255 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:30:48, on 8/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~2\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Me\Local Settings\Temporary Internet Files\Content.IE5\A7GLXVJO\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\Me.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin...5&mkt=en-US
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4508 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure Startup.job
C:\WINDOWS\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-14 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Boonty Games"=3
"usnjsvc"=3

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-06-29 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Paltalk Messenger\paltalk.exe"="C:\Program Files\Paltalk Messenger\paltalk.exe:*:Enabled:Paltalk 9.1"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2009-08-05 19:55:01 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-07-28 20:50:31 ----D---- C:\Documents and Settings\Me\Application Data\Paltalk
2009-07-28 20:50:21 ----D---- C:\Program Files\Paltalk Messenger
2009-07-28 20:49:44 ----A---- C:\WINDOWS\PaltalkScene Setup Log.txt
2009-07-28 17:02:48 ----D---- C:\Program Files\KraiSoft Games
2009-07-26 18:49:22 ----HDC---- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-26 16:49:30 ----A---- C:\WINDOWS\system32\CF20882.exe
2009-07-26 16:48:52 ----A---- C:\Bug.txt
2009-07-26 16:37:59 ----A---- C:\WINDOWS\system32\CF18612.exe
2009-07-26 16:30:55 ----A---- C:\WINDOWS\system32\CF16646.exe
2009-07-26 14:40:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-26 12:54:25 ----A---- C:\WINDOWS\system32\CF7576.exe
2009-07-26 03:30:26 ----A---- C:\WINDOWS\system32\CF28209.exe
2009-07-26 03:06:33 ----A---- C:\WINDOWS\system32\CF23500.exe
2009-07-26 02:57:47 ----A---- C:\WINDOWS\system32\CF21822.exe
2009-07-26 02:47:56 ----A---- C:\WINDOWS\system32\CF19820.exe
2009-07-26 02:42:48 ----D---- C:\WINDOWS\ERDNT
2009-07-26 02:42:10 ----A---- C:\WINDOWS\system32\CF18259.exe
2009-07-26 02:39:23 ----D---- C:\Qoobox
2009-07-26 01:46:04 ----D---- C:\Documents and Settings\Me\Application Data\WinRAR
2009-07-26 01:33:31 ----D---- C:\WINDOWS\ERUNT
2009-07-26 01:30:05 ----D---- C:\SDFix
2009-07-26 00:57:10 ----A---- C:\WINDOWS\system32\tmp.txt
2009-07-26 00:56:15 ----A---- C:\rapport.txt
2009-07-26 00:48:39 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-07-26 00:48:38 ----A---- C:\WINDOWS\system32\o4Patch.exe
2009-07-26 00:48:37 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2009-07-26 00:48:36 ----A---- C:\WINDOWS\system32\404Fix.exe
2009-07-26 00:48:34 ----A---- C:\WINDOWS\system32\IEDFix.exe
2009-07-26 00:48:33 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2009-07-26 00:48:32 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2009-07-26 00:48:29 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2009-07-26 00:48:29 ----A---- C:\WINDOWS\system32\dumphive.exe
2009-07-26 00:48:24 ----A---- C:\WINDOWS\system32\Process.exe
2009-07-25 15:21:18 ----D---- C:\rsit
2009-07-23 23:56:36 ----D---- C:\Documents and Settings\Me\Application Data\Malwarebytes
2009-07-23 23:56:20 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-23 23:56:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-23 20:14:08 ----D---- C:\Documents and Settings\Me\Application Data\IObit
2009-07-23 20:14:05 ----D---- C:\Program Files\IObit
2009-07-23 17:26:19 ----D---- C:\Program Files\Common Files\ODBC
2009-07-23 16:54:05 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner
2009-07-23 15:24:44 ----D---- C:\Program Files\Trend Micro
2009-07-18 11:05:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-18 11:04:57 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-18 10:51:46 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-14 08:59:35 ----A---- C:\WINDOWS\system32\javaws.exe
2009-07-14 08:59:34 ----A---- C:\WINDOWS\system32\javaw.exe
2009-07-14 08:59:32 ----A---- C:\WINDOWS\system32\java.exe
2009-07-13 22:16:16 ----D---- C:\WINDOWS\ie8updates
2009-07-13 22:11:32 ----HDC---- C:\WINDOWS\ie8
2009-07-13 20:45:44 ----A---- C:\WINDOWS\system32\a3d.dll
2009-07-13 20:45:43 ----D---- C:\Program Files\Analog Devices
2009-07-13 20:45:43 ----A---- C:\WINDOWS\system32\CleanUp.exe
2009-07-13 20:45:42 ----A---- C:\WINDOWS\system32\DSndUp.exe
2009-07-13 20:35:16 ----RA---- C:\WINDOWS\system32\hhactivex.dll
2009-07-13 20:35:16 ----A---- C:\WINDOWS\system32\RcdScan.dll
2009-07-13 20:35:09 ----A---- C:\WINDOWS\system32\VB5DB.DLL

======List of files/folders modified in the last 1 months======

2009-08-11 13:29:59 ----D---- C:\WINDOWS\Prefetch
2009-08-11 11:24:10 ----D---- C:\WINDOWS\Temp
2009-08-11 11:12:22 ----SHD---- C:\WINDOWS\Installer
2009-08-11 11:12:22 ----HD---- C:\Config.Msi
2009-08-11 04:08:33 ----HD---- C:\$AVG8.VAULT$
2009-08-10 17:15:21 ----D---- C:\WINDOWS\system32\drivers
2009-08-07 16:47:26 ----D---- C:\WINDOWS
2009-08-07 16:40:34 ----D---- C:\WINDOWS\system32
2009-08-07 08:09:03 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-06 08:40:49 ----AC---- C:\WINDOWS\wininit.ini
2009-08-01 09:59:42 ----D---- C:\WINDOWS\network diagnostic
2009-07-29 09:22:55 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-28 20:50:21 ----AD---- C:\Program Files
2009-07-28 16:59:15 ----D---- C:\Program Files\Atomaders
2009-07-28 00:00:47 ----D---- C:\WINDOWS\Minidump
2009-07-28 00:00:35 ----D---- C:\WINDOWS\system32\config
2009-07-28 00:00:34 ----D---- C:\WINDOWS\SoftwareDistribution
2009-07-28 00:00:34 ----D---- C:\WINDOWS\Debug
2009-07-28 00:00:32 ----D---- C:\Program Files\WinRAR
2009-07-27 19:08:41 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-27 18:58:39 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-27 18:25:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-26 18:55:25 ----SD---- C:\WINDOWS\Tasks
2009-07-26 18:48:49 ----D---- C:\Program Files\Lavasoft
2009-07-26 18:48:49 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-07-26 18:18:12 ----HD---- C:\WINDOWS\inf
2009-07-26 16:36:23 ----D---- C:\Program Files\Common Files
2009-07-26 16:36:23 ----D---- C:\Program Files\Ahead
2009-07-26 16:31:46 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-07-25 21:34:26 ----D---- C:\Program Files\Real
2009-07-25 21:11:51 ----SH---- C:\boot.ini
2009-07-25 21:11:51 ----A---- C:\WINDOWS\win.ini
2009-07-25 21:11:51 ----A---- C:\WINDOWS\system.ini
2009-07-25 21:03:11 ----D---- C:\WINDOWS\Help
2009-07-25 19:40:18 ----D---- C:\Documents and Settings
2009-07-23 22:46:39 ----D---- C:\WINDOWS\system32\DirectX
2009-07-23 22:30:38 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-23 17:40:08 ----D---- C:\Documents and Settings\Me\Application Data\Games
2009-07-23 17:37:33 ----D---- C:\WINDOWS\system32\NtmsData
2009-07-23 14:40:46 ----D---- C:\My Games
2009-07-23 14:40:08 ----D---- C:\My Download Files
2009-07-18 11:05:21 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-18 11:05:14 ----A---- C:\WINDOWS\imsins.BAK
2009-07-14 08:58:29 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-14 08:28:29 ----D---- C:\WINDOWS\system32\en-US
2009-07-14 08:28:28 ----D---- C:\WINDOWS\Media
2009-07-14 08:28:28 ----D---- C:\Program Files\Internet Explorer
2009-07-13 20:46:01 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-13 20:35:07 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-12 22:21:00 ----D---- C:\Program Files\Windows Live Toolbar
2009-07-12 22:05:29 ----D---- C:\Program Files\Java
2009-07-12 12:36:42 ----D---- C:\Program Files\Common Files\InstallShield
2009-07-12 12:35:11 ----D---- C:\WINDOWS\system
2009-07-12 12:29:08 ----D---- C:\Documents and Settings\Me\Application Data\Move Networks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-04 335752]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-29 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-07 108552]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R2 BCMNTIO;BCMNTIO; \??\C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys []
R2 MAPMEM;MAPMEM; \??\C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2003-11-03 1330940]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-06 580992]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter; C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]
S3 catchme;catchme; \??\C:\DOCUME~1\Me\LOCALS~1\Temp\catchme.sys []
S3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-04 907032]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-29 298776]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-14 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2003-11-03 73728]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-26 1029456]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

-----------------EOF-----------------

GMER 1.0.15.15020 [ikueok1g.exe] - http://www.gmer.net
Rootkit scan 2009-08-11 14:43:13
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF92B087E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF92B0BFE]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@NoPopUpsOnBoot 1

---- EOF - GMER 1.0.15 ----
I think that I'm following your directions correctly. I appreciate your help.

nouara

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:37 PM

Posted 12 August 2009 - 10:48 AM

Total RAM: 255 MB (16% free)


You have a very low amount of RAM on our computer which is going to mean your computer will be quite slow, can you tell me what problems
you are currently having?

When you ran Combofix what happened did it run at all? did it crash? did it pop up with a log?

unite.jpg


#9 nouara

nouara
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 12 August 2009 - 11:34 AM

Hi,

I don't use this computer for very much besides the net. The problems that I'm having are that fairly regularly the computer stops and restarts without warning, and I get a message that the system has recovered from a serious problem. Also in the past (hasn't happened in a few months) the computer would die, and a blue screen with writing would be on the screen... Also it takes so long for the computer to reboot, I leave it running all the time, but it would be nice to save some money and turn it off when I'm not using it.

Thanks
nouara

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:37 PM

Posted 12 August 2009 - 11:50 AM

When you ran Combofix what happened did it run at all? did it crash? did it pop up with a log?


Can you answer this.

unite.jpg


#11 nouara

nouara
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 12 August 2009 - 01:05 PM

I don't remember it crashing...I think a window popped up with info, but since it was all greek to me, i closed it and unistalled the program.

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:37 PM

Posted 13 August 2009 - 02:10 PM

Hi nouara,

I don't see much in your logs, can you tell me what problems you are currently having?


Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Reamove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Next

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.

Next

We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Services
    Boonty Games
    :Reg
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Boonty Games"=-
    :Commands
    [EmptyTemp]
    [Reboot]
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Then post back with the OTM results and a new Rsit log.

Thanks

unite.jpg


#13 nouara

nouara
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 14 August 2009 - 11:32 AM

Hi.. waow I'm learning alot here.

Basic problems are that my computer crashes every few months with that blue screen.

It takes about 5 minutes for the computer to reboot.

Always seems to have something running in the background that slows things down.

The screen freezes and the internet closes fairly regularly.

I followed directions, step by step, so the lastest java is installed, and erunt is on the desktop.

This is the OTM log.

ThanksAll processes killed
========== SERVICES/DRIVERS ==========

Service\Driver Boonty Games deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services\\Boonty Games deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: Me
->Temp folder emptied: 34888074 bytes
->Temporary Internet Files folder emptied: 18100174 bytes
->Java cache emptied: 26936205 bytes
->FireFox cache emptied: 5273017 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2402221 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2142714 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 16474 bytes
RecycleBin emptied: 35330075 bytes

Total Files Cleaned = 119.45 mb


OTM by OldTimer - Version 3.0.0.6 log created on 08142009_091330

nouara

#14 nouara

nouara
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 14 August 2009 - 11:38 AM

oops, forgot the rsit log,

Logfile of random's system information tool 1.06 (written by random/random)
Run by Me at 2009-08-14 09:35:50
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 66 GB (86%) free of 76 GB
Total RAM: 255 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:36:39, on 8/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Me\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Me.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin...5&mkt=en-US
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger 9.8\Paltalk.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4812 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure Startup.job
C:\WINDOWS\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-14 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-14 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-14 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-14 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-06-29 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Paltalk Messenger 9.8\paltalk.exe"="C:\Program Files\Paltalk Messenger 9.8\paltalk.exe:*:Enabled:PaltalkScene"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2009-08-14 09:13:30 ----D---- C:\_OTM
2009-08-14 09:08:07 ----D---- C:\Program Files\ERUNT
2009-08-14 09:00:04 ----A---- C:\WINDOWS\system32\javaws.exe
2009-08-14 09:00:03 ----A---- C:\WINDOWS\system32\javaw.exe
2009-08-14 09:00:03 ----A---- C:\WINDOWS\system32\java.exe
2009-08-12 22:10:51 ----D---- C:\Documents and Settings\All Users\Application Data\JollyBear
2009-08-12 22:10:05 ----D---- C:\Documents and Settings\All Users\Application Data\Trymedia
2009-08-11 21:00:29 ----D---- C:\Program Files\Paltalk Messenger 9.8
2009-08-11 20:59:41 ----A---- C:\WINDOWS\PaltalkScene Setup Log.txt
2009-08-11 19:29:28 ----D---- C:\Documents and Settings\Me\Application Data\Paltalk
2009-08-11 19:29:00 ----D---- C:\Program Files\Paltalk Messenger
2009-08-05 19:55:01 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-07-28 17:02:48 ----D---- C:\Program Files\KraiSoft Games
2009-07-26 18:49:22 ----HDC---- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-07-26 16:49:30 ----A---- C:\WINDOWS\system32\CF20882.exe
2009-07-26 16:48:52 ----A---- C:\Bug.txt
2009-07-26 16:37:59 ----A---- C:\WINDOWS\system32\CF18612.exe
2009-07-26 16:30:55 ----A---- C:\WINDOWS\system32\CF16646.exe
2009-07-26 14:40:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-26 12:54:25 ----A---- C:\WINDOWS\system32\CF7576.exe
2009-07-26 03:30:26 ----A---- C:\WINDOWS\system32\CF28209.exe
2009-07-26 03:06:33 ----A---- C:\WINDOWS\system32\CF23500.exe
2009-07-26 02:57:47 ----A---- C:\WINDOWS\system32\CF21822.exe
2009-07-26 02:47:56 ----A---- C:\WINDOWS\system32\CF19820.exe
2009-07-26 02:42:48 ----D---- C:\WINDOWS\ERDNT
2009-07-26 02:42:10 ----A---- C:\WINDOWS\system32\CF18259.exe
2009-07-26 02:39:23 ----D---- C:\Qoobox
2009-07-26 01:46:04 ----D---- C:\Documents and Settings\Me\Application Data\WinRAR
2009-07-26 01:33:31 ----D---- C:\WINDOWS\ERUNT
2009-07-26 01:30:05 ----D---- C:\SDFix
2009-07-26 00:57:10 ----A---- C:\WINDOWS\system32\tmp.txt
2009-07-26 00:56:15 ----A---- C:\rapport.txt
2009-07-26 00:48:39 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-07-26 00:48:38 ----A---- C:\WINDOWS\system32\o4Patch.exe
2009-07-26 00:48:37 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2009-07-26 00:48:36 ----A---- C:\WINDOWS\system32\404Fix.exe
2009-07-26 00:48:34 ----A---- C:\WINDOWS\system32\IEDFix.exe
2009-07-26 00:48:33 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2009-07-26 00:48:32 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2009-07-26 00:48:29 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2009-07-26 00:48:29 ----A---- C:\WINDOWS\system32\dumphive.exe
2009-07-26 00:48:24 ----A---- C:\WINDOWS\system32\Process.exe
2009-07-25 15:21:18 ----D---- C:\rsit
2009-07-23 23:56:36 ----D---- C:\Documents and Settings\Me\Application Data\Malwarebytes
2009-07-23 23:56:20 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-23 23:56:18 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-23 20:14:08 ----D---- C:\Documents and Settings\Me\Application Data\IObit
2009-07-23 20:14:05 ----D---- C:\Program Files\IObit
2009-07-23 17:26:19 ----D---- C:\Program Files\Common Files\ODBC
2009-07-23 16:54:05 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner
2009-07-23 15:24:44 ----D---- C:\Program Files\Trend Micro
2009-07-18 11:05:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-18 11:04:57 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-18 10:51:46 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$

======List of files/folders modified in the last 1 months======

2009-08-14 09:35:58 ----D---- C:\WINDOWS\Prefetch
2009-08-14 09:20:14 ----D---- C:\WINDOWS\Temp
2009-08-14 09:14:12 ----D---- C:\WINDOWS
2009-08-14 09:08:07 ----AD---- C:\Program Files
2009-08-14 09:01:06 ----SHD---- C:\WINDOWS\Installer
2009-08-14 09:00:24 ----HD---- C:\Config.Msi
2009-08-14 09:00:05 ----D---- C:\WINDOWS\system32
2009-08-14 08:59:32 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-08-14 08:59:25 ----D---- C:\Program Files\Java
2009-08-14 04:06:46 ----HD---- C:\$AVG8.VAULT$
2009-08-12 10:24:38 ----SD---- C:\WINDOWS\Tasks
2009-08-11 21:40:59 ----D---- C:\WINDOWS\network diagnostic
2009-08-11 20:01:53 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-11 19:53:21 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-10 17:15:21 ----D---- C:\WINDOWS\system32\drivers
2009-08-06 08:40:49 ----AC---- C:\WINDOWS\wininit.ini
2009-07-29 09:22:55 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-28 16:59:15 ----D---- C:\Program Files\Atomaders
2009-07-28 00:00:47 ----D---- C:\WINDOWS\Minidump
2009-07-28 00:00:35 ----D---- C:\WINDOWS\system32\config
2009-07-28 00:00:34 ----D---- C:\WINDOWS\SoftwareDistribution
2009-07-28 00:00:34 ----D---- C:\WINDOWS\Debug
2009-07-28 00:00:32 ----D---- C:\Program Files\WinRAR
2009-07-27 19:08:41 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-27 18:58:39 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-27 18:25:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-26 18:48:49 ----D---- C:\Program Files\Lavasoft
2009-07-26 18:48:49 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-07-26 18:18:12 ----HD---- C:\WINDOWS\inf
2009-07-26 16:36:23 ----D---- C:\Program Files\Common Files
2009-07-26 16:36:23 ----D---- C:\Program Files\Ahead
2009-07-26 16:31:46 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-07-25 21:34:26 ----D---- C:\Program Files\Real
2009-07-25 21:11:51 ----SH---- C:\boot.ini
2009-07-25 21:11:51 ----A---- C:\WINDOWS\win.ini
2009-07-25 21:11:51 ----A---- C:\WINDOWS\system.ini
2009-07-25 21:03:11 ----D---- C:\WINDOWS\Help
2009-07-25 19:40:18 ----D---- C:\Documents and Settings
2009-07-23 22:46:39 ----D---- C:\WINDOWS\system32\DirectX
2009-07-23 17:40:08 ----D---- C:\Documents and Settings\Me\Application Data\Games
2009-07-23 17:37:33 ----D---- C:\WINDOWS\system32\NtmsData
2009-07-23 14:40:46 ----D---- C:\My Games
2009-07-23 14:40:08 ----D---- C:\My Download Files
2009-07-18 11:05:21 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-18 11:05:14 ----A---- C:\WINDOWS\imsins.BAK

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-04 335752]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-29 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-07 108552]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R2 BCMNTIO;BCMNTIO; \??\C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys []
R2 MAPMEM;MAPMEM; \??\C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-14 51120]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-14 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-14 21744]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2003-11-03 1330940]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-06 580992]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter; C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20160]
S3 catchme;catchme; \??\C:\DOCUME~1\Me\LOCALS~1\Temp\catchme.sys []
S3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-04 907032]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-29 298776]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-14 153376]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-26 1029456]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2003-11-03 73728]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

-----------------EOF-----------------

#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:37 PM

Posted 15 August 2009 - 12:08 PM

Hi nouara,

I don't see anything else to worry about in your logs, you have a low ammount of RAM which I think maybe the cause of the slowness.
Let me no in your next reply if you are having anymore problems.

Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the Posted Image button.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users