Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes unable to remove Skynet


  • This topic is locked This topic is locked
13 replies to this topic

#1 Newtype

Newtype

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 07 September 2009 - 01:55 PM

Hello guys! Where do I start :(...well I'm not tech savvy so I been reading around the site for a week. I noticed my Google re-directing me a few months ago to random sites, I thought nothing much of it then perhaps a possible virus but I decided to not use Google and haven't since all bit a few times for being afraid of being infected with anything further. Few weeks ago I had my first encounter with Anti-Virus Remover Pro and Malwarebytes gotten rid of it, then a few days later it returned and gotten rid of it, then one last time a week ago or so.

This is where I now realize something is running afoul on my PC. I been using Malwarebytes, Super Anti-Spyware, and AVG Anti Virus continously. Today I remembered to use my AVG Rootkit it uncoverd 240 items, mostly 'Skynet' which Malwarebytes later cleaned up, all but one however. I been trying to rid of this one a few times today and it just keeps coming back and now it seems Super Anti-Spyware is unable to fully scan due to some 'Direct Disk Access" problems.

I dunno what to do, I been trying to figure out all this on my own but realize I am unable to do things on my own and so you guys are my hope now :( I post my hijack file right? Sorry, I been reading around but I feel overwhelmed and unsure of everything.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:53:17 PM, on 9/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AntiSpyware Service] C:\WINDOWS\TEMP\b6fkbcoz04.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows System Recover!] C:\WINDOWS\TEMP\install.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll eedygb.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: byXQJCvs - byXQJCvs.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5781 bytes

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 10 September 2009 - 12:12 PM

Hello, my name is fenzodahl512 and welcome to the forum.. Please do the following....


Please download The Comedian.exe by Rorschach112 to your desktop
  • Please disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..
  • Double click the program to run it. It will only take around several minutes to run.
  • It will do a series of tasks and tell you when each one is finished.
  • You will be prompted to press any key after each step
  • When it is done it will close and exit itself automatically.
  • You can delete The_Comedian.exe once it is finished
STOP! if you can't complete this step.. Tell me more about it..



NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.


NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>
Please rename the random filename or GMER into GAMERS
  • Open the renamed program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.
IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results



Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GAMERS result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 Newtype

Newtype
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 10 September 2009 - 07:10 PM

I am receiving an error when running The Comedian program.

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 10 September 2009 - 11:52 PM

Backing Up Your Registry
  • Go HERE and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
For detailed instruction on how to back-up registry via ERUNT, please visit HERE


Then proceed with Malwarebytes' steps and beyond.. Post all logs here :(

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 Newtype

Newtype
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 11 September 2009 - 09:11 PM

Here ya go fen, also I wanna say thanks for the help, forgot to mention it earlier =)

Malwarebytes' Anti-Malware 1.41
Database version: 2782
Windows 5.1.2600 Service Pack 3

9/11/2009 8:58:14 PM
mbam-log-2009-09-11 (20-58-14).txt

Scan type: Full Scan (C:\|)
Objects scanned: 260055
Time elapsed: 2 hour(s), 11 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\skynetmpptnkvr (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TDSSserv (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-09-11 21:04:41
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 7 GB (6%) free of 109 GB
Total RAM: 1535 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:04:53 PM, on 9/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AntiSpyware Service] C:\WINDOWS\TEMP\b6fkbcoz04.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows System Recover!] C:\WINDOWS\TEMP\install.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll eedygb.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: byXQJCvs - byXQJCvs.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 5999 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\grclrqkg.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F8AD5AA5-D966-4667-9DAF-2561D68B2012} - Viewpoint Toolbar - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll [2007-02-24 333472]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-07-24 1090816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2003-05-23 88363]
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2006-08-30 7630848]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2006-08-30 86016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2002-08-29 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2002-08-29 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2002-08-29 455168]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-08-16 2007832]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 169984]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\MSMSGS.EXE [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-02-29 1481968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-03-01 2321600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll eedygb.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-16 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byXQJCvs]
byXQJCvs.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
WRLogonNTF.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
matitpi.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoActiveDesktopChanges"=
"NoSetActiveDesktop"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Steam\SteamApps\newtypechild\counter-strike source\hl2.exe"="C:\Program Files\Steam\SteamApps\newtypechild\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\SteamApps\newtypechild\day of defeat source\hl2.exe"="C:\Program Files\Steam\SteamApps\newtypechild\day of defeat source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\EcoleSoftware\MBACWIN\mbcaster.exe"="C:\Program Files\EcoleSoftware\MBACWIN\mbcaster.exe:*:Enabled:mbcaster"
"C:\Program Files\BitTornado\btdownloadgui.exe"="C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\Program Files\GGPO\ggpo.exe"="C:\Program Files\GGPO\ggpo.exe:*:Enabled:ggpo"
"C:\Program Files\GGPO\ggpofba.exe"="C:\Program Files\GGPO\ggpofba.exe:*:Enabled:Emulator for MC68000/Z80 based arcade games"
"C:\Program Files\Steam\SteamApps\newtypechild\team fortress 2\hl2.exe"="C:\Program Files\Steam\SteamApps\newtypechild\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\WINDOWS\system32\a.exe"="C:\WINDOWS\system32\a.exe:*:Disabled:a"
"C:\Program Files\Immaterial And Missing Power\th075Caster071227_exe\exe\th075Caster.exe"="C:\Program Files\Immaterial And Missing Power\th075Caster071227_exe\exe\th075Caster.exe:*:Enabled:th075Caster"
"C:\Immaterial And Missing Power\th075Caster071227_exe\exe\th075Caster.exe"="C:\Immaterial And Missing Power\th075Caster071227_exe\exe\th075Caster.exe:*:Enabled:th075Caster"
"C:\Immaterial And Missing Power\th075Caster.exe"="C:\Immaterial And Missing Power\th075Caster.exe:*:Enabled:th075Caster"
"C:\Program Files\Steam\SteamApps\newtypechild\zombie panic! source\hl2.exe"="C:\Program Files\Steam\SteamApps\newtypechild\zombie panic! source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\SteamApps\newtypechild\insurgency\hl2.exe"="C:\Program Files\Steam\SteamApps\newtypechild\insurgency\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\SteamApps\newtypechild\age of chivalry\hl2.exe"="C:\Program Files\Steam\SteamApps\newtypechild\age of chivalry\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Documents and Settings\Owner\Local Settings\Apps\2.0\370DW1B4.CTB\3570NDCT.919\2dff..tion_fcdf29b345c9098a_0001.0000_89b83da73a004bb4\2DF FreePlay Client.exe"="C:\Documents and Settings\Owner\Local Settings\Apps\2.0\370DW1B4.CTB\3570NDCT.919\2dff..tion_fcdf29b345c9098a_0001.0000_89b83da73a004bb4\2DF FreePlay Client.exe:*:Enabled:2DF FreePlay Client"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:Torrent"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Steam\SteamApps\common\company of heroes\RelicDownloader\RelicDownloader.exe"="C:\Program Files\Steam\SteamApps\common\company of heroes\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Patch Download Manager"
"C:\Program Files\Steam\SteamApps\common\dawn of war 2\DOW2.exe"="C:\Program Files\Steam\SteamApps\common\dawn of war 2\DOW2.exe:*:Enabled:DOW2"
"C:\Program Files\Steam\SteamApps\common\company of heroes\help.htm"="C:\Program Files\Steam\SteamApps\common\company of heroes\help.htm:*:Enabled:Company of Heroes"
"C:\Program Files\Steam\SteamApps\common\dawn of war dark crusade\darkcrusade.exe"="C:\Program Files\Steam\SteamApps\common\dawn of war dark crusade\darkcrusade.exe:*:Enabled:Dawn of War: Dark Crusade"
"C:\Program Files\Steam\SteamApps\common\dawn of war gold\W40kWA.exe"="C:\Program Files\Steam\SteamApps\common\dawn of war gold\W40kWA.exe:*:Enabled:Dawn of War Gold: Winter Assault"
"C:\Program Files\Steam\SteamApps\common\dawn of war gold\W40k.exe"="C:\Program Files\Steam\SteamApps\common\dawn of war gold\W40k.exe:*:Enabled:Dawn of War Gold"
"C:\Program Files\Steam\SteamApps\common\star wars battlefront ii\GameData\BattlefrontII.exe"="C:\Program Files\Steam\SteamApps\common\star wars battlefront ii\GameData\BattlefrontII.exe:*:Enabled:Star Wars Battlefront II"
"C:\Program Files\Steam\SteamApps\common\left 4 dead\left4dead.exe"="C:\Program Files\Steam\SteamApps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.reg - open - regedit.exe "%1" %*

======List of files/folders created in the last 3 months======

2009-09-11 21:04:41 ----D---- C:\rsit
2009-09-11 21:01:23 ----D---- C:\WINDOWS\ERDNT
2009-09-11 18:06:54 ----D---- C:\Program Files\ERUNT
2009-09-11 08:51:36 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-11 08:51:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-11 08:51:26 ----A---- C:\WINDOWS\imsins.BAK
2009-09-11 08:51:23 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-09-02 03:00:19 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-28 21:41:45 ----D---- C:\WINDOWS\pss
2009-08-28 20:48:13 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-28 20:48:08 ----A---- C:\WINDOWS\system32\MSSTDFMT.DLL
2009-08-28 20:48:07 ----D---- C:\Program Files\SpywareBlaster
2009-08-26 03:00:13 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-08-13 03:02:28 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-13 03:02:23 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-13 03:02:18 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-13 03:02:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-13 03:02:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-13 03:02:01 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-13 03:01:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-13 03:01:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-13 03:00:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-10 20:44:52 ----A---- C:\WINDOWS\UnGins.exe
2009-08-10 20:44:51 ----D---- C:\Program Files\ASCII
2009-08-10 20:44:51 ----A---- C:\WINDOWS\system32\Unlha32.dll
2009-08-10 20:44:51 ----A---- C:\WINDOWS\system32\Harmony.dll
2009-07-31 00:33:30 ----D---- C:\Program Files\SixaxisDriver
2009-07-31 00:29:54 ----A---- C:\WINDOWS\system32\libusbd-nt.exe
2009-07-31 00:29:54 ----A---- C:\WINDOWS\system32\libusbd-9x.exe
2009-07-31 00:29:53 ----D---- C:\Program Files\LibUSB-Win32-0.1.10.1
2009-07-31 00:29:53 ----A---- C:\WINDOWS\system32\libusb0.dll
2009-07-15 03:03:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 03:03:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 03:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-14 21:24:29 ----A---- C:\WINDOWS\kgt2k.INI
2009-07-12 19:41:41 ----D---- C:\Program Files\WinAce
2009-07-01 03:19:00 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-07-01 03:19:00 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-07-01 03:18:50 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-07-01 03:18:44 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-07-01 03:18:44 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-07-01 03:18:36 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-06-22 03:07:35 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-06-22 03:07:28 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-06-22 03:06:52 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-06-22 03:06:45 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-06-22 03:06:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-06-22 03:06:15 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-22 03:06:07 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-06-22 03:05:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-06-22 03:05:51 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-22 03:05:40 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-06-22 03:05:29 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-06-22 03:03:29 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-22 03:02:41 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-06-22 03:00:45 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-22 03:00:33 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-06-21 14:53:02 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-06-12 09:34:05 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

======List of files/folders modified in the last 3 months======

2009-09-11 21:02:20 ----D---- C:\Program Files\Mozilla Firefox
2009-09-11 21:01:23 ----D---- C:\WINDOWS
2009-09-11 21:01:21 ----D---- C:\WINDOWS\Temp
2009-09-11 20:59:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-11 18:09:09 ----D---- C:\WINDOWS\Prefetch
2009-09-11 18:09:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-11 18:09:04 ----D---- C:\WINDOWS\system32\drivers
2009-09-11 18:06:54 ----RD---- C:\Program Files
2009-09-11 08:51:46 ----D---- C:\WINDOWS\Debug
2009-09-11 08:51:39 ----HD---- C:\WINDOWS\inf
2009-09-11 08:51:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-11 08:51:38 ----D---- C:\WINDOWS\system32
2009-09-11 08:51:30 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-10 14:59:48 ----D---- C:\Program Files\Steam
2009-09-10 14:32:03 ----D---- C:\Pic
2009-09-09 17:18:10 ----AC---- C:\WINDOWS\CS_MD_T.ini
2009-09-09 14:35:31 ----HD---- C:\$AVG8.VAULT$
2009-09-08 06:30:13 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-07 01:58:21 ----RASH---- C:\boot.ini
2009-09-07 01:58:21 ----A---- C:\WINDOWS\win.ini
2009-09-07 01:58:21 ----A---- C:\WINDOWS\system.ini
2009-09-03 20:06:49 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-09-03 11:13:55 ----D---- C:\WINDOWS\Minidump
2009-09-02 11:18:02 ----D---- C:\Downloads
2009-09-02 08:17:40 ----SD---- C:\WINDOWS\Tasks
2009-09-02 05:20:51 ----D---- C:\WINDOWS\Microsoft.NET
2009-09-02 03:00:38 ----SHD---- C:\WINDOWS\Installer
2009-09-01 02:05:53 ----D---- C:\Documents and Settings\Owner\Application Data\uTorrent
2009-08-28 16:38:20 ----A---- C:\WINDOWS\system32\MRT.exe
2009-08-28 08:38:44 ----SHD---- C:\System Volume Information
2009-08-28 08:38:44 ----D---- C:\WINDOWS\system32\Restore
2009-08-22 03:11:49 ----RSD---- C:\WINDOWS\assembly
2009-08-22 03:02:17 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-22 03:01:59 ----D---- C:\WINDOWS\WinSxS
2009-08-16 09:24:50 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-08-14 19:54:27 ----D---- C:\Type Moon files
2009-08-13 10:16:05 ----A---- C:\WINDOWS\system32\jscript.dll
2009-08-13 03:01:57 ----D---- C:\Program Files\Outlook Express
2009-08-10 22:58:48 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-10 20:44:51 ----RSD---- C:\WINDOWS\Fonts
2009-08-05 04:01:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-03 01:30:49 ----D---- C:\WINDOWS\system32\DirectX
2009-07-29 03:00:58 ----D---- C:\WINDOWS\system32\en-US
2009-07-29 03:00:58 ----D---- C:\Program Files\Internet Explorer
2009-07-19 08:33:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 08:32:59 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-17 14:01:06 ----A---- C:\WINDOWS\system32\atl.dll
2009-07-14 06:03:14 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-07-13 10:08:14 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2009-07-13 10:08:12 ----A---- C:\WINDOWS\system32\wmp.dll
2009-07-11 20:28:35 ----D---- C:\Program Files\VideoLAN
2009-06-29 11:12:20 ----A---- C:\WINDOWS\system32\wininet.dll
2009-06-29 11:12:19 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-06-29 11:12:19 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-06-29 11:12:18 ----N---- C:\WINDOWS\system32\pngfilt.dll
2009-06-29 11:12:18 ----N---- C:\WINDOWS\system32\occache.dll
2009-06-29 11:12:18 ----N---- C:\WINDOWS\system32\mstime.dll
2009-06-29 11:12:18 ----N---- C:\WINDOWS\system32\msrating.dll
2009-06-29 11:12:18 ----A---- C:\WINDOWS\system32\url.dll
2009-06-29 11:12:18 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-06-29 11:12:16 ----N---- C:\WINDOWS\system32\jsproxy.dll
2009-06-29 11:12:16 ----N---- C:\WINDOWS\system32\iernonce.dll
2009-06-29 11:12:16 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-06-29 11:12:16 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-06-29 11:12:16 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-06-29 11:12:14 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-06-29 11:12:14 ----N---- C:\WINDOWS\system32\ieaksie.dll
2009-06-29 11:12:14 ----N---- C:\WINDOWS\system32\ieakeng.dll
2009-06-29 11:12:14 ----N---- C:\WINDOWS\system32\extmgr.dll
2009-06-29 11:12:14 ----N---- C:\WINDOWS\system32\corpol.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\icardie.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\advpack.dll
2009-06-29 06:07:12 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-06-29 06:07:11 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2009-06-29 03:33:39 ----N---- C:\WINDOWS\system32\ieakui.dll
2009-06-25 03:25:26 ----A---- C:\WINDOWS\system32\wdigest.dll
2009-06-25 03:25:26 ----A---- C:\WINDOWS\system32\secur32.dll
2009-06-25 03:25:26 ----A---- C:\WINDOWS\system32\schannel.dll
2009-06-25 03:25:26 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-06-25 03:25:26 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-06-25 03:25:26 ----A---- C:\WINDOWS\system32\kerberos.dll
2009-06-22 06:40:34 ----D---- C:\WINDOWS\system32\wbem
2009-06-22 06:40:34 ----D---- C:\WINDOWS\AppPatch
2009-06-22 03:07:21 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-22 03:02:29 ----D---- C:\WINDOWS\Registration
2009-06-16 09:36:30 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-06-16 09:36:30 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-06-12 07:31:39 ----A---- C:\WINDOWS\system32\telnet.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-16 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-16 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-09 108552]
R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2002-08-29 12160]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\System32\DRIVERS\AGRSM.sys [2003-05-23 1171648]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1; C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 33792]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-08-30 3958496]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-07-17 578752]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 npkcrypt;npkcrypt; \??\C:\Nexon\Mabinogi\npkcrypt.sys []
S3 a0sdc8ql;a0sdc8ql; C:\WINDOWS\system32\drivers\a0sdc8ql.sys []
S3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2003-07-06 587264]
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 dump_wmimmc;dump_wmimmc; \??\C:\Nexon\Mabinogi\GameGuard\dump_wmimmc.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-04-02 25280]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2005-10-21 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2005-10-21 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2005-10-21 21568]
S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
S3 USB_RNDIS;Linksys Cable Modem (CM100); C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 XPADFL02;XPAD Filter Service 02; C:\WINDOWS\system32\DRIVERS\xpadfl02.sys [2006-12-24 27904]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-16 908056]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-16 297752]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1; C:\WINDOWS\system32\libusbd-nt.exe [2005-03-09 18944]
R2 npkcmsvc;npkcmsvc; C:\Nexon\Mabinogi\npkcmsvc.exe [2007-08-02 80528]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2006-08-30 155715]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2009-09-11 21:04:57

======Uninstall list======

AN-->"C:\Program Files\perceptron\AN\unins000.exe"
Ht-날--->C:\WINDOWS\eiunin21.exe "C:\Program Files\PERCEPTRON\Ht-날-\install.DAT"
-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Photoshop Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Agere Systems AC'97 Modem-->agrsmdel
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Anti-Rootkit Free-->C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BattleMoonWars ꕔ-->C:\WINDOWS\eiunin21.exe "C:\Program Files\Werk\BMW\install1.DAT"
BattleMoonWars -->C:\WINDOWS\eiunin21.exe "C:\Program Files\Werk\BMW\install2.DAT"
BattleMoonWars l-->C:\WINDOWS\eiunin21.exe "C:\Program Files\Werk\BMW\install4.DAT"
BattleMoonWars O-->C:\WINDOWS\eiunin21.exe "C:\Program Files\Werk\BMW\install3.DAT"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Combined Community Codec Pack 2008-09-21 16:18-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Company of Heroes-->"C:\Program Files\Steam\steam.exe" steam://uninstall/4560
Counter-Strike: Source-->MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5}
Dawn of War Gold: Winter Assault-->"C:\Program Files\Steam\steam.exe" steam://uninstall/9310
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Fate/stay night English v3.1-->C:\Program Files\Fate\uninstall.exe
Futuremark SystemInfo-->"C:\Program Files\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe" -runfromtemp -l0x0009 -removeonly
GGPO Client-->"C:\Documents and Settings\All Users\Application Data\{3DABBC31-9BB8-45D8-BE78-353E801E5DBA}\ggpo.exe" REMOVE=TRUE MODIFY=FALSE
GGPO Client-->C:\Documents and Settings\All Users\Application Data\{3DABBC31-9BB8-45D8-BE78-353E801E5DBA}\ggpo.exe
GGPO-->MsiExec.exe /X{68BD9036-0952-4849-AE7A-963BB53EDB71}
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Katawa Shoujo Act 1-->"C:\Program Files\Katawa Shoujo Act 1\Uninstall Katawa Shoujo Act 1.exe"
Left 4 Dead-->"C:\Program Files\Steam\steam.exe" steam://uninstall/500
LibUSB-Win32-0.1.10.1-->"C:\Program Files\LibUSB-Win32-0.1.10.1\unins000.exe"
Lumines-->"C:\Program Files\Steam\steam.exe" steam://uninstall/11900
Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MELTY BLOOD Act Cadenza Ver.B Windows?-->C:\Program Files\EcoleSoftware\MBACWIN\data\uninst.exe -f"C:\Program Files\EcoleSoftware\MBACWIN\data\uninst.dat"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft AppLocale-->MsiExec.exe /I{394BE3D9-7F57-4638-A8D1-1D88671913B7}
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft Windows Application Compatibility Database-->C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NVIDIA Drivers-->C:\WINDOWS\System32\nvudisp.exe UninstallGUI
QuickTime-->MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
RagnarokOnline-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DA45673E-CFF3-4098-A6D9-5587258553FC}\setup.exe" -l0x9 -removeonly
RPG Maker 2000 1.05-->C:\WINDOWS\UnGins.exe "C:\Program Files\ASCII\RPG2000\install.log"
RPG????2000 ??????????-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{33F7A957-A66D-45A1-BADF-6576083B14E2}\setup.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 8 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
SixaxisDriver 0.91-->"C:\Program Files\SixaxisDriver\unins000.exe"
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
Star Wars Battlefront II-->"C:\Program Files\Steam\steam.exe" steam://uninstall/6060
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Steam™-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Team Fortress 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/440
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Viewpoint Toolbar-->C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\Uninstaller.exe /u /k /url "http://www.viewpoint.com/pub/uninstallcompleted.html"
VOCALOID2 Editor V2.0.2.4J-->C:\Program Files\InstallShield Installation Information\{F1C1C21B-F56E-400B-B0B0-270D817889F3}\setup.exe -runfromtemp -l0x0011 -removeonly
VOCALOID2 Expression DB (Standard)-->C:\Program Files\InstallShield Installation Information\{B6588186-9657-486C-AEB1-F57D8E160F19}\setup.exe -runfromtemp -l0x0011 -removeonly
VOCALOID2 Voice DB (Miku)-->C:\Program Files\InstallShield Installation Information\{B4342A07-E2C7-4A8B-9145-CBDEE750BCE3}\setup.exe -runfromtemp -l0x0011 -removeonly
VOCALOID2 VSTi V2.0.2.0-->C:\Program Files\InstallShield Installation Information\{A95FF0B9-5CFB-497E-8872-3A5F41AD9D4F}\setup.exe -runfromtemp -l0x0011 -removeonly
Warhammer 40,000: Dawn of War II-->"C:\Program Files\Steam\steam.exe" steam://uninstall/15620
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
YUME MIRU KUSURI-->C:\Program Files\InstallShield Installation Information\{03ABC33C-10B1-400E-B1FA-E817FE98D11C}\setup.exe -runfromtemp -l0x0009 -removeonly

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: OWNER-73VWUUM1K
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 5019
Source Name: Service Control Manager
Time Written: 20090711203304.000000-300
Event Type: error
User:

Computer Name: OWNER-73VWUUM1K
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 5016
Source Name: Service Control Manager
Time Written: 20090711203304.000000-300
Event Type: error
User:

Computer Name: OWNER-73VWUUM1K
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 5013
Source Name: Service Control Manager
Time Written: 20090711203304.000000-300
Event Type: error
User:

Computer Name: OWNER-73VWUUM1K
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 5010
Source Name: Service Control Manager
Time Written: 20090711203304.000000-300
Event Type: error
User:

Computer Name: OWNER-73VWUUM1K
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 5007
Source Name: Service Control Manager
Time Written: 20090711203304.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: OWNER-73VWUUM1K
Event Code: 1000
Message: Faulting application aim.exe, version 5.9.6089.0, faulting module unknown, version 0.0.0.0, fault address 0x1221254f.

Record Number: 895
Source Name: Application Error
Time Written: 20071214164009.000000-360
Event Type: error
User:

Computer Name: OWNER-73VWUUM1K
Event Code: 1000
Message: Faulting application aim.exe, version 5.9.6089.0, faulting module unknown, version 0.0.0.0, fault address 0x1221254f.

Record Number: 894
Source Name: Application Error
Time Written: 20071214143305.000000-360
Event Type: error
User:

Computer Name: OWNER-73VWUUM1K
Event Code: 1000
Message: Faulting application aim.exe, version 5.9.6089.0, faulting module unknown, version 0.0.0.0, fault address 0x1221254f.

Record Number: 891
Source Name: Application Error
Time Written: 20071212211437.000000-360
Event Type: error
User:

Computer Name: OWNER-73VWUUM1K
Event Code: 1000
Message: Faulting application explorer.exe, version 6.0.2900.3156, faulting module unknown, version 0.0.0.0, fault address 0x0370c530.

Record Number: 885
Source Name: Application Error
Time Written: 20071210213510.000000-360
Event Type: error
User:

Computer Name: OWNER-73VWUUM1K
Event Code: 1000
Message: Faulting application aim.exe, version 5.9.6089.0, faulting module unknown, version 0.0.0.0, fault address 0x1221254f.

Record Number: 884
Source Name: Application Error
Time Written: 20071210212254.000000-360
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------




GMER 1.0.15.15077 [GAMERS.exe] - http://www.gmer.net
Rootkit quick scan 2009-09-11 21:07:20
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwEnumerateKey [0xF7502A92]
SSDT sptd.sys ZwEnumerateValueKey [0xF7502E20]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A35C1E8

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 11 September 2009 - 10:07 PM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 Newtype

Newtype
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 12 September 2009 - 12:51 AM

I ran Combo fix as instructed, firewalls disabled all I believe.

It ran and restart but could not find the log files upon returning. Did I forget to do something? :(

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 12 September 2009 - 01:59 AM

Can you find the C:\combofix.txt? If yes please post the content here.. If not, please run ComboFix once again..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 Newtype

Newtype
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 13 September 2009 - 06:12 AM

Here ya go, got it this time.


ComboFix 09-09-12.A0 - Owner 09/13/2009 5:56.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.936 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-08-13 to 2009-09-13 )))))))))))))))))))))))))))))))
.

2009-09-12 02:04 . 2009-09-12 02:04 -------- d-----w- C:\rsit
2009-09-11 23:06 . 2009-09-11 23:07 -------- d-----w- c:\program files\ERUNT
2009-09-09 05:31 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-08-29 01:48 . 2009-09-01 12:32 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-29 01:48 . 2005-08-26 00:18 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2009-08-29 01:48 . 2009-09-01 06:49 -------- d-----w- c:\program files\SpywareBlaster
2009-08-28 10:01 . 2009-08-28 10:01 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Viewpoint

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-11 23:09 . 2008-08-27 09:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-11 23:08 . 2008-09-18 11:44 4045528 -c--a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-09-10 19:59 . 2007-03-08 02:37 -------- d-----w- c:\program files\Steam
2009-09-10 19:54 . 2008-08-27 09:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2008-08-27 09:28 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 01:06 . 2008-05-10 04:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-16 14:24 . 2008-05-10 04:35 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-16 14:24 . 2008-05-10 04:35 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-16 14:24 . 2008-05-10 04:35 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-11 03:58 . 2007-02-24 17:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-11 01:44 . 2009-08-11 01:44 -------- d-----w- c:\program files\ASCII
2009-08-05 09:01 . 2007-03-05 01:05 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 05:33 . 2009-07-31 05:33 -------- d-----w- c:\program files\SixaxisDriver
2009-07-31 05:29 . 2009-07-31 05:29 -------- d-----w- c:\program files\LibUSB-Win32-0.1.10.1
2009-07-31 04:04 . 2009-06-12 14:34 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-07-19 07:00 . 2009-07-13 00:41 -------- d-----w- c:\program files\WinAce
2009-07-17 19:01 . 2002-08-29 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 15:08 . 2005-01-28 19:44 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2006-06-23 17:33 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2002-08-29 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-06-26 15:36 . 2009-07-31 04:04 1008896 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-25 08:25 . 2005-06-15 17:50 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2002-08-29 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2002-08-29 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2002-08-29 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2002-08-29 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2002-08-29 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2002-08-29 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2002-08-29 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2002-08-29 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2008-04-14 1695232]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-08-30 7630848]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-08-30 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-16 2007832]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-05-23 88363]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-30 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 17:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-16 14:24 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\SteamApps\\newtypechild\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\newtypechild\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EcoleSoftware\\MBACWIN\\mbcaster.exe"=
"c:\\Program Files\\GGPO\\ggpo.exe"=
"c:\\Program Files\\GGPO\\ggpofba.exe"=
"c:\\Program Files\\Steam\\SteamApps\\newtypechild\\team fortress 2\\hl2.exe"=
"c:\\Immaterial And Missing Power\\th075Caster.exe"=
"c:\\Program Files\\Steam\\SteamApps\\newtypechild\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\newtypechild\\insurgency\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\newtypechild\\age of chivalry\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Apps\\2.0\\370DW1B4.CTB\\3570NDCT.919\\2dff..tion_fcdf29b345c9098a_0001.0000_89b83da73a004bb4\\2DF FreePlay Client.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\dawn of war 2\\DOW2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\dawn of war dark crusade\\darkcrusade.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\dawn of war gold\\W40kWA.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\dawn of war gold\\W40k.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\star wars battlefront ii\\GameData\\BattlefrontII.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead\\left4dead.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/9/2008 11:35 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/9/2008 11:35 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/29/2008 4:03 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/29/2008 4:03 PM 51440]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/4/2008 8:46 AM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/9/2008 11:33 PM 297752]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/14/2008 11:35 PM 24652]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [7/31/2009 12:29 AM 33792]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 4096]
S3 cpuz130;cpuz130;\??\c:\docume~1\Owner\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Owner\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 dump_wmimmc;dump_wmimmc;\??\c:\nexon\Mabinogi\GameGuard\dump_wmimmc.sys --> c:\nexon\Mabinogi\GameGuard\dump_wmimmc.sys [?]
S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xPADFL02.sys [7/31/2009 12:33 AM 27904]
.
.
------- Supplementary Scan -------
.
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\gmlii4gk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npggplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-13 06:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1792)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2009-09-13 6:11
ComboFix-quarantined-files.txt 2009-09-13 11:10
ComboFix2.txt 2009-09-13 10:51

Pre-Run: 7,000,133,632 bytes free
Post-Run: 6,985,576,448 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
187 --- E O F --- 2009-09-11 13:54

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 13 September 2009 - 07:42 AM

Please do a scan with Malwarebytes' again.. Does Malwarebytes' still detects the same thing? :(

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 Newtype

Newtype
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 13 September 2009 - 11:48 AM

Nope nothing at all. :(

Thanks for the help buddy. Is there more to do though?

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 13 September 2009 - 12:15 PM

Looks good to me.. Lets do some cleanup...


Please download OTC and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTC
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes


Please read these excellent articles write by my friends:
Preventing Malware and Safe Computing by Rorschach112
What makes your machine slow? by Artellos


Also, please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware


Read these great info's about safe internet surfing..

http://www.pcpitstop.com/spycheck/safesurfing.asp
http://bluefive.pair.com/practice_safe_surfing.htm




Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :(



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 Newtype

Newtype
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 13 September 2009 - 01:08 PM

Ran OTC and looks good to me.

Thanks for the help, and all the things ya guys do with helping people. I think it's pretty cool. :(

#14 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 13 September 2009 - 01:37 PM

You are very welcome, I'm glad that we could help.

I will now close this topic. If you need this topic to be re-open, please pm me or Moderators regarding the matter..

If you have any new malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing !

fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users