Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus Pro 2010 Scam


  • This topic is locked This topic is locked
20 replies to this topic

#1 wichicken

wichicken

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 10 September 2009 - 12:43 PM

DDS (Ver_09-07-30.01) - NTFSx86
Run by Chris at 12:31:46.51 on Thu 09/10/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1376 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell V305\dldtmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Dell V305\dldtMsdMon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\dldtcoms.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Microsoft Works\MSWorks.exe
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Documents and Settings\Chris\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [dldtmon.exe] "c:\program files\dell v305\dldtmon.exe"
mRun: [dldtamon] "c:\program files\dell v305\dldtamon.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-10 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-10 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-10 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-10 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-9-10 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-10 297752]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
S0 cerc6;cerc6; [x]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [2009-9-10 99568]

=============== Created Last 30 ================

2009-09-10 12:27 0 a------- c:\docume~1\chris\applic~1\wklnhst.dat
2009-09-10 12:23 376 a------- c:\windows\ODBC.INI
2009-09-10 12:22 3,315,083 a------- C:\ComboFix.exe
2009-09-10 12:21 3,942,048 a------- C:\mbam-setup.exe
2009-09-10 12:21 7,163,936 a------- C:\SUPERAntiSpyware.exe
2009-09-10 11:58 <DIR> --d----- c:\program files\CCleaner
2009-09-10 11:55 1,048,000 a------- c:\program files\ccsetup223_slim.exe
2009-09-10 11:34 <DIR> --d-h--- c:\windows\PIF
2009-09-10 11:25 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-09-10 11:24 <DIR> -cd-h--- c:\docume~1\alluse~1.win\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-10 11:24 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-09-10 11:21 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-09-10 11:21 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-09-10 11:21 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-09-10 11:21 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-09-10 11:21 <DIR> --d----- c:\program files\AVG
2009-09-10 11:21 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\avg8
2009-09-10 11:16 <DIR> --d----- c:\docume~1\chris\applic~1\AVG8
2009-09-10 11:13 75,187,200 a------- C:\inbox.pst
2009-09-10 11:12 156,451,840 a------- C:\deleted.pst
2009-09-10 11:12 525,312 a------- C:\contacts.pst
2009-09-10 10:57 940,794 a------- c:\windows\system32\LoopyMusic.wav
2009-09-10 10:57 146,650 a------- c:\windows\system32\BuzzingBee.wav
2009-09-10 10:56 0 a------- c:\windows\ativpsrm.bin
2009-09-10 10:52 105,856 a------- c:\windows\system32\drivers\Rtenicxp.sys
2009-09-10 10:52 <DIR> --d----- c:\windows\OPTIONS
2009-09-10 10:50 <DIR> --d----- C:\Intel
2009-09-10 10:49 553 a------- c:\windows\USetup.iss
2009-09-10 10:49 6,272 ac------ c:\windows\system32\dllcache\splitter.sys
2009-09-10 10:49 6,272 a------- c:\windows\system32\drivers\splitter.sys
2009-09-10 10:49 49,152 a------- c:\windows\system32\ChCfg.exe
2009-09-10 10:49 83,072 ac------ c:\windows\system32\dllcache\wdmaud.sys
2009-09-10 10:49 83,072 a------- c:\windows\system32\drivers\wdmaud.sys
2009-09-10 10:49 52,864 ac------ c:\windows\system32\dllcache\dmusic.sys
2009-09-10 10:49 52,864 a------- c:\windows\system32\drivers\DMusic.sys
2009-09-10 10:49 56,576 ac------ c:\windows\system32\dllcache\swmidi.sys
2009-09-10 10:49 56,576 a------- c:\windows\system32\drivers\swmidi.sys
2009-09-10 10:46 <DIR> --d----- c:\windows\system32\vmm32
2009-09-10 10:44 <DIR> --d----- c:\documents and settings\all users.windows\Dl_cats
2009-09-10 10:44 40,960 a------- c:\windows\system32\dldtvs.dll
2009-09-10 10:44 360,448 a------- c:\windows\system32\dldtcoin.dll
2009-09-10 10:44 72,625 a------- c:\windows\system32\dldtprpr.chm
2009-09-10 10:44 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-09-10 10:44 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-09-10 10:43 87,040 ac------ c:\windows\system32\dllcache\wiafbdrv.dll
2009-09-10 10:43 87,040 a------- c:\windows\system32\wiafbdrv.dll
2009-09-10 10:43 782,336 a------- c:\windows\system32\dldtdrs.dll
2009-09-10 10:43 81,920 a------- c:\windows\system32\dldtcaps.dll
2009-09-10 10:43 69,632 a------- c:\windows\system32\dldtcnv4.dll
2009-09-10 10:43 <DIR> --d----- c:\program files\Abbyy FineReader 6.0 Sprint
2009-09-10 10:40 102,400 a------- c:\windows\system32\dldtwupd.dll
2009-09-10 10:40 17,648 a------- c:\windows\system32\dldtwupd.exe
2009-09-10 10:34 <DIR> --d----- c:\documents and settings\Chris
2009-09-10 10:33 8,192 a------- c:\windows\REGLOCS.OLD
2009-09-10 10:32 28,288 ac------ c:\windows\system32\dllcache\xjis.nls
2009-09-10 10:30 562,176 ac------ c:\windows\system32\dllcache\fxsst.dll
2009-09-10 10:29 316,640 a------- c:\windows\WMSysPr9.prx
2009-09-10 10:29 <DIR> --dsh--- c:\documents and settings\all users.windows\DRM
2009-09-10 10:27 376,832 ac------ c:\windows\system32\dllcache\msinfo.dll
2009-09-10 10:26 5,632 ac------ c:\windows\system32\dllcache\write.exe
2009-09-10 10:04 486,415 a----r-- C:\txtsetup.sif
2009-09-10 10:04 260,288 a----r-- C:\$LDR$
2009-09-10 10:04 <DIR> --d----- C:\$WIN_NT$.~BT
2009-09-10 10:04 <DIR> --d----- c:\windows\setup.pss
2009-09-10 09:48 <DIR> --d----- C:\$UPGRADE.~OS
2009-09-10 09:47 <DIR> --d----- C:\$WINDOWS.~BT
2009-09-10 05:24 3,072 a------- c:\windows\system32\drivers\audstub.sys
2009-09-10 05:24 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-09-10 05:23 57,600 a------- c:\windows\system32\drivers\redbook.sys
2009-09-10 05:22 74,240 ac------ c:\windows\system32\dllcache\usbui.dll
2009-09-10 05:22 74,240 a------- c:\windows\system32\usbui.dll
2009-09-10 05:20 <DIR> --d--r-- c:\documents and settings\all users.windows\Documents
2009-09-10 05:18 674 a------- c:\windows\system32\$winnt$.inf
2009-09-10 05:14 <DIR> --d----- c:\windows\Dell
2009-09-09 15:29 <DIR> --d----- c:\program files\WinPcap
2009-09-09 15:09 <DIR> --d----- c:\windows\system32\appmgmt
2009-09-09 07:02 <DIR> --d----- c:\program files\AntivirusPro_2010
2009-09-04 11:43 <DIR> --d----- c:\program files\SmartSound Software
2009-09-04 11:42 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-09-02 14:37 <DIR> --d----- c:\program files\LimeWire
2009-09-02 11:19 <DIR> --d----- c:\program files\Lavasoft
2009-09-02 09:54 <DIR> --d----- c:\program files\Audible
2009-09-02 08:31 <DIR> --d----- c:\program files\iPod
2009-09-02 08:31 <DIR> --d----- c:\program files\iTunes
2009-09-02 08:30 <DIR> --d----- c:\program files\Bonjour
2009-08-14 03:03 <DIR> --d----- C:\c960f365d0924eebf608

==================== Find3M ====================

2009-09-10 10:48 315,392 a------- c:\windows\HideWin.exe
2009-09-10 10:29 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-09-10 10:27 21,640 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 12:32:06.46 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 wichicken

wichicken
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 11 September 2009 - 10:21 AM

Updated all attachments....sorry, forgot to attach the ark.txt file.

Thank you!
______________________________________

DDS (Ver_09-07-30.01) - NTFSx86
Run by Chris at 10:17:09.10 on Fri 09/11/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1346 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell V305\dldtmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Dell V305\dldtMsdMon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\dldtcoms.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Microsoft Works\WksSS.exe
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Full Tilt Poker\FullTiltPoker.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\DOCUME~1\Chris\LOCALS~1\Temp\Google Toolbar\gtb1CE.tmp.exe
C:\Documents and Settings\Chris\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.nhl.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [dldtmon.exe] "c:\program files\dell v305\dldtmon.exe"
mRun: [dldtamon] "c:\program files\dell v305\dldtamon.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRunOnce: [Uninstall Adobe Download Manager] "c:\windows\system32\rundll32.exe" "c:\program files\nos\bin\getPlus_Helper.dll",Uninstall /Get1noarp
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-10 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-10 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-10 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-10 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-9-10 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-10 297752]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
S0 cerc6;cerc6; [x]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldtserv.exe [2009-9-10 99568]
S3 getPlusHelper;getPlusŪ Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2008-4-14 14336]

=============== Created Last 30 ================

2009-09-11 08:55 <DIR> --ds---- c:\documents and settings\chris\UserData
2009-09-10 15:44 1,047,552 a------- c:\windows\system32\MFC71u.dll
2009-09-10 15:44 499,712 a------- c:\windows\system32\msvcp71.dll
2009-09-10 15:44 348,160 a------- c:\windows\system32\msvcr71.dll
2009-09-10 15:44 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-09-10 15:44 89,088 a------- c:\windows\system32\atl71.dll
2009-09-10 12:34 1,374,154 a------- C:\wrar390.exe
2009-09-10 12:27 610 a------- c:\docume~1\chris\applic~1\wklnhst.dat
2009-09-10 12:23 376 a------- c:\windows\ODBC.INI
2009-09-10 12:22 3,315,083 a------- C:\ComboFix.exe
2009-09-10 12:21 3,942,048 a------- C:\mbam-setup.exe
2009-09-10 12:21 7,163,936 a------- C:\SUPERAntiSpyware.exe
2009-09-10 11:58 <DIR> --d----- c:\program files\CCleaner
2009-09-10 11:55 1,048,000 a------- c:\program files\ccsetup223_slim.exe
2009-09-10 11:34 <DIR> --d-h--- c:\windows\PIF
2009-09-10 11:25 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-09-10 11:24 <DIR> -cd-h--- c:\docume~1\alluse~1.win\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-10 11:24 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-09-10 11:21 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-09-10 11:21 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-09-10 11:21 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-09-10 11:21 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-09-10 11:21 <DIR> --d----- c:\program files\AVG
2009-09-10 11:21 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\avg8
2009-09-10 11:16 <DIR> --d----- c:\docume~1\chris\applic~1\AVG8
2009-09-10 11:13 75,187,200 a------- C:\inbox.pst
2009-09-10 11:12 156,451,840 a------- C:\deleted.pst
2009-09-10 11:12 525,312 a------- C:\contacts.pst
2009-09-10 10:57 940,794 a------- c:\windows\system32\LoopyMusic.wav
2009-09-10 10:57 146,650 a------- c:\windows\system32\BuzzingBee.wav
2009-09-10 10:56 0 a------- c:\windows\ativpsrm.bin
2009-09-10 10:52 105,856 a------- c:\windows\system32\drivers\Rtenicxp.sys
2009-09-10 10:52 <DIR> --d----- c:\windows\OPTIONS
2009-09-10 10:50 <DIR> --d----- C:\Intel
2009-09-10 10:49 553 a------- c:\windows\USetup.iss
2009-09-10 10:49 6,272 ac------ c:\windows\system32\dllcache\splitter.sys
2009-09-10 10:49 6,272 a------- c:\windows\system32\drivers\splitter.sys
2009-09-10 10:49 49,152 a------- c:\windows\system32\ChCfg.exe
2009-09-10 10:49 83,072 ac------ c:\windows\system32\dllcache\wdmaud.sys
2009-09-10 10:49 83,072 a------- c:\windows\system32\drivers\wdmaud.sys
2009-09-10 10:49 52,864 ac------ c:\windows\system32\dllcache\dmusic.sys
2009-09-10 10:49 52,864 a------- c:\windows\system32\drivers\DMusic.sys
2009-09-10 10:49 56,576 ac------ c:\windows\system32\dllcache\swmidi.sys
2009-09-10 10:49 56,576 a------- c:\windows\system32\drivers\swmidi.sys
2009-09-10 10:46 <DIR> --d----- c:\windows\system32\vmm32
2009-09-10 10:44 <DIR> --d----- c:\documents and settings\all users.windows\Dl_cats
2009-09-10 10:44 40,960 a------- c:\windows\system32\dldtvs.dll
2009-09-10 10:44 360,448 a------- c:\windows\system32\dldtcoin.dll
2009-09-10 10:44 72,625 a------- c:\windows\system32\dldtprpr.chm
2009-09-10 10:44 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-09-10 10:44 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-09-10 10:43 87,040 ac------ c:\windows\system32\dllcache\wiafbdrv.dll
2009-09-10 10:43 87,040 a------- c:\windows\system32\wiafbdrv.dll
2009-09-10 10:43 782,336 a------- c:\windows\system32\dldtdrs.dll
2009-09-10 10:43 81,920 a------- c:\windows\system32\dldtcaps.dll
2009-09-10 10:43 69,632 a------- c:\windows\system32\dldtcnv4.dll
2009-09-10 10:43 <DIR> --d----- c:\program files\Abbyy FineReader 6.0 Sprint
2009-09-10 10:40 102,400 a------- c:\windows\system32\dldtwupd.dll
2009-09-10 10:40 17,648 a------- c:\windows\system32\dldtwupd.exe
2009-09-10 10:34 <DIR> --d----- c:\documents and settings\Chris
2009-09-10 10:33 8,192 a------- c:\windows\REGLOCS.OLD
2009-09-10 10:32 28,288 ac------ c:\windows\system32\dllcache\xjis.nls
2009-09-10 10:30 562,176 ac------ c:\windows\system32\dllcache\fxsst.dll
2009-09-10 10:29 316,640 a------- c:\windows\WMSysPr9.prx
2009-09-10 10:29 <DIR> --dsh--- c:\documents and settings\all users.windows\DRM
2009-09-10 10:27 376,832 ac------ c:\windows\system32\dllcache\msinfo.dll
2009-09-10 10:26 5,632 ac------ c:\windows\system32\dllcache\write.exe
2009-09-10 10:04 486,415 a----r-- C:\txtsetup.sif
2009-09-10 10:04 260,288 a----r-- C:\$LDR$
2009-09-10 10:04 <DIR> --d----- C:\$WIN_NT$.~BT
2009-09-10 10:04 <DIR> --d----- c:\windows\setup.pss
2009-09-10 09:48 <DIR> --d----- C:\$UPGRADE.~OS
2009-09-10 09:47 <DIR> --d----- C:\$WINDOWS.~BT
2009-09-10 05:24 3,072 a------- c:\windows\system32\drivers\audstub.sys
2009-09-10 05:24 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-09-10 05:23 57,600 a------- c:\windows\system32\drivers\redbook.sys
2009-09-10 05:22 74,240 ac------ c:\windows\system32\dllcache\usbui.dll
2009-09-10 05:22 74,240 a------- c:\windows\system32\usbui.dll
2009-09-10 05:20 <DIR> --d--r-- c:\documents and settings\all users.windows\Documents
2009-09-10 05:18 674 a------- c:\windows\system32\$winnt$.inf
2009-09-10 05:14 <DIR> --d----- c:\windows\Dell
2009-09-09 15:29 <DIR> --d----- c:\program files\WinPcap
2009-09-09 15:09 <DIR> --d----- c:\windows\system32\appmgmt
2009-09-09 07:02 <DIR> --d----- c:\program files\AntivirusPro_2010
2009-09-04 11:43 <DIR> --d----- c:\program files\SmartSound Software
2009-09-04 11:42 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-09-02 14:37 <DIR> --d----- c:\program files\LimeWire
2009-09-02 11:19 <DIR> --d----- c:\program files\Lavasoft
2009-09-02 09:54 <DIR> --d----- c:\program files\Audible
2009-09-02 08:31 <DIR> --d----- c:\program files\iPod
2009-09-02 08:31 <DIR> --d----- c:\program files\iTunes
2009-09-02 08:30 <DIR> --d----- c:\program files\Bonjour
2009-08-14 03:03 <DIR> --d----- C:\c960f365d0924eebf608

==================== Find3M ====================

2009-09-10 10:48 315,392 a------- c:\windows\HideWin.exe
2009-09-10 10:29 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-09-10 10:27 21,640 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 10:17:22.65 ===============

Hello wichicken,

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large, as are other comparable sites that help others with malware issues. Athough our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, you wouldn't want someone to assist you who is not familiar with your issue and attempt to fix it, would you?

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Regards,

The weatherman
(Moderator)

Attached Files


Edited by The weatherman, 14 September 2009 - 04:49 PM.


#3 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:45 PM

Posted 24 September 2009 - 10:03 AM

Hello, wichicken.
My name is aommaster and I will be helping you with your log.

I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Please note that I am in the process of my training so it may take a while for me to get back to you, as each of my fixes need to be checked by a coach first.

We need to run RSIT
  • Download random's system information tool (RSIT) by random/random and save it to your desktop.
  • Double click on RSIT.exe.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
In your next reply, please include the following:
  • Log.txt
  • info.txt

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#4 wichicken

wichicken
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 24 September 2009 - 12:15 PM

RSIT LOG FILE:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Chris at 2009-09-24 12:05:19
Microsoft Windows XP Professional Service Pack 3
System drive C: has 209 GB (88%) free of 238 GB
Total RAM: 2046 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:35 PM, on 9/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell V305\dldtmon.exe
C:\Program Files\Dell V305\dldtMsdMon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\dldtcoms.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MICROS~4\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Works\WkDStore.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Microsoft Works\WksSS.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Action Gaming, Inc\Video Poker for Winners\VPWIntroApp.exe
C:\Program Files\Full Tilt Poker\FullTiltPoker.exe
C:\Documents and Settings\Chris\Desktop\RSIT.exe
C:\Program Files\trend micro\Chris.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nhl.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [dldtmon.exe] "C:\Program Files\Dell V305\dldtmon.exe"
O4 - HKLM\..\Run: [dldtamon] "C:\Program Files\Dell V305\dldtamon.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dldtCATSCustConnectService - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe
O23 - Service: dldt_device - - C:\WINDOWS\system32\dldtcoms.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 5845 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-09-10 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-01 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-09-11 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-09-11 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-09-01 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"dldtmon.exe"=C:\Program Files\Dell V305\dldtmon.exe [2008-03-19 668912]
"dldtamon"=C:\Program Files\Dell V305\dldtamon.exe [2008-03-19 16624]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-12-20 16860672]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-09-25 90112]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-09-10 2007832]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-02-26 128296]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-02-22 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-09-10 11952]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Dell V305\dldtmon.exe"="C:\Program Files\Dell V305\dldtmon.exe:*:Enabled:Printer Device Monitor"
"C:\WINDOWS\system32\dldtcoms.exe"="C:\WINDOWS\system32\dldtcoms.exe:*:Enabled:V305 Server"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldtpswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\dldtpswx.exe:*:Enabled:Printer Status Window Interface"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldttime.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\dldttime.exe:*:Enabled:Time Executable"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\dldtjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\dldtjswx.exe:*:Enabled:Job Status Window Interface"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac458732-9e12-11de-9b85-00219b105977}]
shell\AutoRun\command - G:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-09-24 12:05:20 ----D---- C:\Program Files\trend micro
2009-09-24 12:05:19 ----D---- C:\rsit
2009-09-18 10:57:49 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\VPWLicenseFileFoler
2009-09-16 13:24:06 ----D---- C:\Documents and Settings\Chris\Application Data\Dell Imaging Toolbox
2009-09-15 03:03:23 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-09-15 03:03:23 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-09-15 03:03:23 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-09-15 03:03:23 ----D---- C:\9fdb50e80d6732cbed75da2e13b53660
2009-09-14 13:42:59 ----D---- C:\Documents and Settings\Chris\Application Data\Apple Computer
2009-09-14 13:42:53 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-09-14 13:42:14 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-14 13:41:28 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2009-09-14 13:40:38 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-09-14 13:40:27 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2009-09-11 15:58:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-09-11 15:58:23 ----D---- C:\WINDOWS\system32\KB905474
2009-09-11 15:58:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-09-11 15:58:12 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-11 15:58:08 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-09-11 15:57:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-11 15:57:15 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-09-11 15:56:55 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-09-11 15:55:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-09-11 13:07:56 ----D---- C:\WINDOWS\RegisteredPackages
2009-09-11 10:26:05 ----A---- C:\WINDOWS\system32\mdimon.dll
2009-09-11 10:16:22 ----D---- C:\Documents and Settings\Chris\Application Data\Google
2009-09-11 09:04:18 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2009-09-11 09:03:49 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
2009-09-11 09:03:25 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\NOS
2009-09-11 03:00:23 ----A---- C:\WINDOWS\imsins.BAK
2009-09-11 03:00:19 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-09-11 03:00:19 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-09-10 15:45:23 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\CyberLink
2009-09-10 15:45:21 ----D---- C:\Documents and Settings\Chris\Application Data\CyberLink
2009-09-10 15:44:28 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Dell
2009-09-10 15:44:05 ----A---- C:\WINDOWS\system32\msvcr71.dll
2009-09-10 15:44:05 ----A---- C:\WINDOWS\system32\msvcp71.dll
2009-09-10 15:44:05 ----A---- C:\WINDOWS\system32\MFC71u.dll
2009-09-10 15:44:03 ----A---- C:\WINDOWS\system32\MFC71.dll
2009-09-10 15:44:02 ----A---- C:\WINDOWS\system32\atl71.dll
2009-09-10 13:17:14 ----D---- C:\Documents and Settings\Chris\Application Data\Adobe
2009-09-10 12:48:00 ----A---- C:\RootRepeal report 09-10-09 (12-48-00).txt
2009-09-10 12:34:49 ----D---- C:\Documents and Settings\Chris\Application Data\WinRAR
2009-09-10 12:34:26 ----D---- C:\Program Files\WinRAR
2009-09-10 12:34:11 ----A---- C:\wrar390.exe
2009-09-10 12:23:37 ----A---- C:\WINDOWS\ODBC.INI
2009-09-10 12:22:13 ----A---- C:\ComboFix.exe
2009-09-10 12:21:46 ----A---- C:\mbam-setup.exe
2009-09-10 12:21:30 ----A---- C:\SUPERAntiSpyware.exe
2009-09-10 12:20:56 ----D---- C:\Documents and Settings\Chris\Application Data\Macromedia
2009-09-10 12:03:28 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-09-10 11:58:18 ----D---- C:\Program Files\CCleaner
2009-09-10 11:55:46 ----A---- C:\Program Files\ccsetup223_slim.exe
2009-09-10 11:34:29 ----HD---- C:\WINDOWS\PIF
2009-09-10 11:24:35 ----HDC---- C:\Documents and Settings\All Users.WINDOWS\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-10 11:24:30 ----HD---- C:\$AVG8.VAULT$
2009-09-10 11:24:03 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2009-09-10 11:21:41 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-09-10 11:21:20 ----D---- C:\Program Files\AVG
2009-09-10 11:21:19 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2009-09-10 11:16:06 ----D---- C:\Documents and Settings\Chris\Application Data\AVG8
2009-09-10 11:10:54 ----D---- C:\Documents and Settings\Chris\Application Data\U3
2009-09-10 10:56:48 ----D---- C:\Documents and Settings\Chris\Application Data\ATI
2009-09-10 10:53:44 ----N---- C:\WINDOWS\system32\ati2sgag.exe
2009-09-10 10:53:19 ----A---- C:\WINDOWS\system32\Oemdspif.dll
2009-09-10 10:53:19 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2009-09-10 10:53:19 ----A---- C:\WINDOWS\system32\ativcoxx.dll
2009-09-10 10:53:19 ----A---- C:\WINDOWS\system32\atitvo32.dll
2009-09-10 10:53:19 ----A---- C:\WINDOWS\system32\atipdlxx.dll
2009-09-10 10:53:19 ----A---- C:\WINDOWS\system32\atiok3x2.dll
2009-09-10 10:53:18 ----A---- C:\WINDOWS\system32\atioglx2.dll
2009-09-10 10:53:18 ----A---- C:\WINDOWS\system32\ATIODE.exe
2009-09-10 10:53:18 ----A---- C:\WINDOWS\system32\ATIODCLI.exe
2009-09-10 10:53:18 ----A---- C:\WINDOWS\system32\atikvmag.dll
2009-09-10 10:53:18 ----A---- C:\WINDOWS\system32\atiiiexx.dll
2009-09-10 10:53:18 ----A---- C:\WINDOWS\system32\ATIDEMGX.dll
2009-09-10 10:53:18 ----A---- C:\WINDOWS\system32\ATIDDC.DLL
2009-09-10 10:53:18 ----A---- C:\WINDOWS\system32\ati3duag.dll
2009-09-10 10:53:18 ----A---- C:\WINDOWS\system32\Ati2mdxx.exe
2009-09-10 10:53:18 ----A---- C:\WINDOWS\system32\ati2evxx.exe
2009-09-10 10:53:18 ----A---- C:\WINDOWS\system32\ati2evxx.dll
2009-09-10 10:53:18 ----A---- C:\WINDOWS\system32\ati2edxx.dll
2009-09-10 10:53:18 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2009-09-10 10:53:18 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2009-09-10 10:53:18 ----A---- C:\WINDOWS\system32\amdpcom32.dll
2009-09-10 10:52:19 ----D---- C:\WINDOWS\OPTIONS
2009-09-10 10:52:14 ----D---- C:\Documents and Settings\Chris\Application Data\InstallShield
2009-09-10 10:50:26 ----D---- C:\Intel
2009-09-10 10:49:05 ----A---- C:\WINDOWS\system32\ChCfg.exe
2009-09-10 10:48:44 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-09-10 10:48:41 ----A---- C:\WINDOWS\SoundMan.exe
2009-09-10 10:48:41 ----A---- C:\WINDOWS\SkyTel.exe
2009-09-10 10:48:41 ----A---- C:\WINDOWS\RtlUpd.exe
2009-09-10 10:48:40 ----A---- C:\WINDOWS\RTLCPL.exe
2009-09-10 10:48:38 ----A---- C:\WINDOWS\RTHDCPL.exe
2009-09-10 10:48:38 ----A---- C:\WINDOWS\MicCal.exe
2009-09-10 10:48:38 ----A---- C:\WINDOWS\alcwzrd.exe
2009-09-10 10:48:38 ----A---- C:\WINDOWS\Alcmtr.exe
2009-09-10 10:48:36 ----A---- C:\WINDOWS\RtlExUpd.dll
2009-09-10 10:48:36 ----A---- C:\WINDOWS\HideWin.exe
2009-09-10 10:46:34 ----D---- C:\WINDOWS\system32\vmm32
2009-09-10 10:44:11 ----A---- C:\WINDOWS\system32\dldtvs.dll
2009-09-10 10:44:10 ----A---- C:\WINDOWS\system32\dldtcoin.dll
2009-09-10 10:43:51 ----A---- C:\WINDOWS\system32\wiafbdrv.dll
2009-09-10 10:43:46 ----A---- C:\WINDOWS\system32\dldtdrs.dll
2009-09-10 10:43:46 ----A---- C:\WINDOWS\system32\dldtcnv4.dll
2009-09-10 10:43:46 ----A---- C:\WINDOWS\system32\dldtcaps.dll
2009-09-10 10:43:27 ----D---- C:\Program Files\Abbyy FineReader 6.0 Sprint
2009-09-10 10:40:00 ----A---- C:\WINDOWS\system32\dldtwupd.exe
2009-09-10 10:40:00 ----A---- C:\WINDOWS\system32\dldtwupd.dll
2009-09-10 10:39:45 ----A---- C:\WINDOWS\system32\dldtutil.dll
2009-09-10 10:39:45 ----A---- C:\WINDOWS\system32\dldtusb1.dll
2009-09-10 10:39:45 ----A---- C:\WINDOWS\system32\dldtserv.dll
2009-09-10 10:39:45 ----A---- C:\WINDOWS\system32\dldtprox.dll
2009-09-10 10:39:45 ----A---- C:\WINDOWS\system32\dldtpmui.dll
2009-09-10 10:39:45 ----A---- C:\WINDOWS\system32\DLDTinst.dll
2009-09-10 10:39:45 ----A---- C:\WINDOWS\system32\dldtinpa.dll
2009-09-10 10:39:45 ----A---- C:\WINDOWS\system32\dldtiesc.dll
2009-09-10 10:39:45 ----A---- C:\WINDOWS\system32\DLDThcp.dll
2009-09-10 10:39:44 ----A---- C:\WINDOWS\system32\dldtlmpm.dll
2009-09-10 10:39:44 ----A---- C:\WINDOWS\system32\dldtjswr.dll
2009-09-10 10:39:44 ----A---- C:\WINDOWS\system32\dldtinsr.dll
2009-09-10 10:39:44 ----A---- C:\WINDOWS\system32\dldtinsb.dll
2009-09-10 10:39:44 ----A---- C:\WINDOWS\system32\dldtins.dll
2009-09-10 10:39:44 ----A---- C:\WINDOWS\system32\dldtih.exe
2009-09-10 10:39:44 ----A---- C:\WINDOWS\system32\dldthbn3.dll
2009-09-10 10:39:44 ----A---- C:\WINDOWS\system32\dldtgrd.dll
2009-09-10 10:39:44 ----A---- C:\WINDOWS\system32\dldtgf.dll
2009-09-10 10:39:43 ----A---- C:\WINDOWS\system32\dldtcur.dll
2009-09-10 10:39:43 ----A---- C:\WINDOWS\system32\dldtcub.dll
2009-09-10 10:39:43 ----A---- C:\WINDOWS\system32\dldtcu.dll
2009-09-10 10:39:43 ----A---- C:\WINDOWS\system32\dldtcoms.exe
2009-09-10 10:39:43 ----A---- C:\WINDOWS\system32\dldtcomm.dll
2009-09-10 10:39:43 ----A---- C:\WINDOWS\system32\dldtcomc.dll
2009-09-10 10:39:43 ----A---- C:\WINDOWS\system32\dldtcfg.exe
2009-09-10 10:39:43 ----A---- C:\WINDOWS\system32\DLDTcfg.dll
2009-09-10 10:34:46 ----D---- C:\Documents and Settings\Chris\Application Data\Identities
2009-09-10 10:34:40 ----ASH---- C:\Documents and Settings\Chris\Application Data\desktop.ini
2009-09-10 10:34:39 ----SD---- C:\Documents and Settings\Chris\Application Data\Microsoft
2009-09-10 10:33:44 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-10 10:30:04 ----A---- C:\WINDOWS\control.ini
2009-09-10 10:29:48 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-09-10 10:28:56 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-09-10 10:28:49 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-09-10 10:28:24 ----A---- C:\WINDOWS\system32\atrace.dll
2009-09-10 10:28:22 ----A---- C:\WINDOWS\system32\desktop.ini
2009-09-10 10:28:22 ----A---- C:\WINDOWS\desktop.ini
2009-09-10 10:28:17 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-09-10 10:28:17 ----A---- C:\WINDOWS\system32\acctres.dll
2009-09-10 10:28:16 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-09-10 10:28:13 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-09-10 10:28:13 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-09-10 10:28:12 ----A---- C:\WINDOWS\system32\wups.dll
2009-09-10 10:28:12 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-09-10 10:28:12 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-09-10 10:28:12 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-09-10 10:28:12 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-09-10 10:28:12 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-09-10 10:28:12 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-09-10 10:28:12 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-09-10 10:28:12 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-09-10 10:28:12 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2009-09-10 10:28:12 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-09-10 10:28:12 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-09-10 10:28:00 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-09-10 10:28:00 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-09-10 10:28:00 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-09-10 10:28:00 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-09-10 10:27:58 ----A---- C:\WINDOWS\system32\fltMc.exe
2009-09-10 10:27:58 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-09-10 10:27:57 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-09-10 10:27:57 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-09-10 10:27:57 ----A---- C:\WINDOWS\system32\srclient.dll
2009-09-10 10:27:57 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-09-10 10:27:57 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-09-10 10:27:57 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-09-10 10:27:57 ----A---- C:\WINDOWS\system32\ils.dll
2009-09-10 10:27:56 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-09-10 10:27:56 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-09-10 10:27:56 ----A---- C:\WINDOWS\system32\msconf.dll
2009-09-10 10:27:56 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-09-10 10:27:56 ----A---- C:\WINDOWS\system32\inetres.dll
2009-09-10 10:27:56 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-09-10 10:27:55 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-09-10 10:27:55 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-09-10 10:27:55 ----A---- C:\WINDOWS\system32\mstask.dll
2009-09-10 10:27:55 ----A---- C:\WINDOWS\system32\isign32.dll
2009-09-10 10:27:55 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-09-10 10:27:55 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-09-10 10:27:55 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-09-10 10:27:10 ----A---- C:\WINDOWS\vbaddin.ini
2009-09-10 10:27:10 ----A---- C:\WINDOWS\vb.ini
2009-09-10 10:26:48 ----A---- C:\WINDOWS\system32\write.exe
2009-09-10 10:26:45 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-09-10 10:26:44 ----A---- C:\WINDOWS\system32\winchat.exe
2009-09-10 10:26:44 ----A---- C:\WINDOWS\system32\hticons.dll
2009-09-10 10:26:44 ----A---- C:\WINDOWS\system32\avwav.dll
2009-09-10 10:26:44 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-09-10 10:26:44 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-09-10 10:26:40 ----A---- C:\WINDOWS\system32\getuname.dll
2009-09-10 10:26:39 ----A---- C:\WINDOWS\system32\winmine.exe
2009-09-10 10:26:39 ----A---- C:\WINDOWS\system32\sol.exe
2009-09-10 10:26:39 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-09-10 10:26:39 ----A---- C:\WINDOWS\system32\freecell.exe
2009-09-10 10:26:39 ----A---- C:\WINDOWS\system32\charmap.exe
2009-09-10 10:26:39 ----A---- C:\WINDOWS\system32\calc.exe
2009-09-10 10:26:38 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-09-10 10:26:38 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-09-10 10:26:38 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-09-10 10:26:38 ----A---- C:\WINDOWS\system32\tskill.exe
2009-09-10 10:26:38 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-09-10 10:26:38 ----A---- C:\WINDOWS\system32\tscon.exe
2009-09-10 10:26:38 ----A---- C:\WINDOWS\system32\shadow.exe
2009-09-10 10:26:38 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-09-10 10:26:38 ----A---- C:\WINDOWS\system32\reset.exe
2009-09-10 10:26:38 ----A---- C:\WINDOWS\system32\regini.exe
2009-09-10 10:26:38 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-09-10 10:26:38 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-09-10 10:26:38 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-09-10 10:26:38 ----A---- C:\WINDOWS\system32\msg.exe
2009-09-10 10:26:38 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-09-10 10:26:38 ----A---- C:\WINDOWS\system32\logoff.exe
2009-09-10 10:26:38 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-09-10 10:26:34 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-09-10 10:26:33 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-09-10 10:26:33 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-09-10 10:26:33 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-09-10 10:26:33 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-09-10 10:26:33 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-09-10 10:26:33 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-09-10 10:26:32 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-09-10 10:26:32 ----A---- C:\WINDOWS\system32\spider.exe
2009-09-10 10:26:31 ----A---- C:\WINDOWS\system32\tsgqec.dll
2009-09-10 10:26:31 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2009-09-10 10:26:31 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-09-10 10:26:31 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-09-10 10:26:31 ----A---- C:\WINDOWS\system32\aaclient.dll
2009-09-10 10:26:30 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-09-10 10:26:30 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-09-10 10:26:30 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-09-10 10:26:30 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-09-10 10:26:30 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-09-10 10:26:30 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-09-10 10:26:30 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-09-10 10:26:30 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-09-10 10:26:30 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-09-10 10:26:30 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-09-10 10:26:30 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-09-10 10:26:30 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-09-10 10:26:30 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-09-10 10:26:29 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-09-10 10:26:29 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-09-10 10:26:29 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-09-10 10:26:29 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-09-10 10:26:29 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-09-10 10:26:29 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-09-10 10:26:28 ----A---- C:\WINDOWS\system32\stclient.dll
2009-09-10 10:26:28 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-09-10 10:26:28 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-09-10 10:26:28 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-09-10 10:26:28 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-09-10 10:26:28 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-09-10 10:26:28 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-09-10 10:26:28 ----A---- C:\WINDOWS\system32\colbact.dll
2009-09-10 10:26:28 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-09-10 10:26:27 ----A---- C:\WINDOWS\system32\comuid.dll
2009-09-10 10:26:27 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-09-10 10:26:27 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-09-10 10:26:27 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-09-10 10:26:27 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-09-10 10:26:27 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-09-10 10:26:26 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-09-10 10:26:22 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-09-10 10:26:22 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-09-10 10:26:22 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-09-10 10:26:22 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-09-10 10:04:18 ----D---- C:\$WIN_NT$.~BT
2009-09-10 10:04:17 ----D---- C:\WINDOWS\setup.pss
2009-09-10 09:48:16 ----D---- C:\$UPGRADE.~OS
2009-09-10 09:47:34 ----D---- C:\$WINDOWS.~BT
2009-09-10 05:25:14 ----A---- C:\WINDOWS\system32\h323log.txt
2009-09-10 05:22:53 ----A---- C:\WINDOWS\system32\usbui.dll
2009-09-10 05:20:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-10 05:20:53 ----A---- C:\WINDOWS\ODBCINST.INI
2009-09-10 05:20:49 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-09-10 05:20:49 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-09-10 05:20:49 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-09-10 05:20:48 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-09-10 05:20:48 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-09-10 05:20:48 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-09-10 05:20:48 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-09-10 05:20:48 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-09-10 05:20:48 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-09-10 05:20:48 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-09-10 05:20:48 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-09-10 05:20:48 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-09-10 05:20:48 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-09-10 05:20:48 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-09-10 05:20:48 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-09-10 05:20:47 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-09-10 05:20:47 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-09-10 05:20:47 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-09-10 05:20:47 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-09-10 05:20:47 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-09-10 05:20:47 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-09-10 05:20:46 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-09-10 05:20:46 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-09-10 05:20:46 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-09-10 05:20:46 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-09-10 05:20:46 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-09-10 05:20:46 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-09-10 05:20:44 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-09-10 05:20:44 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-09-10 05:20:44 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-09-10 05:20:44 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-09-10 05:20:44 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-09-10 05:20:44 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-09-10 05:20:44 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-09-10 05:20:44 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-09-10 05:20:44 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-09-10 05:20:44 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-09-10 05:20:44 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-09-10 05:20:44 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-09-10 05:20:44 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-09-10 05:20:42 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-09-10 05:20:42 ----A---- C:\WINDOWS\system32\irclass.dll
2009-09-10 05:20:42 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-09-10 05:20:42 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-09-10 05:20:42 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-09-10 05:20:40 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-09-10 05:20:40 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-09-10 05:20:40 ----A---- C:\WINDOWS\system32\batt.dll
2009-09-10 05:20:40 ----A---- C:\WINDOWS\NOTEPAD.EXE
2009-09-10 05:20:39 ----A---- C:\WINDOWS\system32\storprop.dll
2009-09-10 05:20:32 ----ASH---- C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini
2009-09-10 05:20:29 ----RA---- C:\WINDOWS\SET8.tmp
2009-09-10 05:20:27 ----RA---- C:\WINDOWS\SET4.tmp
2009-09-10 05:20:26 ----RA---- C:\WINDOWS\SET3.tmp
2009-09-10 05:20:15 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2009-09-10 05:14:37 ----D---- C:\WINDOWS\Dell
2009-09-09 15:29:30 ----D---- C:\Program Files\WinPcap
2009-09-09 15:09:31 ----D---- C:\WINDOWS\system32\appmgmt
2009-09-09 07:02:55 ----D---- C:\Program Files\AntivirusPro_2010
2009-09-04 11:43:23 ----D---- C:\Program Files\SmartSound Software
2009-09-04 11:43:02 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-09-04 11:42:11 ----D---- C:\Program Files\Common Files\Macrovision Shared
2009-09-02 14:37:34 ----D---- C:\Program Files\LimeWire
2009-09-02 11:19:00 ----D---- C:\Program Files\Lavasoft
2009-09-02 09:54:33 ----D---- C:\Program Files\Audible
2009-09-02 08:31:15 ----D---- C:\Program Files\iPod
2009-09-02 08:31:12 ----D---- C:\Program Files\iTunes
2009-09-02 08:30:59 ----D---- C:\Program Files\Bonjour
2009-09-02 08:30:18 ----D---- C:\Program Files\QuickTime
2009-09-02 08:30:03 ----D---- C:\Program Files\Apple Software Update
2009-09-02 08:29:56 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-09-02 08:29:39 ----D---- C:\Program Files\Common Files\Apple
2009-08-29 03:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-26 03:00:14 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$

======List of files/folders modified in the last 1 months======

2009-09-24 12:05:20 ----RD---- C:\Program Files
2009-09-24 12:05:18 ----D---- C:\WINDOWS\Prefetch
2009-09-24 12:03:10 ----D---- C:\WINDOWS\Temp
2009-09-23 11:49:46 ----D---- C:\Program Files\Full Tilt Poker
2009-09-22 14:37:57 ----D---- C:\Program Files\FOX
2009-09-21 14:37:00 ----D---- C:\WINDOWS
2009-09-21 14:36:40 ----A---- C:\RTHDCPL_Dump.txt
2009-09-18 10:16:40 ----SHD---- C:\WINDOWS\Installer
2009-09-16 13:15:27 ----HD---- C:\WINDOWS\inf
2009-09-16 03:02:34 ----D---- C:\WINDOWS\Microsoft.NET
2009-09-16 03:02:27 ----D---- C:\WINDOWS\system32\CatRoot
2009-09-16 03:01:01 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-16 03:00:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-16 03:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-09-16 03:00:42 ----AD---- C:\WINDOWS\system32
2009-09-15 03:11:33 ----RSD---- C:\WINDOWS\assembly
2009-09-15 03:05:57 ----D---- C:\WINDOWS\WinSxS
2009-09-15 03:03:52 ----D---- C:\WINDOWS\system32\XPSViewer
2009-09-15 03:03:49 ----D---- C:\WINDOWS\system32\en-US
2009-09-15 03:03:48 ----RSD---- C:\WINDOWS\Fonts
2009-09-14 13:42:53 ----D---- C:\WINDOWS\system32\drivers
2009-09-14 13:40:55 ----SD---- C:\WINDOWS\Tasks
2009-09-14 08:06:41 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-09-14 08:06:26 ----D---- C:\WINDOWS\system32\wbem
2009-09-14 08:06:25 ----D---- C:\WINDOWS\AppPatch
2009-09-11 15:59:03 ----D---- C:\WINDOWS\security
2009-09-11 15:58:38 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-09-11 15:58:35 ----D---- C:\Program Files\Messenger
2009-09-11 15:58:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-09-11 15:58:26 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-09-11 15:58:03 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-09-11 15:57:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-09-11 15:57:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-09-11 15:57:20 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-11 15:57:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-09-11 15:56:42 ----D---- C:\Program Files\Outlook Express
2009-09-11 15:56:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-09-11 15:56:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-09-11 15:56:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-09-11 15:56:10 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-09-11 15:55:33 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-09-11 13:08:36 ----D---- C:\Program Files\Windows Media Player
2009-09-11 13:08:30 ----D---- C:\WINDOWS\Help
2009-09-11 10:25:50 ----A---- C:\WINDOWS\win.ini
2009-09-11 10:25:32 ----HD---- C:\WINDOWS\ShellNew
2009-09-11 10:25:32 ----D---- C:\Program Files\Microsoft Office
2009-09-11 10:25:31 ----D---- C:\Program Files\Microsoft ActiveSync
2009-09-11 10:25:24 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-09-11 10:23:13 ----D---- C:\WINDOWS\system
2009-09-10 12:24:12 ----D---- C:\Program Files\Microsoft Works
2009-09-10 12:03:19 ----A---- C:\WINDOWS\system.ini
2009-09-10 11:58:38 ----D---- C:\WINDOWS\Debug
2009-09-10 11:28:37 ----SHD---- C:\RECYCLER
2009-09-10 10:57:17 ----D---- C:\WINDOWS\system32\config
2009-09-10 10:53:37 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-10 10:53:32 ----D---- C:\Program Files\ATI Technologies
2009-09-10 10:53:24 ----D---- C:\Program Files\Common Files\InstallShield
2009-09-10 10:52:40 ----D---- C:\WINDOWS\SoftwareDistribution
2009-09-10 10:50:05 ----D---- C:\WINDOWS\system32\RTCOM
2009-09-10 10:48:38 ----D---- C:\Program Files\Realtek
2009-09-10 10:48:25 ----D---- C:\DELL
2009-09-10 10:34:39 ----D---- C:\Documents and Settings
2009-09-10 10:33:46 ----SHD---- C:\System Volume Information
2009-09-10 10:33:46 ----D---- C:\WINDOWS\system32\Restore
2009-09-10 10:29:44 ----D---- C:\WINDOWS\Registration
2009-09-10 10:28:59 ----RD---- C:\WINDOWS\Web
2009-09-10 10:28:33 ----D---- C:\WINDOWS\srchasst
2009-09-10 10:28:03 ----AD---- C:\WINDOWS\system32\oobe
2009-09-10 10:27:29 ----D---- C:\WINDOWS\system32\Com
2009-09-10 10:27:03 ----D---- C:\WINDOWS\system32\MsDtc
2009-09-10 10:26:48 ----D---- C:\WINDOWS\Cursors
2009-09-10 10:25:29 ----SH---- C:\boot.ini
2009-09-10 05:18:47 ----D---- C:\WINDOWS\system32\Setup
2009-09-10 05:18:42 ----D---- C:\WINDOWS\system32\usmt
2009-09-10 05:18:42 ----D---- C:\WINDOWS\L2Schemas
2009-09-10 05:18:32 ----D---- C:\WINDOWS\mui
2009-09-10 05:18:31 ----D---- C:\WINDOWS\ime
2009-09-10 05:18:31 ----D---- C:\WINDOWS\ehome
2009-09-10 05:18:30 ----D---- C:\WINDOWS\Network Diagnostic
2009-09-10 05:18:30 ----D---- C:\WINDOWS\Media
2009-09-10 05:18:28 ----D---- C:\WINDOWS\system32\scripting
2009-09-10 05:18:23 ----D---- C:\WINDOWS\PeerNet
2009-09-10 05:18:15 ----D---- C:\WINDOWS\system32\npp
2009-09-10 05:18:11 ----D---- C:\WINDOWS\msagent
2009-09-10 05:18:09 ----D---- C:\WINDOWS\system32\en
2009-09-10 05:16:06 ----D---- C:\WINDOWS\twain_32
2009-09-10 05:15:53 ----D---- C:\WINDOWS\system32\ras
2009-09-10 05:15:36 ----D---- C:\WINDOWS\system32\icsxml
2009-09-10 05:15:19 ----D---- C:\WINDOWS\system32\ias
2009-09-10 05:15:16 ----D---- C:\WINDOWS\system32\1033
2009-09-10 05:14:36 ----D---- C:\WINDOWS\system32\URTTemp
2009-09-10 05:14:34 ----D---- C:\WINDOWS\system32\DLA
2009-09-10 05:14:33 ----D---- C:\WINDOWS\repair
2009-09-10 05:14:32 ----RD---- C:\WINDOWS\Offline Web Pages
2009-09-10 05:14:32 ----D---- C:\WINDOWS\Minidump
2009-09-10 05:14:30 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-09-10 05:14:30 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-09-10 05:14:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-09-10 05:14:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-09-10 05:14:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-09-10 05:14:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-09-10 05:14:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-09-10 05:14:30 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-09-10 05:14:30 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-09-10 05:14:30 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-09-10 05:14:30 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-09-10 05:14:30 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-09-10 05:14:30 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-09-10 05:14:30 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-09-10 05:14:30 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
2009-09-10 05:14:30 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-09-10 05:14:30 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-09-10 05:14:30 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-09-10 05:14:30 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-09-10 05:14:30 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-09-10 05:14:30 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-09-10 05:14:30 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-09-10 05:14:30 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-09-10 05:14:30 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-09-10 05:14:30 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-09-10 05:14:30 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-09-10 05:14:30 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-09-10 05:14:30 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-09-10 05:14:30 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-09-10 05:14:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-09-10 05:14:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-09-10 05:14:30 ----D---- C:\WINDOWS\addins
2009-09-10 05:14:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2009-09-10 05:14:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2009-09-10 05:14:29 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-09-10 05:14:29 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-09-10 05:14:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-09-10 05:14:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-09-10 05:14:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-09-10 05:14:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-09-10 05:14:29 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-09-10 05:14:29 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-09-10 05:14:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2009-09-10 05:14:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-09-10 05:14:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-09-10 05:14:29 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-09-10 05:14:29 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-09-10 05:14:29 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-09-10 05:14:29 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-09-10 05:14:29 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-09-09 07:37:34 ----D---- C:\Program Files\Common Files
2009-09-04 11:43:05 ----D---- C:\Program Files\Adobe
2009-09-04 11:42:13 ----D---- C:\Program Files\Common Files\Adobe
2009-09-02 08:30:53 ----D---- C:\Program Files\Internet Explorer
2009-09-01 14:24:10 ----D---- C:\Program Files\Google
2009-08-25 09:31:50 ----D---- C:\Program Files\Intuit

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-09-10 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-09-10 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-09-10 108552]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-02-22 2847744]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-12-20 4637696]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-02-22 512000]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-09-10 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-09-10 297752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 dldt_device;dldt_device; C:\WINDOWS\system32\dldtcoms.exe [2008-02-25 595184]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-02-21 593920]
S2 dldtCATSCustConnectService;dldtCATSCustConnectService; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe [2008-02-25 99568]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-09-21 1028432]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-11 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------



RSIT INFO FILE:

info.txt logfile of random's system information tool 1.06 2009-09-24 12:05:37

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-Aware-->"C:\Documents and Settings\All Users.WINDOWS\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users.WINDOWS\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{87841AF8-C785-42FF-A76E-CC0F0C2816CC}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
Dell V305-->C:\Program Files\Dell V305\Install\x86\Uninst.exe
Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{EC2A8F27-4FBF-4E41-B27B-FE822511B761}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 2005 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2005\Setup\Launcher.exe /ARP E:\
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x9 -cluninstall
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Video Poker for Winners-->MsiExec.exe /I{A454733F-BE60-47FD-8C60-DD910FE1151E}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: FOULKE-26AE16EB
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the dldtCATSCustConnectService service to connect.

Record Number: 124
Source Name: Service Control Manager
Time Written: 20090910120215.000000-300
Event Type: error
User:

Computer Name: FOULKE-26AE16EB
Event Code: 7000
Message: The dldtCATSCustConnectService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Record Number: 74
Source Name: Service Control Manager
Time Written: 20090910105703.000000-300
Event Type: error
User:

Computer Name: FOULKE-26AE16EB
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the dldtCATSCustConnectService service to connect.

Record Number: 73
Source Name: Service Control Manager
Time Written: 20090910105703.000000-300
Event Type: error
User:

Computer Name: FOULKE-26AE16EB
Event Code: 20
Message: Printer Driver Dell V305 for Windows NT x86 Version-3 was added or updated. Files:- dldtdr.dll, dldtptpc.dll, dldtptpc.dll, dldtprpr.chm, dldtbubl.dll, dldtcats.dll, dldtceip.chm, dldtcfg.dll, dldtcfg.xml, dldtcfgx.exe, dldtclr1.lut, dldtclr2.lut, dldtclr3.lut, dldtcpy4.lut, dldtcomx.dll, dldtcu.dll, dldtcub.dll, dldtcur.dll, dldtdatr.dll, dldtdrui.dll, dldtdtel.ini, dldtdtst.bmp, dldtdtst.jpg, dldtedf.dll, dldtgf.dll, dldthcp.dll, dldthpec.dll, dldtibuf.dll, dldtins.dll, dldtinsb.dll, dldtinsr.dll, dldtjsw.dll, dldtjswb.dll, dldtjswr.dll, dldtjswx.exe, dldtlpa.dll, dldtlpab.dll, dldtlpar.dll, dldtppx.dll, dldtprod.ver, dldtprp.dll, dldtprpb.dll, dldtprpr.dll, dldtpsw.dll, dldtpswb.dll, dldtpswr.dll, dldtpswx.exe, dldtretv.dll, dldtserv.exe, dldtsk0.dll, dldttime.dll, dldttime.exe, dldtuldr.dll, dldtupd.dll, dldtupdb.dll, dldtupdr.dll, dldtupld.exe, dldtuplr.dll, dldtutil.dll, dldtview.exe, dldtwbgc.dll, dldtwbgw.exe, dldtxmlu.dll.

Record Number: 45
Source Name: Print
Time Written: 20090910104447.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: FOULKE-26AE16EB
Event Code: 20
Message: Printer Driver Dell V305 for Windows NT x86 Version-3 was added or updated. Files:- dldtdr.dll, dldtptpc.dll, dldtptpc.dll, dldtprpr.chm, dldtbubl.dll, dldtcats.dll, dldtceip.chm, dldtcfg.dll, dldtcfg.xml, dldtcfgx.exe, dldtclr1.lut, dldtclr2.lut, dldtclr3.lut, dldtcpy4.lut, dldtcomx.dll, dldtcu.dll, dldtcub.dll, dldtcur.dll, dldtdatr.dll, dldtdrui.dll, dldtdtel.ini, dldtdtst.bmp, dldtdtst.jpg, dldtedf.dll, dldtgf.dll, dldthcp.dll, dldthpec.dll, dldtibuf.dll, dldtins.dll, dldtinsb.dll, dldtinsr.dll, dldtjsw.dll, dldtjswb.dll, dldtjswr.dll, dldtjswx.exe, dldtlpa.dll, dldtlpab.dll, dldtlpar.dll, dldtppx.dll, dldtprod.ver, dldtprp.dll, dldtprpb.dll, dldtprpr.dll, dldtpsw.dll, dldtpswb.dll, dldtpswr.dll, dldtpswx.exe, dldtretv.dll, dldtserv.exe, dldtsk0.dll, dldttime.dll, dldttime.exe, dldtuldr.dll, dldtupd.dll, dldtupdb.dll, dldtupdr.dll, dldtupld.exe, dldtuplr.dll, dldtutil.dll, dldtview.exe, dldtwbgc.dll, dldtwbgw.exe, dldtxmlu.dll.

Record Number: 44
Source Name: Print
Time Written: 20090910104421.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: FOULKE-26AE16EB
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 15
Source Name: WinMgmt
Time Written: 20090910102743.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: FOULKE-26AE16EB
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 14
Source Name: WinMgmt
Time Written: 20090910102743.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: FOULKE-26AE16EB
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 13
Source Name: WinMgmt
Time Written: 20090910102742.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: FOULKE-26AE16EB
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 12
Source Name: WinMgmt
Time Written: 20090910102742.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: FOULKE-26AE16EB
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 11
Source Name: WinMgmt
Time Written: 20090910102741.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

#5 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:45 PM

Posted 25 September 2009 - 01:28 PM

Hello, wichicken.
Poker Program Warning!

Full Tilt Poker, Video Poker for Winners

Your logs show that you have been visiting online poker sites with applets installed on your computer. I know that you may use these this game on a regular basis but I think it's important to note that often these kind of programs are installed with other unwanted software, namely spyware or adware. Due to this I strongly suggest that you uninstall these programmes if you do not use them anymore or did not install these programs yourself on purpose.
There are so many online poker games out there these days that it is close to impossible to keep track of whether a program is infected or not. Should you have installed this online poker game on purpose and wish to continue using this, you may ignore this. Should you decide to uninstall the program, then you can do so by following the below steps:

Please uninstall the programs listed above. You can do so via Control Panel >> Add or Remove Programs.
If you are unsure of how to use Add or Remove Programs, the please see this tutorial




We need to run a GMER scan
  • Download GMER and save to your desktop. Note that the file will be randomly named to prevent active malware from stopping the download.
  • Close all other open programs as there is a slight chance your computer will crash.
  • Double click the GMER program ******.exe. Your security programs may detect GMER's driver trying to load. Allow it.
  • You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  • Leaving the settings at default, click Scan.
  • When the scan is complete, click Save and save the log onto your desktop.
NEXT:

We need to run a Panda Active Scan
  • Please go here to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
In your next reply, please include the following:
  • gmer.txt
  • ActiveScan Report

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#6 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:45 PM

Posted 28 September 2009 - 06:52 AM

Hello wichicken
Are you still with us?

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#7 wichicken

wichicken
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 28 September 2009 - 12:53 PM

You'll have everything shortly.
Thank you.

#8 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:45 PM

Posted 28 September 2009 - 05:24 PM

No problem! :(

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#9 wichicken

wichicken
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 29 September 2009 - 03:12 PM

Aommaster,

It'll be at least one more day....he was called away for business. Sorry for the delay. I'm helping out because he couldn't follow the instructions and is very computer illiterate.

Thanks again for the patience on your end.
Cheers.

#10 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:45 PM

Posted 29 September 2009 - 04:13 PM

Hi!

Not a problem at all. I appreciate you letting me know :(

If you have any trouble with the instructions I posted, please don't hesitate to ask :(

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#11 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:45 PM

Posted 02 October 2009 - 10:34 AM

Hi again!

Just checking to make sure you've not experienced any problems with the instructions.

Keep me posted.

Thanks!

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#12 wichicken

wichicken
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 05 October 2009 - 11:19 AM

Hey Aommaster,

My buddy kind of freaked out with the instructions regarding GMER scan. He doesn't like that it may crash his system. I told him it wasn't a big deal. If you don't hear anything from me by Wednesday...go ahead and close this thread. I don't want to waste your time (or mine for that matter ;)

Thanks again.

#13 wichicken

wichicken
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 07 October 2009 - 10:29 AM

I'll have the reports very shortly. There is something definately going on as he has his ISP sending all sorts of bounced e-mails. Thanks for being patient.

#14 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:07:45 PM

Posted 07 October 2009 - 11:12 AM

No problem!

Thanks for letting me know :(

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#15 wichicken

wichicken
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 07 October 2009 - 02:11 PM

Here you go aommaster! I wasn't sure if you wanted the files attached or included in the body of the post so I did both! ;)
GMER first.....ActiveScan second.

Thanks so much.
_______________________

GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-10-07 11:02:45
Windows 5.1.2600 Service Pack 3
Running: 2inrrt0g.exe; Driver: C:\DOCUME~1\Chris\LOCALS~1\Temp\kfeyqkow.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA0F887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA0F8BFE]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[780] kernel32.dll!FindResourceW 7C80BC6E 5 Bytes JMP 0042AD00 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[780] kernel32.dll!FindResourceA 7C80BF29 5 Bytes JMP 0042ACC0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[780] USER32.dll!LoadStringW 7E419E36 5 Bytes JMP 0042AEE0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[780] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 0042ADB0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[780] USER32.dll!LoadStringA 7E42C908 5 Bytes JMP 0042AF90 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[780] USER32.dll!LoadMenuW 7E42EB48 5 Bytes JMP 0042AE80 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[780] USER32.dll!CreateDialogParamA 7E43C7DB 5 Bytes JMP 0042AD40 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[780] USER32.dll!LoadMenuA 7E44FA83 5 Bytes JMP 0042AE20 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
______________

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-10-07 13:39:29
PROTECTIONS: 1
MALWARE: 13
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus Free 8.5 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@doubleclick[1].txt
00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@linksynergy[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@com[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Chris Formisano\Cookies\chris formisano@com[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Chris Formisano\Cookies\chris formisano@apmebf[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@apmebf[2].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@server.iad.liveperson[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@ads.pointroll[2].txt
00173992 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@c5.zedo[1].txt
00182104 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@phg.hitbox[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Chris Formisano\Cookies\chris formisano@go[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@go[2].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@did-it[1].txt
02802522 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP270\A0017694.exe
02803618 Generic Trojan Virus/Trojan No 0 Yes No C:\Program Files\AntivirusPro_2010\wscui.cpl
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Program Files\AntivirusPro_2010\htmlayout.dll
;===================================================================================================================================================================================
SUSPECTS

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users