Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows notifies that I have the Bancos!a.gen Trojan


  • This topic is locked This topic is locked
12 replies to this topic

#1 Makaiton

Makaiton

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:09:58 PM

Posted 14 August 2009 - 12:04 AM

Hi! Since my computer was unceremoniously destroyed in transit from the USA to China, I went out and bought myself a laptop. However, upon updating windows XP, I began to get a malicious software report. After many scans, I still found nothing, and simply decided for a simple reformat/reinstall. Still, upon updating, the malicious software report appears again.

The alleged name of this ghost trojan is Bancos!a.gen


DDS (Ver_09-07-30.01) - NTFSx86
Run by Julie at 12:45:08.14 on Fri 08/14/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1286 [GMT 8:00]

AV: avast! antivirus 4.8.1335 [VPS 090813-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Sygate\SPF\smc.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Julie\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [EDS] c:\program files\samsung\samsung eds\EDSAgent.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DMHotKey] c:\program files\samsung\easy display manager\DMLoader.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\julie\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-489553540026} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\julie\applic~1\mozilla\firefox\profiles\lj27nhxt.default\
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-7 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-4-10 114768]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-7-7 717320]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-10 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-4-10 138680]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2009-4-10 4300]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-10 1029456]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-4-10 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-4-10 352920]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [2007-9-19 29184]
S4 vsdatant;vsdatant; [x]

=============== Created Last 30 ================

2009-08-13 23:22 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-08-13 22:57 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-12 13:56 <DIR> --d----- c:\windows\pss
2009-08-10 15:31 <DIR> --d----- c:\docume~1\julie\applic~1\OpenOffice.org
2009-08-10 03:15 <DIR> --d----- c:\program files\JRE
2009-08-10 03:15 <DIR> --d----- c:\program files\OpenOffice.org 3
2009-08-08 17:50 <DIR> --d----- c:\docume~1\julie\applic~1\Jane s Hotel
2009-08-05 22:55 <DIR> --d----- c:\docume~1\julie\applic~1\GameFools JanesZOO
2009-08-05 22:53 <DIR> --d----- c:\program files\Jane's Zoo
2009-08-05 17:01 204,800 -c------ c:\windows\system32\dllcache\mswebdvd.dll
2009-08-03 03:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia
2009-08-02 22:11 <DIR> --d----- c:\program files\Shockwave.com
2009-08-02 20:11 <DIR> --d----- c:\program files\PlayFirst
2009-08-02 00:21 <DIR> --d----- c:\program files\Black Isle
2009-07-30 20:48 <DIR> --d----- c:\program files\Conduit
2009-07-30 20:48 <DIR> --d----- c:\program files\livetvbar
2009-07-24 14:40 <DIR> --d----- c:\program files\iPod
2009-07-24 14:40 <DIR> --d----- c:\program files\iTunes
2009-07-18 19:15 <DIR> --d----- c:\program files\Zylom Games
2009-07-18 19:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Zylom
2009-07-18 03:01 58,880 -c------ c:\windows\system32\dllcache\atl.dll

==================== Find3M ====================

2009-08-05 17:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-18 03:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-12 12:21 233,472 a------- c:\windows\system32\wmpdxm.dll
2009-07-07 18:10 15,688 a------- c:\windows\system32\lsdelete.exe
2009-07-07 18:08 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-30 00:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-30 00:12 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-30 00:12 17,408 a------- c:\windows\system32\corpol.dll
2009-06-16 22:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 22:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-12 20:31 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 20:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 22:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 14:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-04 03:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-26 01:30 4,096 a------- c:\windows\d3dx.dat
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-22 10:30 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009040620090413\index.dat
2009-04-22 10:30 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009042220090423\index.dat

============= FINISH: 12:45:35.76 ===============

Attached Files


All good things should be free. Unfortunately, the opposite statement is what holds true most often.

BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:02:58 AM

Posted 24 August 2009 - 11:22 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 Makaiton

Makaiton
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:09:58 PM

Posted 25 August 2009 - 07:21 AM

Problem still exists. :thumbup2:


DDS Posted and attached:



DDS (Ver_09-07-30.01) - NTFSx86
Run by Julie at 20:15:47.85 on Tue 08/25/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1324 [GMT 8:00]

AV: avast! antivirus 4.8.1351 [VPS 090824-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Julie\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [EDS] c:\program files\samsung\samsung eds\EDSAgent.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DMHotKey] c:\program files\samsung\easy display manager\DMLoader.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-489553540026} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\julie\applic~1\mozilla\firefox\profiles\lj27nhxt.default\
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-7 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-4-10 114768]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-7-7 717320]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-10 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-4-10 138680]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2009-4-10 4300]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-10 1029456]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [2007-9-19 29184]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-4-10 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-4-10 352920]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 vsdatant;vsdatant; [x]

=============== Created Last 30 ================

2009-08-25 13:20 14,568 a------- c:\windows\system32\drivers\wg6n.sys
2009-08-25 13:20 14,568 a------- c:\windows\system32\drivers\wg5n.sys
2009-08-25 13:20 60,496 a------- c:\windows\system32\drivers\Teefer.sys
2009-08-25 13:20 14,568 a------- c:\windows\system32\drivers\wg4n.sys
2009-08-25 13:20 14,568 a------- c:\windows\system32\drivers\wg3n.sys
2009-08-25 13:20 21,075 a------- c:\windows\system32\drivers\wpsdrvnt.sys
2009-08-25 13:20 83,096 a------- c:\windows\system32\SSSensor.dll
2009-08-25 13:20 <DIR> --d----- c:\program files\Sygate
2009-08-22 22:52 <DIR> --d----- c:\windows\system32\appmgmt
2009-08-17 12:56 3,300,020 a------- c:\windows\system32\GameMon.des
2009-08-17 12:50 4,682 a------- c:\windows\system32\npptNT2.sys
2009-08-17 12:50 5,174 a------- c:\windows\system32\nppt9x.vxd
2009-08-17 12:48 <DIR> --d----- c:\program files\common files\INCA Shared
2009-08-17 12:15 258,352 a------- c:\documents and settings\julie\unicows.dll
2009-08-16 19:01 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-08-16 19:00 <DIR> --d----- c:\windows\system32\LogFiles
2009-08-14 12:52 250 a------- c:\windows\gmer.ini
2009-08-13 23:22 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-08-13 22:57 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-12 13:56 <DIR> --d----- c:\windows\pss
2009-08-10 15:31 <DIR> --d----- c:\docume~1\julie\applic~1\OpenOffice.org
2009-08-10 03:15 <DIR> --d----- c:\program files\JRE
2009-08-10 03:15 <DIR> --d----- c:\program files\OpenOffice.org 3
2009-08-05 17:01 204,800 -c------ c:\windows\system32\dllcache\mswebdvd.dll
2009-08-03 03:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia
2009-08-02 00:21 <DIR> --d----- c:\program files\Black Isle
2009-07-30 20:48 <DIR> --d----- c:\program files\Conduit
2009-07-30 20:48 <DIR> --d----- c:\program files\livetvbar

==================== Find3M ====================

2009-08-05 17:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-18 03:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-07 18:10 15,688 a------- c:\windows\system32\lsdelete.exe
2009-07-07 18:08 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-30 00:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-30 00:12 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-30 00:12 17,408 a------- c:\windows\system32\corpol.dll
2009-06-25 16:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 16:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 16:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 16:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 16:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 16:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-16 22:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 22:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-12 20:31 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 20:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 22:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 14:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-05 11:42 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-06-04 03:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-04-22 10:30 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009040620090413\index.dat
2009-04-22 10:30 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009042220090423\index.dat

============= FINISH: 20:16:15.40 ===============

Attached Files


All good things should be free. Unfortunately, the opposite statement is what holds true most often.

#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:58 PM

Posted 30 August 2009 - 11:08 PM

Hi Makaiton,



Welcome to BleepingComputer HijackThis Logs and Malware Removal, :thumbup2:
My name is sundavis, I will be helping you to deal with your Malware problems today.



Step1

Please download GMER Rootkit Scanner from Here or Here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish. For more info, go to Here for your reference.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" , and copy and paste the contents in your next reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries



Step2
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


In your next reply, please post back:


1.GMER log
2.RSIT log.txt and info.txt.Thanks.

#5 Makaiton

Makaiton
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:09:58 PM

Posted 31 August 2009 - 06:28 AM

First, GMER:


GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-31 19:19:13
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwAllocateVirtualMemory [0xF76A9B30]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB1BD46B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB1BD4574]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwCreateThread [0xF76A96F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB1BD4A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB1BD414C]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwMapViewOfSection [0xF76A9470]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB1BD464E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB1BD408C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB1BD40F0]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwProtectVirtualMemory [0xF76A9C50]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB1BD476E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB1BD472E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB1BD48AE]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwShutdownSystem [0xF76A9990]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwTerminateProcess [0xF76A98D0]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwWriteVirtualMemory [0xF76A9D60]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \Driver\Tcpip \Device\Ip wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\Udp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\IPMULTICAST wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{0461F6B6-066E-9BE4-35A30E37E302FE67}\{60F18D06-2547-D7B5-3F6FEAC167531534}\{03821BF4-A5A3-BF72-1BF7DBE36D239A74}
Reg HKLM\SOFTWARE\Classes\CLSID\{0461F6B6-066E-9BE4-35A30E37E302FE67}\{60F18D06-2547-D7B5-3F6FEAC167531534}\{03821BF4-A5A3-BF72-1BF7DBE36D239A74}@AXBBEZDR5GG1RHH1SV4GCUI36H1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{0B9B2E58-3692-44E0-82BCD152C9B1A253}\{3B86EA5A-3525-32DF-4FC0AC24E2F34E81}\{0E5227F9-B294-AFD8-393C80A21811674C}
Reg HKLM\SOFTWARE\Classes\CLSID\{0B9B2E58-3692-44E0-82BCD152C9B1A253}\{3B86EA5A-3525-32DF-4FC0AC24E2F34E81}\{0E5227F9-B294-AFD8-393C80A21811674C}@LQP5ZPUUKXNMDKQUSVXO5P66YE1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{1159B246-0933-86DB-AD593C3CB7051897}\{4B332D01-174C-E53B-FFAF1A8AAD861E31}\{3A54BA3C-24AD-210D-6C7EF9C90D2B01E7}
Reg HKLM\SOFTWARE\Classes\CLSID\{1159B246-0933-86DB-AD593C3CB7051897}\{4B332D01-174C-E53B-FFAF1A8AAD861E31}\{3A54BA3C-24AD-210D-6C7EF9C90D2B01E7}@PK3IM51V2WPW5YOPIRJ365XEIG1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{175AF4D7-9CF3-F457-BF0E37CACC73FC6B}\{467C247B-D237-138A-478D2C475DF76751}\{0F112251-81FD-FF65-E1D4489D8D443FBC}
Reg HKLM\SOFTWARE\Classes\CLSID\{175AF4D7-9CF3-F457-BF0E37CACC73FC6B}\{467C247B-D237-138A-478D2C475DF76751}\{0F112251-81FD-FF65-E1D4489D8D443FBC}@AXBBEZDR5GG1RHH1SV4GCUI36H1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{29D83109-D499-A3EF-54ABD4209B2D5F0C}\{354D4B2F-7299-D6B0-F9DE68C9556AEC8D}\{1096A586-413B-60D3-8347C002DC18071C}
Reg HKLM\SOFTWARE\Classes\CLSID\{29D83109-D499-A3EF-54ABD4209B2D5F0C}\{354D4B2F-7299-D6B0-F9DE68C9556AEC8D}\{1096A586-413B-60D3-8347C002DC18071C}@DIUMUTVOZPCSSGX5CJY2KLBAVE1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{30723499-6545-EACE-9B5A6213A2611088}\{8F702A1D-0083-23E8-7D232F31414B690B}\{20188B26-1B3F-8E02-CDCA05C95C90DBD0}
Reg HKLM\SOFTWARE\Classes\CLSID\{30723499-6545-EACE-9B5A6213A2611088}\{8F702A1D-0083-23E8-7D232F31414B690B}\{20188B26-1B3F-8E02-CDCA05C95C90DBD0}@QR1ILJL5ACMYH2P3FXOAHPVAQE1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{36A83BB8-F88B-C649-635463C8C05AC14F}\{B15264AB-0199-3F85-E804346070B10C97}\{1DF6944D-48A5-7AC3-364F976F1552112E}
Reg HKLM\SOFTWARE\Classes\CLSID\{36A83BB8-F88B-C649-635463C8C05AC14F}\{B15264AB-0199-3F85-E804346070B10C97}\{1DF6944D-48A5-7AC3-364F976F1552112E}@AXBBEZDR5GG1RHH1SV4GCUI36H1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{3749AA95-0B95-97D6-573EA782D1087389}\{140D5DD1-4454-9D01-1A62C863EE2D72CA}\{AFBD57C5-0E25-C0E9-BB318052A3DC6730}
Reg HKLM\SOFTWARE\Classes\CLSID\{3749AA95-0B95-97D6-573EA782D1087389}\{140D5DD1-4454-9D01-1A62C863EE2D72CA}\{AFBD57C5-0E25-C0E9-BB318052A3DC6730}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{406CE662-49A5-A824-9AD16CDB8C980A83}\{51810E7B-CC7B-50CD-91DC82E76A5CA55B}\{3C9B1055-B264-EADB-6986DE03867D1DB4}
Reg HKLM\SOFTWARE\Classes\CLSID\{406CE662-49A5-A824-9AD16CDB8C980A83}\{51810E7B-CC7B-50CD-91DC82E76A5CA55B}\{3C9B1055-B264-EADB-6986DE03867D1DB4}@QR1ILJL5ACMYH2P3FXOAHPVAQE1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{4262173D-BE17-0AF1-BC367E078DE3B172}\{0348FBC8-06E2-B99C-443C2E87108EE036}\{533D0420-D13F-E032-E569EC2F904CC0B3}
Reg HKLM\SOFTWARE\Classes\CLSID\{4262173D-BE17-0AF1-BC367E078DE3B172}\{0348FBC8-06E2-B99C-443C2E87108EE036}\{533D0420-D13F-E032-E569EC2F904CC0B3}@TU4WOU1J6ARI5KX1FANSH3C1OF1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{4E801B1F-2C34-C71B-55752B4DE71FAE4A}\{6707E13D-DFA5-4083-2A160A7F601D7F5F}\{38345692-AD4C-2D4A-1F4885FC450939AB}
Reg HKLM\SOFTWARE\Classes\CLSID\{4E801B1F-2C34-C71B-55752B4DE71FAE4A}\{6707E13D-DFA5-4083-2A160A7F601D7F5F}\{38345692-AD4C-2D4A-1F4885FC450939AB}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{512F71DC-3CBC-2B47-1A3BBA2110007DA7}\{3581E3EE-9609-7F22-508FFD480F192236}\{AD70F944-B806-2E49-AC620EB899FA98F6}
Reg HKLM\SOFTWARE\Classes\CLSID\{512F71DC-3CBC-2B47-1A3BBA2110007DA7}\{3581E3EE-9609-7F22-508FFD480F192236}\{AD70F944-B806-2E49-AC620EB899FA98F6}@DIUMUTVOZPCSSGX5CJY2KLBAVE1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{51E2427C-8584-07B7-23DE47D3A7EA0FAE}\{FE4DB2DE-8B1B-C18C-3FBFE7B17663DE6A}\{D7759A44-051C-D7DE-9FB52EA4C570BE7C}
Reg HKLM\SOFTWARE\Classes\CLSID\{51E2427C-8584-07B7-23DE47D3A7EA0FAE}\{FE4DB2DE-8B1B-C18C-3FBFE7B17663DE6A}\{D7759A44-051C-D7DE-9FB52EA4C570BE7C}@2EQJ2Z3RJDTDB2HBN4IWIN4ITC1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{564572D7-BA6B-A81E-17332C14105A24EF}\{35AC4256-1B84-66D8-7C4583AC3B4AA35B}\{791C0703-8CF5-813B-67470F66B09458B3}
Reg HKLM\SOFTWARE\Classes\CLSID\{564572D7-BA6B-A81E-17332C14105A24EF}\{35AC4256-1B84-66D8-7C4583AC3B4AA35B}\{791C0703-8CF5-813B-67470F66B09458B3}@PK3IM51V2WPW5YOPIRJ365XEIG1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{5B0B6C35-3AEA-9EAE-179EBB09B20EA2F1}\{75565C86-DCE5-4077-B0F3502E93E7104E}\{6B409343-0D15-4A1C-46DBD99A1375331F}
Reg HKLM\SOFTWARE\Classes\CLSID\{5B0B6C35-3AEA-9EAE-179EBB09B20EA2F1}\{75565C86-DCE5-4077-B0F3502E93E7104E}\{6B409343-0D15-4A1C-46DBD99A1375331F}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{6283EF60-5306-646F-3E2A60A6F3147012}\{EC258BE5-E5B0-C834-EB7A48F96467BF3F}\{829C9D27-3E4A-4D61-8C18630CF0B6A85C}
Reg HKLM\SOFTWARE\Classes\CLSID\{6283EF60-5306-646F-3E2A60A6F3147012}\{EC258BE5-E5B0-C834-EB7A48F96467BF3F}\{829C9D27-3E4A-4D61-8C18630CF0B6A85C}@2EQJ2Z3RJDTDB2HBN4IWIN4ITC1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{62B9DDBB-52F0-AEDA-13C9CB9FD8297A44}\{829B01D7-8AAE-A7FF-AA7986A64CC9B9E2}\{E296BA6F-1F6D-20AF-CDC0E27325509C67}
Reg HKLM\SOFTWARE\Classes\CLSID\{62B9DDBB-52F0-AEDA-13C9CB9FD8297A44}\{829B01D7-8AAE-A7FF-AA7986A64CC9B9E2}\{E296BA6F-1F6D-20AF-CDC0E27325509C67}@2EQJ2Z3RJDTDB2HBN4IWIN4ITC1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{66D2B6B0-0AC3-1D5E-AFE4FCFC2DBC1E0D}\{D0054572-6CDD-7E67-D144F5B82EF8A509}\{800AEEDD-FDE9-D9F6-54124DEBF6D799D2}
Reg HKLM\SOFTWARE\Classes\CLSID\{66D2B6B0-0AC3-1D5E-AFE4FCFC2DBC1E0D}\{D0054572-6CDD-7E67-D144F5B82EF8A509}\{800AEEDD-FDE9-D9F6-54124DEBF6D799D2}@2EQJ2Z3RJDTDB2HBN4IWIN4ITC1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{793A0CD2-18B8-B505-D2705730ED7730B5}\{224F5FE7-6AB9-E5AA-092A0B3F1E7E0249}\{E87C09AA-1A97-D30E-8C0D3EFE96A56BA8}
Reg HKLM\SOFTWARE\Classes\CLSID\{793A0CD2-18B8-B505-D2705730ED7730B5}\{224F5FE7-6AB9-E5AA-092A0B3F1E7E0249}\{E87C09AA-1A97-D30E-8C0D3EFE96A56BA8}@QR1ILJL5ACMYH2P3FXOAHPVAQE1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{93E6CEFD-CA56-59D1-C6A1E22689695F47}\{E62B984B-3624-15D7-6BC3102B23FA8A76}\{D0F98AA7-EDD9-94A9-9F817DE029F1BE16}
Reg HKLM\SOFTWARE\Classes\CLSID\{93E6CEFD-CA56-59D1-C6A1E22689695F47}\{E62B984B-3624-15D7-6BC3102B23FA8A76}\{D0F98AA7-EDD9-94A9-9F817DE029F1BE16}@L5OTYL4OSK54QTZWOGJWMONWTG1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{98B9D362-6FA9-F2DD-8313270235BA4B20}\{5D643ECC-D4AF-9C0B-F1B60013ED0D3A91}\{59246844-3775-677A-61694CAC956C3858}
Reg HKLM\SOFTWARE\Classes\CLSID\{98B9D362-6FA9-F2DD-8313270235BA4B20}\{5D643ECC-D4AF-9C0B-F1B60013ED0D3A91}\{59246844-3775-677A-61694CAC956C3858}@DIUMUTVOZPCSSGX5CJY2KLBAVE1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{9D9EEA93-DD59-68FD-2527E621161D0237}\{C35E9742-B8BD-06C7-FA5575747B82F58D}\{7D561727-4D3E-D313-4CFAAB3C00BB0207}
Reg HKLM\SOFTWARE\Classes\CLSID\{9D9EEA93-DD59-68FD-2527E621161D0237}\{C35E9742-B8BD-06C7-FA5575747B82F58D}\{7D561727-4D3E-D313-4CFAAB3C00BB0207}@QR1ILJL5ACMYH2P3FXOAHPVAQE1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{9D9EEA93-DD59-68FD-2527E621161D0237}\{C35E9742-B8BD-06C7-FA5575747B82F58D}\{7D561727-4D3E-D313-4CFAAB3C00BB0207}@L5OTYL4OSK54QTZWOGJWMONWTG1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{A211FD50-104A-552A-E783321B77B5C9DA}\{4E700FFC-D5B6-D24A-08D9C51A05E3FA14}\{72F82311-8741-4D82-9043D22F7FAD5282}
Reg HKLM\SOFTWARE\Classes\CLSID\{A211FD50-104A-552A-E783321B77B5C9DA}\{4E700FFC-D5B6-D24A-08D9C51A05E3FA14}\{72F82311-8741-4D82-9043D22F7FAD5282}@LQP5ZPUUKXNMDKQUSVXO5P66YE1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{A754038D-5461-C6FF-89A37522C498DE93}\{1089EA54-87DF-A583-56CE37BECDECB43B}\{5F10775F-480B-9EA7-99D54B1CB86EF9A3}
Reg HKLM\SOFTWARE\Classes\CLSID\{A754038D-5461-C6FF-89A37522C498DE93}\{1089EA54-87DF-A583-56CE37BECDECB43B}\{5F10775F-480B-9EA7-99D54B1CB86EF9A3}@TU4WOU1J6ARI5KX1FANSH3C1OF1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{A76448FF-EA59-23D3-98F3B9C94A7EC293}\{51B7BFF3-30C4-3859-72DBC6993BF1721D}\{60FC5D85-3D13-ED0E-8811CBE6817E353D}
Reg HKLM\SOFTWARE\Classes\CLSID\{A76448FF-EA59-23D3-98F3B9C94A7EC293}\{51B7BFF3-30C4-3859-72DBC6993BF1721D}\{60FC5D85-3D13-ED0E-8811CBE6817E353D}@PK3IM51V2WPW5YOPIRJ365XEIG1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{A8A45CF7-6BE6-B2C1-72491EAB2E9A6B2B}\{B617CAED-A840-2A11-665EBDF0B9E06934}\{20694653-0A9D-BD70-6F24016076B199C3}
Reg HKLM\SOFTWARE\Classes\CLSID\{A8A45CF7-6BE6-B2C1-72491EAB2E9A6B2B}\{B617CAED-A840-2A11-665EBDF0B9E06934}\{20694653-0A9D-BD70-6F24016076B199C3}@AXBBEZDR5GG1RHH1SV4GCUI36H1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AA58136B-E4D9-7C22-F318862907B73EF7}\{7320B164-7CDE-F0FA-3D718014E02662FF}\{717B3025-5806-2EEA-4DFCCD0F4E1E26A2}
Reg HKLM\SOFTWARE\Classes\CLSID\{AA58136B-E4D9-7C22-F318862907B73EF7}\{7320B164-7CDE-F0FA-3D718014E02662FF}\{717B3025-5806-2EEA-4DFCCD0F4E1E26A2}@TU4WOU1J6ARI5KX1FANSH3C1OF1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{B60CDB60-5376-6DCA-4461E93C2465DB73}\{FC4191BA-6A42-922A-A34EA95E47ABF03B}\{07043ED0-9EC9-0D6A-FB993C405174A321}
Reg HKLM\SOFTWARE\Classes\CLSID\{B60CDB60-5376-6DCA-4461E93C2465DB73}\{FC4191BA-6A42-922A-A34EA95E47ABF03B}\{07043ED0-9EC9-0D6A-FB993C405174A321}@L5OTYL4OSK54QTZWOGJWMONWTG1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{BCA821CD-4A5D-ABF7-7317F5EBFF711061}\{A8AD8BCF-CB94-6A01-1BDB64CAD4C7BA22}\{6360A729-06A7-39D5-91DA34CCB8512CF9}
Reg HKLM\SOFTWARE\Classes\CLSID\{BCA821CD-4A5D-ABF7-7317F5EBFF711061}\{A8AD8BCF-CB94-6A01-1BDB64CAD4C7BA22}\{6360A729-06A7-39D5-91DA34CCB8512CF9}@L5OTYL4OSK54QTZWOGJWMONWTG1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{BF1EE1FE-1932-A99C-B95E9DB4FC5D390D}\{14AB012F-1755-CBB6-E6EC0E63008B2B35}\{6CBF63F5-AF79-823D-FB168B9FCC8939EB}
Reg HKLM\SOFTWARE\Classes\CLSID\{BF1EE1FE-1932-A99C-B95E9DB4FC5D390D}\{14AB012F-1755-CBB6-E6EC0E63008B2B35}\{6CBF63F5-AF79-823D-FB168B9FCC8939EB}@LQP5ZPUUKXNMDKQUSVXO5P66YE1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C3E67C84-FF81-4ACD-401BD333BA56E9EA}\{F4E9985F-0D7B-FE76-62CD8C76B0126B78}\{BB457FA5-4647-F88E-4919FBC3754B9322}
Reg HKLM\SOFTWARE\Classes\CLSID\{C3E67C84-FF81-4ACD-401BD333BA56E9EA}\{F4E9985F-0D7B-FE76-62CD8C76B0126B78}\{BB457FA5-4647-F88E-4919FBC3754B9322}@PK3IM51V2WPW5YOPIRJ365XEIG1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C53C8AFE-780B-A095-1875A9D39C824CF2}\{151E6624-94D7-6041-A2A26FFA6BDDEF0C}\{8D08884B-CD31-5FF0-CA8CAC497363EFC4}
Reg HKLM\SOFTWARE\Classes\CLSID\{C53C8AFE-780B-A095-1875A9D39C824CF2}\{151E6624-94D7-6041-A2A26FFA6BDDEF0C}\{8D08884B-CD31-5FF0-CA8CAC497363EFC4}@LQP5ZPUUKXNMDKQUSVXO5P66YE1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DBE5F6A6-C8E0-8D37-B1C3ECD994E168FF}\{7F7185F9-7F48-A4B8-D3088315D7013D5E}\{124A519E-6019-9B74-2FA3F0240754901A}
Reg HKLM\SOFTWARE\Classes\CLSID\{DBE5F6A6-C8E0-8D37-B1C3ECD994E168FF}\{7F7185F9-7F48-A4B8-D3088315D7013D5E}\{124A519E-6019-9B74-2FA3F0240754901A}@DIUMUTVOZPCSSGX5CJY2KLBAVE1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DD7439DE-8878-D698-3C485D80ADEA187F}\{BE3DFA66-365B-5E4A-7917DE6528C06D4A}\{FEBDC4E7-2EEE-D959-80681B5DE578BC2D}
Reg HKLM\SOFTWARE\Classes\CLSID\{DD7439DE-8878-D698-3C485D80ADEA187F}\{BE3DFA66-365B-5E4A-7917DE6528C06D4A}\{FEBDC4E7-2EEE-D959-80681B5DE578BC2D}@TU4WOU1J6ARI5KX1FANSH3C1OF1 0x01 0x00 0x01 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EAE54BA3-56A0-7636-9D760FE75B19E95C}\{32AED356-A62E-B541-0C1631C471EC4552}\{622BCC28-1320-8061-75578A77CF92A31A}
Reg HKLM\SOFTWARE\Classes\CLSID\{EAE54BA3-56A0-7636-9D760FE75B19E95C}\{32AED356-A62E-B541-0C1631C471EC4552}\{622BCC28-1320-8061-75578A77CF92A31A}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...

---- EOF - GMER 1.0.15 ----





Second, RSIT Log:




Logfile of random's system information tool 1.06 (written by random/random)
Run by Julie at 2009-08-31 19:25:51
Microsoft Windows XP Professional Service Pack 3
System drive C: has 29 GB (77%) free of 38 GB
Total RAM: 2046 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:26:05 PM, on 8/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Julie\My Documents\Downloads\RSIT(3).exe
C:\Program Files\trend micro\Julie.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [EDS] C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-489553540026} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F722C7F-E623-4880-88E4-2BACA1F0D01A}: NameServer = 202.101.172.48 202.101.172.47
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 6567 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2006-02-28 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2006-02-28 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2006-02-28 455168]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-18 81000]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-06 16380416]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-04 69632]
"EDS"=C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe [2007-09-20 634880]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-12-08 761947]
"DMHotKey"=C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe [2006-12-27 466944]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-20 177472]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe [2004-10-15 2577632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-09-05 24359720]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicKeyboard]
C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe [2006-05-14 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2007-04-01 568176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-08-28 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"E:\Descent\main.exe"="E:\Descent\main.exe:*:Enabled:main"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-08-31 19:25:51 ----D---- C:\rsit
2009-08-31 19:25:51 ----D---- C:\Program Files\trend micro
2009-08-29 03:00:40 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-28 01:37:32 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-26 03:01:45 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-26 03:01:41 ----D---- C:\Program Files\MSBuild
2009-08-25 20:37:04 ----D---- C:\Program Files\Reference Assemblies
2009-08-25 20:37:03 ----SHD---- C:\Config.Msi
2009-08-25 20:36:43 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-08-25 20:36:43 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-08-25 20:36:43 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-08-25 13:20:31 ----A---- C:\WINDOWS\system32\SSSensor.dll
2009-08-25 13:20:26 ----D---- C:\Program Files\Sygate
2009-08-22 22:52:42 ----D---- C:\WINDOWS\system32\appmgmt
2009-08-19 03:00:48 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-08-18 03:02:28 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-08-18 03:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-08-18 03:00:33 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-08-17 12:48:21 ----D---- C:\Program Files\Common Files\INCA Shared
2009-08-16 23:16:25 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-08-16 19:01:24 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-08-16 19:01:23 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-08-16 19:01:08 ----D---- C:\Program Files\Windows Media Connect 2
2009-08-16 19:00:57 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-08-16 19:00:22 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-08-16 19:00:02 ----D---- C:\WINDOWS\system32\LogFiles
2009-08-16 18:59:58 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-08-16 03:00:32 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-14 12:52:00 ----A---- C:\WINDOWS\gmer.ini
2009-08-14 12:51:59 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-08-14 12:51:59 ----A---- C:\WINDOWS\gmer.exe
2009-08-14 12:51:59 ----A---- C:\WINDOWS\gmer.dll
2009-08-14 03:03:02 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-14 03:02:56 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-14 03:02:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-14 03:02:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-14 03:02:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-14 03:02:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-14 03:02:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-14 03:02:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-14 03:00:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-12 13:56:03 ----D---- C:\WINDOWS\pss
2009-08-10 15:31:13 ----D---- C:\Documents and Settings\Julie\Application Data\OpenOffice.org
2009-08-10 03:15:30 ----D---- C:\Program Files\JRE
2009-08-10 03:15:24 ----D---- C:\Program Files\OpenOffice.org 3
2009-08-10 03:15:11 ----A---- C:\WINDOWS\system32\javaws.exe
2009-08-10 03:15:11 ----A---- C:\WINDOWS\system32\javaw.exe
2009-08-10 03:15:11 ----A---- C:\WINDOWS\system32\java.exe
2009-08-03 03:25:58 ----D---- C:\Documents and Settings\All Users\Application Data\Trymedia

======List of files/folders modified in the last 1 months======

2009-08-31 19:25:51 ----RD---- C:\Program Files
2009-08-31 19:25:38 ----D---- C:\WINDOWS\Prefetch
2009-08-31 19:09:48 ----D---- C:\Documents and Settings\Julie\Application Data\Skype
2009-08-31 18:54:09 ----D---- C:\WINDOWS\Temp
2009-08-31 18:53:59 ----D---- C:\Program Files\Mozilla Firefox
2009-08-31 15:39:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-31 15:20:05 ----A---- C:\WINDOWS\BlendSettings.ini
2009-08-30 09:36:22 ----D---- C:\WINDOWS
2009-08-29 04:33:01 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-29 03:00:56 ----HD---- C:\WINDOWS\inf
2009-08-29 03:00:53 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-29 03:00:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-29 03:00:41 ----D---- C:\WINDOWS\system32
2009-08-28 01:37:37 ----A---- C:\WINDOWS\imsins.BAK
2009-08-27 21:32:08 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-27 21:32:07 ----RSD---- C:\WINDOWS\assembly
2009-08-27 18:35:18 ----D---- C:\Program Files\Lavasoft
2009-08-27 18:35:18 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-08-27 18:35:16 ----SHD---- C:\WINDOWS\Installer
2009-08-27 18:35:06 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-27 18:35:06 ----D---- C:\WINDOWS\system32\drivers
2009-08-27 18:34:18 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-27 18:21:28 ----D---- C:\WINDOWS\system32\Restore
2009-08-27 17:19:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-27 17:18:13 ----D---- C:\WINDOWS\WinSxS
2009-08-27 17:15:10 ----RSD---- C:\WINDOWS\Fonts
2009-08-25 20:37:10 ----D---- C:\WINDOWS\system32\en-US
2009-08-25 20:36:51 ----D---- C:\WINDOWS\system32\spool
2009-08-25 20:35:28 ----D---- C:\WINDOWS\system32\mui
2009-08-25 20:35:28 ----D---- C:\Program Files\Internet Explorer
2009-08-25 09:59:18 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-08-22 23:14:37 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst
2009-08-22 19:46:43 ----D---- C:\WINDOWS\network diagnostic
2009-08-22 11:43:33 ----D---- C:\Documents and Settings\Julie\Application Data\Apple Computer
2009-08-21 12:35:06 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-18 21:40:34 ----A---- C:\moduleName.txt
2009-08-18 00:10:20 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-08-17 12:59:54 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-08-17 12:48:21 ----D---- C:\Program Files\Common Files
2009-08-17 12:36:41 ----D---- C:\Program Files\WinRAR
2009-08-16 19:01:15 ----A---- C:\WINDOWS\win.ini
2009-08-16 19:01:08 ----D---- C:\Program Files\Windows Media Player
2009-08-16 19:01:05 ----D---- C:\WINDOWS\Help
2009-08-15 21:01:54 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-14 03:02:29 ----D---- C:\Program Files\Outlook Express
2009-08-14 03:02:18 ----A---- C:\WINDOWS\system32\MRT.INI
2009-08-12 13:58:57 ----SH---- C:\boot.ini
2009-08-12 13:58:57 ----A---- C:\WINDOWS\system.ini
2009-08-10 03:14:53 ----D---- C:\Program Files\Java
2009-08-08 18:53:27 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-05 17:01:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-04 01:52:20 ----D---- C:\WINDOWS\system32\config

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-18 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-18 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-18 51376]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-18 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-18 94160]
R2 DOSMEMIO;MEMIO; \??\C:\WINDOWS\system32\MEMIO.SYS []
R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2004-10-15 14568]
R2 wg4n;SyGate for NT, wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [2004-10-15 14568]
R2 wg5n;SyGate for NT, wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [2004-10-15 14568]
R2 wg6n;SyGate for NT, wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [2004-10-15 14568]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-11-29 1161888]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-18 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-08-28 2372096]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-04-01 876384]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-03-24 67960]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 DNSeFilter;DNSeFilter; C:\WINDOWS\system32\drivers\SamsungEDS.sys [2007-09-19 29184]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-11 4449280]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-01-19 80512]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-12-08 191936]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-05-03 546976]
S3 aujasnkj;aujasnkj; \??\C:\DOCUME~1\Julie\LOCALS~1\Temp\aujasnkj.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-08-14 68961]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2006-10-06 9216]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-08-28 483328]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-18 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-04-01 273256]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-21 152984]
R2 SmcService;Sygate Personal Firewall; C:\Program Files\Sygate\SPF\smc.exe [2004-10-15 2577632]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-18 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-18 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-07-30 3300020]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------




Last, RSIT Info:




info.txt logfile of random's system information tool 1.06 2009-08-31 19:26:07

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Agere Systems HDA Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Atheros WLAN Client-->C:\Program Files\InstallShield Installation Information\{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}\setup.exe -runfromtemp -l0x0009 -removeonly
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Descent 3-->C:\WINDOWS\ISUNINST.EXE -fe:\Descent\Uninst.isu -ce:\Descent\d3uninst.dll
Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Easy Display Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}\setup.exe" -l0x9 -removeonly
Gates of Andaron-->"F:\GatesofAndaron\unins000.exe"
Heat-->C:\Program Files\HEAT\System\uninstall.exe
Hero Editor V0.96-->C:\WINDOWS\st6unst.exe -n "E:\ST6UNST.LOG"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
Java™ 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013F0}
Java™ 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Magic Keyboard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD723E53-A42C-4702-AA04-1D74A0311590}\Setup.exe" -l0x9 Remove
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MobileMe Control Panel-->MsiExec.exe /I{CADBCBBA-6CDD-4119-B5ED-4AE075B153E7}
Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Oblivion - Fighter's Stronghold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C2276CCD-7998-463D-8240-A1A3F58B0FA3}\setup.exe" -l0x9 -removeonly
Oblivion - Horse Armor Pack-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3ABEBD00-299D-4DCA-967F-B912163AB5EA}\setup.exe" -l0x9 -removeonly
Oblivion - Mehrunes Razor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF295F5C-7B57-47AA-8889-6B3E8E214E89}\setup.exe" -l0x9 -removeonly
Oblivion - Orrery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC425CFC-EE78-4A91-AA25-3BFA65B75364}\setup.exe" -l0x9 -removeonly
Oblivion - Spell Tomes-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16D919E6-F019-4E15-BFBE-4A85EF19DA57}\setup.exe" -l0x9 -removeonly
Oblivion - The Thieves Den-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FFFFFD17-B460-41EB-93F1-C48ABAD63828}\setup.exe" -l0x9 -removeonly
Oblivion - The Vile Lair-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}\setup.exe" -l0x9 -removeonly
Oblivion - The Wizard's Tower-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F2E3D62-8B8C-448F-8900-451325E50948}\setup.exe" -l0x9 -removeonly
Oblivion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
Once Upon a Diner (Diner Dash Hometown Hero - Gourmet)-->C:\DOCUME~1\ALLUSE~1\APPLIC~1\PLAYFI~1\Games\DINERD~2\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\APPLIC~1\PLAYFI~1\Games\DINERD~2\INSTALL.LOG
OpenOffice.org 3.1-->MsiExec.exe /I{E6B87DC4-2B3D-4483-ADFF-E483BF718991}
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Safari-->MsiExec.exe /I{C5C649A8-1D21-4C83-9B08-7B3752E580F4}
Samsung EDS-->MsiExec.exe /X{ABB14904-A11B-4F42-996C-80FD608A0F17}
Seasonal Snack Pack (Diner Dash Hometown Hero - Gourmet)-->C:\DOCUME~1\ALLUSE~1\APPLIC~1\PLAYFI~1\Games\DINERD~2\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\APPLIC~1\PLAYFI~1\Games\DINERD~2\INSTALL.LOG
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sygate Personal Firewall-->MsiExec.exe /I{F34D9A5F-484A-4E31-A9D3-908CB265B289}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
WIDCOMM Bluetooth Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: avast! antivirus 4.8.1351 [VPS 090830-0]
FW: Sygate Personal Firewall

======System event log======

Computer Name: JULIEISGREAT
Event Code: 1000
Message: Your computer has lost the lease to its IP address 192.168.1.100 on the
Network Card with network address 001377AA9C8E.

Record Number: 7454
Source Name: Dhcp
Time Written: 20090805141702.000000+480
Event Type: error
User:

Computer Name: JULIEISGREAT
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001377AA9C8E. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 7453
Source Name: Dhcp
Time Written: 20090805141702.000000+480
Event Type: warning
User:

Computer Name: JULIEISGREAT
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001377AA9C8E. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 7228
Source Name: Dhcp
Time Written: 20090801234417.000000+480
Event Type: warning
User:

Computer Name: JULIEISGREAT
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001377AA9C8E. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 7226
Source Name: Dhcp
Time Written: 20090801213636.000000+480
Event Type: warning
User:

Computer Name: JULIEISGREAT
Event Code: 1002
Message: The IP address lease 192.168.1.100 for the Network Card with network address 001377AA9C8E has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Record Number: 7148
Source Name: Dhcp
Time Written: 20090731134216.000000+480
Event Type: error
User:

=====Application event log=====

Computer Name: JULIEISGREAT
Event Code: 0
Message: All compilation assembly nodes do not exist in System.Web section group.

Record Number: 15
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090826030150.000000+480
Event Type: warning
User:

Computer Name: JULIEISGREAT
Event Code: 0
Message: A configuration entry for BuildProvider System.ServiceModel.Activation.ServiceBuildProvider, System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 does not exist.

Record Number: 14
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090826030150.000000+480
Event Type: warning
User:

Computer Name: JULIEISGREAT
Event Code: 0
Message: Could not detect IIS installation or IIS is disabled, skipping the Web Host Script Mappings component since it depends upon IIS to function properly.
If you believe this message is an error, check your IIS installation to make sure it is installed properly.

Record Number: 12
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090826030149.000000+480
Event Type: warning
User:

Computer Name: JULIEISGREAT
Event Code: 1000
Message: Faulting application skype.exe, version 3.8.4.42, faulting module skype.exe, version 3.8.4.42, fault address 0x00004900.

Record Number: 6
Source Name: Application Error
Time Written: 20090826002429.000000+480
Event Type: error
User:

Computer Name: JULIEISGREAT
Event Code: 1002
Message: Hanging application firefox.exe, version 1.9.1.3497, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 5
Source Name: Application Hang
Time Written: 20090825223726.000000+480
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------






Thanks in advance!
All good things should be free. Unfortunately, the opposite statement is what holds true most often.

#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:58 PM

Posted 31 August 2009 - 08:34 AM

Hi Makaiton,




Microsoft Windows Malicious Software Removal Tool (MRT) reports you have Win32/Bancos.gen!A infection. It maybe a false positive. Click Start >Run>type MRT >Hit enter

After MRT scanner stops, go to C:\WINDOWS\Debug\mrt.log . Open mrt.log and it should look like as follows:

Microsoft Windows Malicious Software Removal Tool v2.0, July 2008
Started On Wed Jul 09 12:51:19 2008

Extended Scan Results
----------------

Found possible virus: TrojanSpy:Win32/Bancos.gen!A in process://pid:1568


Please press Ctrl+Alt+Del, Windows Task Manager will pop up, click View tap on the top and click Select Columns and check the PID box, OK the button. Now click Processes button.

Tell me which file was pointed to the same PID number as that in your mrt log. Maybe skype.exe or something new. Please specify that info in your next reply. If not the case. Please do the following:




Step1

Please download Malwarebytes' Anti-Malware from Here or Here
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.or you can find from here:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy&Paste the entire report in your next reply

Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


Step2

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In you next reply, please post back:

1.MBAM log
2.OTL listIt.txt and Extra.txt

#7 Makaiton

Makaiton
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:09:58 PM

Posted 31 August 2009 - 01:26 PM

The MRT came up completely clean... :thumbup2:


MBAM Log:




Malwarebytes' Anti-Malware 1.40
Database version: 2722
Windows 5.1.2600 Service Pack 3

9/1/2009 2:13:50 AM
mbam-log-2009-09-01 (02-13-50).txt

Scan type: Quick Scan
Objects scanned: 86384
Time elapsed: 3 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Julie\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} (Adware.DoubleD) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)




OTL Extras Log:




OTL Extras logfile created on: 9/1/2009 2:14:29 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Julie\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.47% Memory free
3.85 Gb Paging File | 3.20 Gb Available in Paging File | 83.13% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 36.65 Gb Total Space | 28.19 Gb Free Space | 76.93% Space Free | Partition Type: NTFS
Drive D: | 63.42 Gb Total Space | 46.05 Gb Free Space | 72.60% Space Free | Partition Type: FAT32
Drive E: | 65.91 Gb Total Space | 36.89 Gb Free Space | 55.97% Space Free | Partition Type: FAT32
Drive F: | 66.86 Gb Total Space | 57.48 Gb Free Space | 85.97% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
Drive H: | 4.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
I: Drive not present or media not loaded

Computer Name: JULIEISGREAT
Current User Name: Julie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-839522115-413027322-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"E:\Descent\main.exe" = E:\Descent\main.exe:*:Enabled:main -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C2AF74-C739-B278-22BB-90F92772635E}" = CCC Help Japanese
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{056F567C-E1FB-840B-1389-FAEBF3EA9568}" = CCC Help Korean
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08777C3E-910E-F79C-5864-D2A17A91A1E7}" = Catalyst Control Center Localization French
"{0B7CC558-113F-6CBF-BC60-5BC1A9AB0935}" = Catalyst Control Center Localization Italian
"{0D81EE92-CA0C-E0B3-8D1B-C7D2BEA28ED6}" = Catalyst Control Center Localization Spanish
"{0F9178BF-5531-CDF0-BB10-AEEF23EF7896}" = Skins
"{101AA343-44A3-39A2-5716-D16C9A380E3E}" = Catalyst Control Center Graphics Light
"{12673141-C46A-3B11-06CE-6C3948886B34}" = Catalyst Control Center Localization Korean
"{13730213-FCB1-96DA-A5EB-D7F9BBD5D4DF}" = CCC Help Czech
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 14
"{26A24AE4-039D-4CA4-87B4-2F83216013F0}" = Java™ 6 Update 13
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - The Wizard's Tower
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350CCF27-81F6-2D0F-92B0-8D9B16C96D35}" = Catalyst Control Center Localization Danish
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
"{3E358932-0375-1619-4A7E-82973C77EDF9}" = CCC Help English
"{43AC517E-E59C-8B59-225F-CC2218A62BAF}" = CCC Help Spanish
"{47ADB60A-9C9A-31C3-316E-6258F90BDF0D}" = Catalyst Control Center Localization Polish
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - The Vile Lair
"{55B18E1C-0693-420B-09F9-ED6F4FE04625}" = CCC Help Swedish
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{603D3347-F382-5A60-6C69-3FC2A5BB41F0}" = Catalyst Control Center Localization Hungarian
"{651F2BAB-2EFB-BA61-DF83-81F746B98A21}" = Catalyst Control Center Localization Dutch
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{71D9FA06-60A7-4EFD-C07D-772F0E734EC0}" = Catalyst Control Center Localization Russian
"{77878FCF-CC5A-6B7D-8D38-44CE96A0B4FF}" = CCC Help Finnish
"{7C31BD57-5CB1-72F8-2ACA-04011645E8EF}" = Catalyst Control Center Localization German
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{86D747DF-DCFE-235F-38AC-58EDFFBAB928}" = Catalyst Control Center Localization Thai
"{8A562D2B-F0FA-90A1-F15A-15BFEACBE79F}" = Catalyst Control Center Localization Japanese
"{8B0A5B0D-A9B1-FC3C-5D91-89EF6E38CCB4}" = CCC Help Polish
"{8D96C10A-AC25-C21C-4847-BFCD29CA4011}" = CCC Help Russian
"{8E186BE9-56D0-BD47-6CC7-72DCC54FE07D}" = CCC Help Portuguese
"{93FFACAA-A498-A775-5023-3E7BA7E78605}" = Catalyst Control Center Localization Portuguese
"{96A7CA3E-D25F-886F-5568-6E668065D12F}" = Catalyst Control Center Graphics Full Existing
"{974B7DCF-D588-4B8F-4C45-D58114F9DC08}" = ccc-core-static
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9E3361F6-510E-0D23-F55B-06944568B370}" = Catalyst Control Center Localization Swedish
"{9EBD9409-9212-DA57-BF61-826BCC9EBB79}" = Catalyst Control Center Localization Chinese Traditional
"{9F41BDE7-5013-4BE0-A59F-C01454F28C64}" = CCC Help Chinese Standard
"{9F4589FF-123B-7720-7FD1-B27E0E4481FA}" = CCC Help Turkish
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E89E62-B428-67CD-CE72-5B4F3C398626}" = Catalyst Control Center Localization Czech
"{ABB14904-A11B-4F42-996C-80FD608A0F17}" = Samsung EDS
"{ADB9A69D-8C04-EA19-EB28-955E2C99C862}" = CCC Help Thai
"{B182E10E-BFB9-1A30-0D89-0F6EE164DDC7}" = CCC Help Danish
"{B2CC748E-7E50-9FAD-4C4F-6248B615F359}" = Catalyst Control Center Graphics Full New
"{B406CF92-6E86-AED9-6552-A2AC72F7DB44}" = Catalyst Control Center Localization Norwegian
"{B61F99C0-F3E7-F860-065D-A0C913141BB9}" = CCC Help French
"{B6729F2E-0E52-0347-28F9-56DAC5D55546}" = CCC Help Greek
"{B6F9DDD8-9071-75F7-129B-882CEFF89E87}" = CCC Help Hungarian
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1480F12-72C3-B22F-10FD-732FFB78E179}" = Catalyst Control Center Localization Greek
"{C2276CCD-7998-463D-8240-A1A3F58B0FA3}" = Oblivion - Fighter's Stronghold
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C5717CBD-CB8D-1317-63BF-00433B78350C}" = Catalyst Control Center Core Implementation
"{C5C649A8-1D21-4C83-9B08-7B3752E580F4}" = Safari
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CADBCBBA-6CDD-4119-B5ED-4AE075B153E7}" = MobileMe Control Panel
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4517639-0A0A-3438-DCD1-6E036E1AB71E}" = ccc-core-preinstall
"{D454C165-5149-E6A9-2C88-E8E2C20D54CF}" = CCC Help Italian
"{D94DE4D5-21A6-20EA-3683-3307517F2147}" = CCC Help Dutch
"{D984C0B5-F350-213C-487A-1480D1684DEC}" = Catalyst Control Center Localization Finnish
"{DBB59EA9-F563-4FFB-0DCE-C7C42DF5735B}" = Catalyst Control Center Localization Turkish
"{DBE8F18D-EBAE-66DB-B503-7E6F50F473C7}" = CCC Help German
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EB0D8A2A-5BF2-7AD2-1870-DD101E91F6AB}" = CCC Help Chinese Traditional
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{EDC7A758-99CE-07F7-99DF-F0280CFF4DD1}" = Catalyst Control Center Localization Chinese Standard
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{F0631A62-934C-D43C-6EDA-C9BFB6B724B1}" = CCC Help Norwegian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F34D9A5F-484A-4E31-A9D3-908CB265B289}" = Sygate Personal Firewall
"{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}" = Atheros WLAN Client
"{FEAB1D9A-7B80-B05F-8CCE-C3E6B286EEC5}" = ccc-utility
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - The Thieves Den
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"Descent3" = Descent 3
"Diablo II" = Diablo II
"gatesofandaron_is1" = Gates of Andaron
"Heat" = Heat
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Once Upon a Diner (Diner Dash Hometown Hero - Gourmet)" = Once Upon a Diner (Diner Dash Hometown Hero - Gourmet)
"Seasonal Snack Pack (Diner Dash Hometown Hero - Gourmet)" = Seasonal Snack Pack (Diner Dash Hometown Hero - Gourmet)
"ST6UNST #1" = Hero Editor V0.96
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 8/13/2009 10:11:02 AM | Computer Name = JULIEISGREAT | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\SoftwareDistribution\Download\0f844dc6822635c7ea3d049c8d33291b\BIT8.tmp
failed, 00000026.

Error - 8/13/2009 10:18:34 AM | Computer Name = JULIEISGREAT | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\SoftwareDistribution\Download\0f844dc6822635c7ea3d049c8d33291b\BIT8.tmp
failed, 00000026.

Error - 8/13/2009 10:20:13 AM | Computer Name = JULIEISGREAT | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\SoftwareDistribution\Download\b94a62fef50572dbc9aa8e5671f39e77\BITA.tmp
failed, 00000026.

Error - 8/13/2009 10:28:36 AM | Computer Name = JULIEISGREAT | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\SoftwareDistribution\Download\0f844dc6822635c7ea3d049c8d33291b\BIT8.tmp
failed, 00000026.

Error - 8/13/2009 10:29:52 AM | Computer Name = JULIEISGREAT | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\SoftwareDistribution\Download\b94a62fef50572dbc9aa8e5671f39e77\BITA.tmp
failed, 00000026.

Error - 8/13/2009 10:31:27 AM | Computer Name = JULIEISGREAT | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\SoftwareDistribution\Download\0f844dc6822635c7ea3d049c8d33291b\BIT8.tmp
failed, 00000026.

Error - 8/13/2009 10:36:03 AM | Computer Name = JULIEISGREAT | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\SoftwareDistribution\Download\0f844dc6822635c7ea3d049c8d33291b\BIT8.tmp
failed, 00000026.

Error - 8/13/2009 10:36:16 AM | Computer Name = JULIEISGREAT | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\SoftwareDistribution\Download\b94a62fef50572dbc9aa8e5671f39e77\BITA.tmp
failed, 00000026.

Error - 8/13/2009 10:57:11 AM | Computer Name = JULIEISGREAT | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\SoftwareDistribution\Download\0f844dc6822635c7ea3d049c8d33291b\BIT8.tmp
failed, 00000026.

Error - 8/13/2009 11:04:16 AM | Computer Name = JULIEISGREAT | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\SoftwareDistribution\Download\0f844dc6822635c7ea3d049c8d33291b\BIT8.tmp
failed, 00000026.


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >




OTL ListIt Log:




OTL logfile created on: 9/1/2009 2:14:29 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Julie\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.47% Memory free
3.85 Gb Paging File | 3.20 Gb Available in Paging File | 83.13% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 36.65 Gb Total Space | 28.19 Gb Free Space | 76.93% Space Free | Partition Type: NTFS
Drive D: | 63.42 Gb Total Space | 46.05 Gb Free Space | 72.60% Space Free | Partition Type: FAT32
Drive E: | 65.91 Gb Total Space | 36.89 Gb Free Space | 55.97% Space Free | Partition Type: FAT32
Drive F: | 66.86 Gb Total Space | 57.48 Gb Free Space | 85.97% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
Drive H: | 4.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
I: Drive not present or media not loaded

Computer Name: JULIEISGREAT
Current User Name: Julie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2007/08/28 00:16:44 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2007/04/01 09:02:36 | 00,273,256 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2004/10/15 19:40:56 | 02,577,632 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\smc.exe
PRC - [2007/08/28 00:16:44 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2009/08/17 23:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/18 00:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/04/14 08:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/08/18 00:07:23 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2007/06/01 10:52:10 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
PRC - [2007/07/06 08:08:00 | 16,380,416 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2007/09/20 20:01:44 | 00,634,880 | ---- | M] (Samsung Electronics,.LTD) -- C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
PRC - [2005/12/08 06:44:16 | 00,761,947 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2009/05/21 11:34:07 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2007/09/04 16:13:22 | 00,692,224 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2007/06/01 10:52:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
PRC - [2006/10/06 05:10:12 | 00,009,216 | R--- | M] (Agere Systems) -- C:\WINDOWS\System32\agrsmsvc.exe
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/08/18 00:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/08/18 00:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/02/06 18:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/08/05 09:42:50 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/01 02:08:44 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Julie\My Documents\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2006/10/06 05:10:12 | 00,009,216 | R--- | M] (Agere Systems) -- C:\WINDOWS\System32\agrsmsvc.exe -- (AgereModemAudio [Auto | Running])
SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/08/17 23:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2007/08/28 00:16:44 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2009/08/18 00:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/08/18 00:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/08/18 00:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/04/01 09:02:36 | 00,273,256 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/14 08:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/07/30 08:53:00 | 03,300,020 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des -- (npggsvc [On_Demand | Stopped])
SRV - [2004/10/15 19:40:56 | 02,577,632 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\smc.exe -- (SmcService [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009/08/18 00:03:21 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2006/11/29 08:11:00 | 01,161,888 | R--- | M] (Agere Systems) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2007/05/03 11:00:58 | 00,546,976 | R--- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\DRIVERS\ar5211.sys -- (AR5211 [On_Demand | Stopped])
DRV - [2009/08/18 00:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/08/18 00:06:43 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009/08/18 00:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009/08/18 00:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/08/18 00:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2007/08/28 00:17:00 | 02,372,096 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2007/04/01 05:02:42 | 00,876,384 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\DRIVERS\btkrnl.sys -- (BTKRNL [On_Demand | Running])
DRV - [2007/03/24 02:50:42 | 00,067,960 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Running])
DRV - [2007/09/19 08:47:14 | 00,029,184 | ---- | M] (Samsung Electronics,.LTD) -- C:\WINDOWS\System32\drivers\SamsungEDS.sys -- (DNSeFilter [On_Demand | Running])
DRV - [2000/08/24 01:19:38 | 00,004,300 | ---- | M] () -- C:\WINDOWS\System32\MEMIO.SYS -- (DOSMEMIO [Auto | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2009/08/14 12:51:59 | 00,068,961 | ---- | M] (GMER) -- C:\WINDOWS\System32\DRIVERS\gmer.sys -- (gmer [On_Demand | Stopped])
DRV - [2008/04/14 00:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007/07/11 01:56:00 | 04,449,280 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2006/02/28 20:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2006/01/19 10:41:58 | 00,080,512 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2004/08/04 06:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2008/04/14 00:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2005/12/08 06:30:52 | 00,191,936 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2004/10/15 18:17:02 | 00,060,496 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys -- (Teefer [Boot | Running])
DRV - [2009/06/05 11:42:38 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/04/14 02:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2004/10/15 18:32:38 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys -- (wg3n [Auto | Running])
DRV - [2004/10/15 18:32:40 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys -- (wg4n [Auto | Running])
DRV - [2004/10/15 18:32:42 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys -- (wg5n [Auto | Running])
DRV - [2004/10/15 18:32:44 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys -- (wg6n [Auto | Running])
DRV - [2004/10/15 18:18:46 | 00,021,075 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wpsdrvnt.sys -- (wpsdrvnt [System | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-839522115-413027322-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-839522115-413027322-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-839522115-413027322-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-21-839522115-413027322-682003330-1003\S-1-5-21-839522115-413027322-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..extensions.enabledItems: redshift_V2@shift-themes.com:3.0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/04/10 23:41:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/27 17:15:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/05 09:43:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/05 09:43:01 | 00,000,000 | ---D | M]

[2009/04/10 23:38:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie\Application Data\mozilla\Extensions
[2009/04/10 23:38:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/01 01:03:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie\Application Data\mozilla\Firefox\Profiles\lj27nhxt.default\extensions
[2009/08/25 20:23:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Julie\Application Data\mozilla\Firefox\Profiles\lj27nhxt.default\extensions\redshift_V2@shift-themes.com
[2009/09/01 01:03:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/05 09:43:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/10 23:41:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/11 08:53:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/10 13:08:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/05 09:42:47 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/05 09:42:47 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/21 11:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/08/05 09:42:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/06/18 15:05:39 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/18 15:05:39 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/18 15:05:39 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/18 15:05:39 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/18 15:05:39 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/18 15:05:39 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/18 15:05:39 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/09/15 11:52:06 | 00,376,832 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2009/08/05 09:42:56 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/05 09:42:56 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/05 09:42:56 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/05 09:42:56 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/05 09:42:56 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/05 09:42:56 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/05 09:42:56 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (316719 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10868 more lines...
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe (SAMSUNG Electronics)
O4 - HKLM..\Run: [EDS] C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe (Samsung Electronics,.LTD)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmcService] C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-839522115-413027322-682003330-1003..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-839522115-413027322-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-839522115-413027322-682003330-1003\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} http://www.acclaim.com/cabs/acclaim_v4.cab (GameLauncher Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-489553540026} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/06 12:45:52 | 00,000,056 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/10 22:58:09 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.NAV -- [ NTFS ]
O32 - AutoRun File - [2005/11/22 01:26:21 | 00,000,057 | R--- | M] () - H:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{1382c39c-261d-11de-b97e-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{1382c39c-261d-11de-b97e-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1382c39c-261d-11de-b97e-806d6172696f}\Shell\AutoRun\command - "" = H:\OblivionLauncher.exe -- [2006/04/07 01:25:44 | 01,662,976 | R--- | M] (Bethesda Softworks)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/09/01 02:09:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Julie\Application Data\Malwarebytes
[2009/09/01 02:09:26 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/01 02:09:23 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/01 02:09:22 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/01 02:09:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/01 02:09:21 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/31 19:25:51 | 00,000,000 | ---D | C] -- C:\rsit
[2009/08/31 19:25:51 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009/08/31 18:56:29 | 00,288,768 | ---- | C] () -- C:\Documents and Settings\Julie\Desktop\gmer.exe
[2009/08/29 04:01:36 | 00,013,872 | ---- | C] () -- C:\Documents and Settings\Julie\Desktop\Campaign Notes.odt
[2009/08/28 22:56:29 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/08/26 03:01:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/08/26 03:01:41 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/08/25 20:37:04 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/08/25 20:37:03 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/08/25 20:36:43 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/08/25 20:36:43 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/08/25 20:36:43 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/08/25 20:36:43 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009/08/25 20:36:43 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/08/25 20:36:43 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/08/25 20:36:43 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/08/25 13:20:36 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg6n.sys
[2009/08/25 13:20:36 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg5n.sys
[2009/08/25 13:20:35 | 00,060,496 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\Teefer.sys
[2009/08/25 13:20:35 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg4n.sys
[2009/08/25 13:20:35 | 00,014,568 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wg3n.sys
[2009/08/25 13:20:34 | 00,021,075 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\drivers\wpsdrvnt.sys
[2009/08/25 13:20:31 | 00,083,096 | ---- | C] (Sygate Technologies, Inc.) -- C:\WINDOWS\System32\SSSensor.dll
[2009/08/25 13:20:26 | 00,000,000 | ---D | C] -- C:\Program Files\Sygate
[2009/08/25 10:07:38 | 00,000,564 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Broadband Connection 2.lnk
[2009/08/22 22:52:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/08/21 23:41:56 | 00,000,372 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Gates of Andaron.lnk
[2009/08/17 12:56:29 | 03,300,020 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des
[2009/08/17 12:50:05 | 00,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npptNT2.sys
[2009/08/17 12:50:04 | 00,005,174 | ---- | C] () -- C:\WINDOWS\System32\nppt9x.vxd
[2009/08/17 12:48:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2009/08/16 23:16:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/08/16 19:01:24 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/08/16 19:01:08 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2009/08/16 19:00:05 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/08/16 19:00:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2009/08/16 19:00:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2009/08/14 12:52:00 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009/08/14 12:51:59 | 00,573,440 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2009/08/14 12:51:59 | 00,565,311 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2009/08/14 12:51:59 | 00,068,961 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/08/14 12:51:59 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/08/13 23:22:15 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/08/13 22:57:50 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/08/12 13:56:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/08/10 15:31:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Julie\Application Data\OpenOffice.org
[2009/08/10 03:15:30 | 00,000,000 | ---D | C] -- C:\Program Files\JRE
[2009/08/10 03:15:24 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2009/08/10 03:15:11 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/08/10 03:15:11 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/08/10 03:15:11 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/08/08 17:34:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Julie\Desktop\j
[2009/08/05 17:01:48 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/08/03 03:25:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2009/07/08 14:15:50 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/05/14 03:01:08 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/04/25 00:41:41 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009/04/25 00:41:41 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009/04/25 00:41:41 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/04/11 22:32:23 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009/04/10 23:29:02 | 00,000,117 | ---- | C] () -- C:\WINDOWS\System32\lngKor.ini
[2009/04/10 23:29:01 | 00,000,135 | R--- | C] () -- C:\WINDOWS\System32\lngEng.ini
[2009/04/10 23:28:42 | 00,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI
[2009/04/10 23:28:42 | 00,001,520 | ---- | C] () -- C:\WINDOWS\System32\Julie_KBD.ini
[2009/04/10 23:28:41 | 00,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS
[2009/04/10 23:28:40 | 00,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI
[2009/04/10 23:28:40 | 00,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI
[2009/04/10 23:28:40 | 00,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI
[2009/04/10 23:28:40 | 00,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI
[2009/04/10 23:28:40 | 00,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI
[2009/04/10 23:28:40 | 00,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI
[2009/04/10 23:28:40 | 00,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI
[2009/04/10 23:28:40 | 00,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI
[2009/04/10 23:28:40 | 00,001,857 | ---- | C] () -- C:\WINDOWS\System32\KBDUU.INI
[2009/04/10 23:28:40 | 00,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI
[2009/04/10 23:28:40 | 00,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI
[2009/04/10 23:28:40 | 00,001,834 | ---- | C] () -- C:\WINDOWS\System32\KBDU.INI
[2009/04/10 23:28:40 | 00,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI
[2009/04/10 23:28:40 | 00,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI
[2009/04/10 23:28:40 | 00,001,697 | ---- | C] () -- C:\WINDOWS\System32\KBDV.INI
[2009/04/10 23:28:40 | 00,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI
[2009/04/10 23:28:40 | 00,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI
[2007/04/01 09:00:28 | 02,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/04/01 08:41:52 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/02/28 20:00:00 | 00,000,507 | ---- | C] () -- C:\WINDOWS\win.ini
[2006/02/28 20:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/02/17 12:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/10/15 18:31:56 | 00,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll
[2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/09/01 02:09:26 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/01 01:27:05 | 00,000,023 | ---- | M] () -- C:\WINDOWS\BlendSettings.ini
[2009/08/31 18:53:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/31 18:52:59 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/31 18:52:57 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/31 15:39:12 | 04,261,862 | -H-- | M] () -- C:\Documents and Settings\Julie\Local Settings\Application Data\IconCache.db
[2009/08/29 04:25:58 | 00,013,872 | ---- | M] () -- C:\Documents and Settings\Julie\Desktop\Campaign Notes.odt
[2009/08/28 01:37:37 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/27 18:36:42 | 00,032,256 | ---- | M] () -- C:\Documents and Settings\Julie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/27 17:57:30 | 03,682,189 | ---- | M] () -- C:\ituneslib.itl
[2009/08/27 17:46:57 | 00,177,856 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/27 17:19:00 | 00,489,254 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/27 17:19:00 | 00,432,924 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/27 17:19:00 | 00,067,714 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/27 17:18:47 | 00,038,792 | ---- | M] () -- C:\Documents and Settings\Julie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/25 18:32:10 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/08/25 10:07:38 | 00,000,564 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Broadband Connection 2.lnk
[2009/08/22 22:59:32 | 00,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2009/08/22 18:35:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/21 23:41:56 | 00,000,372 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Gates of Andaron.lnk
[2009/08/21 12:40:43 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/08/18 00:10:20 | 01,279,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/08/18 00:06:54 | 00,093,392 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/08/18 00:06:43 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/08/18 00:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/08/18 00:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/08/18 00:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/08/18 00:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/08/18 00:03:21 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/08/18 00:02:50 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/08/17 10:36:30 | 00,288,768 | ---- | M] () -- C:\Documents and Settings\Julie\Desktop\gmer.exe
[2009/08/16 19:01:19 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/08/16 19:01:19 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/08/16 19:01:15 | 00,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/16 19:00:05 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/08/14 12:51:59 | 00,565,311 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2009/08/14 12:51:59 | 00,068,961 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/08/14 12:51:59 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/08/14 03:02:18 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/12 13:58:57 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/12 13:58:57 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/08/05 17:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll
[2009/08/05 17:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 301 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07557E0B
@Alternate Data Stream - 292 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:74A6F815
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33384BC0
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93226FE3
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:76C56CCB
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E3B85EF
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12EA4DC9
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:96FAC731
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E962FBDB
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:22741C1F
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2CDB9CA3
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3D59B92
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:247D483C
< End of report >




Is it possible that the MRT would come up with mutiple fasle positives that were all different and if so, is there any way to tell when it is a false positive aside from bogging you guys down with more work?
All good things should be free. Unfortunately, the opposite statement is what holds true most often.

#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:58 PM

Posted 31 August 2009 - 02:15 PM

Hi Makaiton,



Step1
  • Please start OTL on your desktop.
  • Under the Custom Scans/Fixes box at the bottom, copy/paste the following contents of code box.

    :OTL
    PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
    :Files
    C:\Documents and Settings\Julie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Click Run Fix button on the top.
  • Click OK and let it run unhindered.
  • OTL will ask to reboot the machine. Please OK the prompt.
  • A report will open. Copy and Paste that report in your next reply.
Step2


Older versions Java have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 16...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) the following Java Runtime Environment (JRE or J2SE) in the name, and the following update:
    Java™ 6 Update 14
    Java™ 6 Update 13

  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version.
Step3


Let's clean some temp files. Please do the following:

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.


If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Step4


Please perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner.
  • Please go to Kaspersky Online Scanner and perform an online antivirus scan.
  • Click Accept button on the "Requirements and limitations".
  • When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  • It will be Downloading and installing the program and Updating the database.
  • When Updating the database have finished, click on Settings.
  • Make sure all boxes are checked. then click on the Save button.
  • Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  • Once the scan is completed, Click on View Scan Report.
  • You may see a list of infected items over there. Click on Save Report As.
  • Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button.
  • Please post the contents in your next reply.
  • You can refer to this animation
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.



Please post back the logs in your next reply.

1.KAS Scan Report
2.OTL log

Tell me how your pc is acting now.

Edited by sundavis, 31 August 2009 - 02:16 PM.


#9 Makaiton

Makaiton
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:09:58 PM

Posted 02 September 2009 - 11:54 AM

The KAS Log:




KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, September 3, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, September 02, 2009 16:15:17
Records in database: 2740279
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
H:\
I:\
Scan statistics
Objects scanned 53725
Threats found 0
Infected objects found 0
Suspicious objects found 0
Scan duration 01:01:46

No threats found. Scanned area is clean.
Selected area has been scanned.





...and then, OTL Log:




All processes killed
========== OTL ==========
No active process named Explorer.EXE was found!
========== FILES ==========
C:\Documents and Settings\Julie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Julie
File delete failed. C:\Documents and Settings\Julie\Local Settings\Temp\etilqs_vVqSSPcNP6fNGgsDb5uG scheduled to be deleted on reboot.
->Temp folder emptied: 50813340 bytes
File delete failed. C:\Documents and Settings\Julie\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 5372410 bytes
->Java cache emptied: 25142162 bytes
->FireFox cache emptied: 101961835 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2176856 bytes
%systemroot%\System32 .tmp files removed: 1162769 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_50c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 49152 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 178.06 mb


OTL by OldTimer - Version 3.0.10.7 log created on 09012009_231629

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Julie\Local Settings\Temp\etilqs_vVqSSPcNP6fNGgsDb5uG not found!
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_50c.dat not found!

Registry entries deleted on Reboot...
All good things should be free. Unfortunately, the opposite statement is what holds true most often.

#10 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:58 PM

Posted 02 September 2009 - 12:06 PM

Hi Makaiton,


Your logs look good. Do you have any remaining concerns on your pc?

#11 Makaiton

Makaiton
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:09:58 PM

Posted 02 September 2009 - 07:46 PM

Yes! While I know very little about the particular ways in which you helped me, I'm familiar enough with the programs I use to read the logs and feel like I've wasted your time hunting down something that didn't exist. You said that sometimes the MRT can give false positives: is there a way I can know that MRT is giving me a false-positive without wasting your time here?

Yes! While I know very little about the particular ways in which you helped me, I'm familiar enough with the programs I use to read the logs and feel like I've wasted your time hunting down something that didn't exist. You said that sometimes the MRT can give false positives: is there a way I can know that MRT is giving me a false-positive without wasting your time here?
All good things should be free. Unfortunately, the opposite statement is what holds true most often.

#12 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:58 PM

Posted 03 September 2009 - 01:13 AM

Hi Makaiton,




is there a way I can know that MRT is giving me a false-positive without wasting your time here?

The method had been described in my post #6. You need to know which file was pointed to by the PID in your MRT log. Then you may go toJotti's Scan or Virus Total for scanning that suspicious file. Later on, you can make a reasonable decision for that.

Other than that, your log is clean now. :thumbup2: If you have no remaining issues on your pc, let's do some tidy up.

Step1
  • Please start OTL on your desktop.
  • Press the "Cleanup" button.
  • A message dialog will ask you if you want to proceed with the cleanup process, click Yes
  • Allow your system to reboot if asked.
Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

  • Flush Restore Cache

    Please go to Windows XP System Restore Guide

    Flush system restore points as instructed on Windows XP System Restore Guide.

    NOTE: only do this ONCE,not on a regular basis

  • Update your antivirus programs

    Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check

  • Update all these programs regularly - Make sure you update all the programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Please check out Tony Klein's article "How did I get infected in the first place?"
Read some information Here how to prevent Malware.


Glad to be of help. Safe surfing!!

#13 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:58 PM

Posted 08 September 2009 - 03:25 AM

Since this issue appears resolved ... this Topic is closed.

Glad we could help.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users