Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virut / Sality / EVerything! Help!


  • This topic is locked This topic is locked
14 replies to this topic

#1 Dinked

Dinked

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 07 October 2009 - 02:05 AM

DDS LOG

CPU Usuage is used at 100% most of the time
Internet turns off and on randomly

========



DDS (Ver_09-09-29.01) - NTFSx86
Run by Compaq_Owner at 23:40:02.00 on Tue 10/06/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1535.714 [GMT -7:00]

AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ANIWConnService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
mWinlogon: UIHost=c:\windows\system32\logonuiX.exe
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.32.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: StylerToolBar: {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\StylerTB.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [VTTimer] VTTimer.exe
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [D-Link D-Link Wireless 150 USB Adapter DWA-125] c:\program files\d-link\dwa-125 reva\AirGCFG.exe
mRun: [LogonStudio] "c:\program files\wincustomize\logonstudio\logonstudio.exe" /RANDOM
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.32.0\gears.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\wbsrv.dll
AppInit_DLLs: wbsys.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-6-12 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-12 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-12 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-12 108552]
R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [2009-9-7 147456]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-11 297752]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-9-3 269648]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-9-3 19160]
R3 rt2870;D-Link 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-9-7 715520]
S0 sslh;sslh;c:\windows\system32\drivers\qixq.sys --> c:\windows\system32\drivers\qixq.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-5-17 133104]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\compaq~1\locals~1\temp\alsysio.sys --> c:\docume~1\compaq~1\locals~1\temp\ALSysIO.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\compaq~1\locals~1\temp\dfn17a.tmp --> c:\docume~1\compaq~1\locals~1\temp\DFN17A.tmp [?]
S3 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files\turbine\turbine download manager\TurbineMessageService.exe [2009-9-13 267760]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files\turbine\turbine download manager\TurbineNetworkService.exe [2009-9-13 218608]

=============== Created Last 30 ================

2009-09-30 21:18 <DIR> --d----- c:\program files\common files\Software Update Utility
2009-09-24 14:21 <DIR> --d----- c:\program files\Microsoft Games
2009-09-23 20:45 31 a------- c:\windows\Gunzlauncher.INI
2009-09-23 20:38 <DIR> --d----- C:\Trinity Entertainment
2009-09-15 21:40 <DIR> --d----- c:\program files\NDSROM Player
2009-09-15 19:33 4,096 a------- c:\windows\system32\drivers\nocashio.sys
2009-09-14 03:08 <DIR> --d----- c:\windows\system32\XPSViewer
2009-09-14 03:07 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-09-14 03:07 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-09-14 03:07 117,760 -------- c:\windows\system32\prntvpt.dll
2009-09-14 03:07 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-09-14 03:07 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-09-14 03:07 <DIR> --d----- C:\51a50da9354e01cca401
2009-09-14 03:07 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-09-14 03:07 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-09-14 03:07 <DIR> --d----- c:\windows\SxsCaPendDel
2009-09-13 18:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Turbine
2009-09-13 18:14 <DIR> --d----- c:\program files\Turbine
2009-09-13 18:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PMB Files
2009-09-13 18:06 <DIR> --d----- c:\program files\Pando Networks
2009-09-11 14:58 <DIR> --d----- c:\program files\ASIO4ALL v2
2009-09-11 14:58 225,280 a------- c:\windows\system32\rewire.dll
2009-09-11 14:58 <DIR> --d----- c:\program files\VstPlugins
2009-09-11 14:57 1,294,336 a------- c:\windows\system32\vorbis.acm
2009-09-11 14:56 <DIR> --d----- c:\program files\Outsim
2009-09-11 14:52 <DIR> --d----- c:\program files\Image-Line
2009-09-11 08:59 4,096 a------- c:\windows\system32\detoured.dll
2009-09-09 21:09 7,168 a--sh--- c:\windows\Thumbs.db
2009-09-09 18:45 515,416 a------- c:\windows\system32\XAudio2_5.dll
2009-09-09 18:45 238,936 a------- c:\windows\system32\xactengine3_5.dll
2009-09-09 18:45 1,974,616 a------- c:\windows\system32\D3DCompiler_42.dll
2009-09-09 18:45 5,501,792 a------- c:\windows\system32\d3dcsx_42.dll
2009-09-09 18:45 235,344 a------- c:\windows\system32\d3dx11_42.dll
2009-09-09 18:45 1,892,184 a------- c:\windows\system32\D3DX9_42.dll
2009-09-09 18:45 453,456 a------- c:\windows\system32\d3dx10_42.dll
2009-09-09 18:45 1,846,632 a------- c:\windows\system32\D3DCompiler_41.dll
2009-09-09 18:45 453,456 a------- c:\windows\system32\d3dx10_41.dll
2009-09-09 18:45 4,178,264 a------- c:\windows\system32\D3DX9_41.dll
2009-09-09 18:45 517,448 a------- c:\windows\system32\XAudio2_4.dll
2009-09-09 18:45 69,464 a------- c:\windows\system32\XAPOFX1_3.dll
2009-09-09 18:43 237,848 a------- c:\windows\system32\xactengine2_4.dll
2009-09-09 18:42 <DIR> --d----- C:\DirectX
2009-09-09 18:26 3,851,784 a------- c:\windows\system32\d3dx9_39.dll
2009-09-09 17:57 139,152 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-09 17:57 139,152 a------- c:\docume~1\compaq~1\applic~1\PnkBstrK.sys
2009-09-09 17:57 111,928 a------- c:\windows\system32\PnkBstrB.exe
2009-09-09 17:57 794,408 a------- c:\windows\system32\pbsvc.exe
2009-09-09 17:57 75,064 a------- c:\windows\system32\PnkBstrA.exe
2009-09-09 17:57 <DIR> --d----- c:\windows\system32\LogFiles
2009-09-09 17:31 116,736 a------- c:\windows\system32\drivers\mcdbus.sys
2009-09-09 17:31 <DIR> --d----- c:\program files\MagicDisc
2009-09-09 17:06 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-09-09 17:06 <DIR> --d----- c:\docume~1\compaq~1\applic~1\DAEMON Tools Lite
2009-09-09 09:18 29,576 a---h--- c:\windows\system32\mlfcache.dat
2009-09-08 23:56 <DIR> --d----- c:\program files\TaskSwitchXP
2009-09-08 23:55 <DIR> --d----- c:\program files\Yahoo!
2009-09-08 23:18 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Styler
2009-09-08 23:18 <DIR> --d----- c:\program files\Styler
2009-09-08 22:32 42,672 a------- c:\windows\system32\wbsys.dll
2009-09-08 22:32 <DIR> --d----- c:\program files\Stardock
2009-09-08 22:14 24 a------- c:\windows\LogonStudio.ini
2009-09-08 22:08 187,392 a------- c:\windows\system32\JPGUtils.dll
2009-09-08 22:08 <DIR> --d----- c:\program files\common files\Stardock
2009-09-08 22:08 <DIR> --d----- c:\program files\WinCustomize
2009-09-08 18:48 <DIR> --d----- c:\windows\Performance
2009-09-08 16:07 7 a------- c:\windows\system32\ANIWZCSUSERNAME
2009-09-07 14:41 3,284 a------- c:\windows\system32\ANIWZCS{C87A8BE3-A846-4A40-951D-EBE7427C6FC7}
2009-09-07 14:40 147,456 a------- c:\windows\system32\ANIWConnService.exe
2009-09-07 14:40 13 a------- c:\windows\system32\ANIWZCSUSERNAME{C87A8BE3-A846-4A40-951D-EBE7427C6FC7}
2009-09-07 14:39 <DIR> --d----- c:\program files\ANI
2009-09-07 14:38 715,520 a------- c:\windows\system32\drivers\rt2870.sys
2009-09-07 14:38 221,184 a------- c:\windows\system32\RaCoInst.dll
2009-09-07 14:38 13,931 a------- c:\windows\system32\RaCoInst.dat
2009-09-07 14:38 <DIR> --d----- c:\program files\D-Link

==================== Find3M ====================

2009-09-23 23:02 198,608 a------- c:\windows\War3Unin.dat
2009-09-23 20:49 390 a------- c:\program files\Shortcut to Program Files.lnk
2009-09-21 15:11 61,440 a------- c:\windows\IFinst27.exe
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-09 21:29 3,450,880 a------- c:\windows\system32\logonuiX.exe
2009-09-08 20:16 139,264 a------- c:\windows\War3Unin.exe
2009-09-08 20:16 2,829 a------- c:\windows\War3Unin.pif
2009-08-18 18:51 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-17 13:52 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-17 13:52 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-05 02:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-28 21:53 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-28 21:53 82,432 a------- c:\windows\system32\fontsub.dll
2009-07-17 11:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-09 12:16 2,060,288 a------- c:\windows\system32\usbaaplrc.dll

============= FINISH: 23:40:39.45 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:39 PM

Posted 23 October 2009 - 04:10 PM

Hello,

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 Dinked

Dinked
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 25 October 2009 - 04:34 AM

LOG.TXT
==============



Logfile of random's system information tool 1.06 (written by random/random)
Run by Compaq_Owner at 2009-10-25 02:33:19
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 12 GB (17%) free of 71 GB
Total RAM: 1535 MB (18% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:33:54 AM, on 10/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ANIWConnService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Compaq_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless 150 USB Adapter DWA-125] C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [jusched.exe] C:\WINDOWS\justched.exe
O4 - HKLM\..\Run: [Key] C:\WINDOWS\system32\avscanner.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [svchost.exe] C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\svchost.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Key] C:\WINDOWS\system32\avscanner.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ANIWConn Service (ANIWConnService) - Unknown owner - C:\WINDOWS\system32\ANIWConnService.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 11302 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2910290264-54949787-2835151920-1009Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2910290264-54949787-2835151920-1009UA.job
C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Compaq_Owner.job
C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Compaq_Owner.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-08-17 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-10-18 5976904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-18 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll [2009-08-21 2097152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-18 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - C:\Program Files\Styler\TB\StylerTB.dll [2006-05-02 102400]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-10-18 5976904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-18 149280]
"KBD"=C:\HP\KBD\KBD.EXE [2003-02-11 61440]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-04-17 196608]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-04-13 69632]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2004-04-14 233472]
"VTTimer"=VTTimer.exe []
"SiSPower"=SiSPower.dll,ModeAgent []
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-10-21 2025752]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"PS2"=C:\WINDOWS\system32\ps2.exe [2003-09-12 98304]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2007-01-19 49152]
"D-Link D-Link Wireless 150 USB Adapter DWA-125"=C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe [2009-04-22 1683456]
"LogonStudio"=C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe [2002-09-03 987187]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-05-01 13750272]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-09-10 420176]
"jusched.exe"=C:\WINDOWS\justched.exe [2009-10-24 69632]
"Key"=C:\WINDOWS\system32\avscanner.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"svchost.exe"=C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\svchost.exe [2009-10-14 188416]
"RoboForm"=C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2009-10-18 160592]
"Key"=C:\WINDOWS\system32\avscanner.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-07 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe [1998-05-07 52736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2004-08-20 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2009-05-01 13750272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2009-05-01 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-07-16 25604904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskSwitchXP]
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe [2006-08-04 62976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2004-10-20 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
C:\WINDOWS\vVX3000.exe [2009-06-26 757248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^MagicDisc.lnk]
C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2009-02-23 576000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
C:\PROGRA~1\Stardock\OBJECT~2\OBJECT~1.EXE [2007-04-24 3581680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Styler.lnk]
C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2009-09-08 15086]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
C:\PROGRA~1\Yahoo!\Widgets\YAHOOW~1.EXE [2008-03-18 4742184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wbsys.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-17 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll [2009-09-08 210168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe:*:Enabled:BackWeb for Presario"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\7zSA4.tmp\SymNRT.exe"="C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\7zSA4.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgdiag.exe"="C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"
"C:\Program Files\AVG\AVG8\avgdiagex.exe"="C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\Steam\steamapps\Sandldan\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\Sandldan\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\AIM6\aim.exe"="C:\Program Files\AIM6\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Steam\steamapps\chrisx1x\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\chrisx1x\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AIM"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Participatory Culture Foundation\Miro\Miro.exe"="C:\Program Files\Participatory Culture Foundation\Miro\Miro.exe:*:Enabled:Miro"
"C:\Program Files\Participatory Culture Foundation\Miro\Miro_Downloader.exe"="C:\Program Files\Participatory Culture Foundation\Miro\Miro_Downloader.exe:*:Enabled:Miro_Downloader"
"C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\Unreal Tournament\UnrealTournament\System\UnrealTournament.exe"="C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\Unreal Tournament\UnrealTournament\System\UnrealTournament.exe:*:Enabled:UnrealTournament"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Documents and Settings\Compaq_Owner\Desktop\gArena\[www.1st-hacks.com] ultimate garena v1.3.1 by Darkus\Garena.exe"="C:\Documents and Settings\Compaq_Owner\Desktop\gArena\[www.1st-hacks.com] ultimate garena v1.3.1 by Darkus\Garena.exe:*:Enabled:Garena"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe"="C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService"
"C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe"="C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService"
"C:\Documents and Settings\Compaq_Owner\Desktop\utorrent.exe"="C:\Documents and Settings\Compaq_Owner\Desktop\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Simfatic Solutions\SimfaticForms\SimfaticForms.exe"="C:\Program Files\Simfatic Solutions\SimfaticForms\SimfaticForms.exe:*:Enabled:Simfatic Forms "
"C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe"="C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Rhapsody\rhapsody.exe"="C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:Rhapsody Media Player"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty® - World at War™ "
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War™ "
"C:\Program Files\LSoft Technologies Inc\Active@ ISO Burner\IsoBurner.exe"="C:\Program Files\LSoft Technologies Inc\Active@ ISO Burner\IsoBurner.exe:*:Enabled:Active@ ISO Burner"
"C:\Trinity Entertainment\Trinity GunZ\Gunz.exe"="C:\Trinity Entertainment\Trinity GunZ\Gunz.exe:*:Enabled:Gunz"
"C:\Documents and Settings\Compaq_Owner\Desktop\WarezHQ.exe"="C:\Documents and Settings\Compaq_Owner\Desktop\WarezHQ.exe:*:Enabled:Warez HQ Porn Client - Free Version"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWxxxxxxxxx.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWxxxxxxxxx.exe:*:Enabled:Call of Duty®: World at War Campaign/Coop"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWx.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWx.exe:*:Enabled:Call of Duty®: World at War Campaign/Coop"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

======List of files/folders created in the last 1 months======

2009-10-25 02:33:19 ----D---- C:\rsit
2009-10-24 20:28:25 ----A---- C:\WINDOWS\justched.exe
2009-10-19 15:24:42 ----D---- C:\Program Files\Spytector
2009-10-19 15:23:51 ----A---- C:\Documents and Settings\Compaq_Owner\Application Data\file1.exe
2009-10-18 16:11:04 ----D---- C:\Documents and Settings\All Users\Application Data\RoboForm
2009-10-18 16:10:26 ----D---- C:\Program Files\Siber Systems
2009-10-18 14:39:14 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\FileZilla
2009-10-18 14:33:22 ----D---- C:\generator
2009-10-18 14:18:21 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\SimfaticForms
2009-10-18 14:10:38 ----D---- C:\Program Files\Simfatic Solutions
2009-10-17 18:09:43 ----A---- C:\WINDOWS\system32\dsocache.dll
2009-10-17 18:02:44 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-10-17 13:43:37 ----D---- C:\Program Files\ConvertHelper
2009-10-15 17:07:06 ----D---- C:\Program Files\Activision
2009-10-15 01:48:46 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\system32
2009-10-13 22:25:11 ----D---- C:\Program Files\OGPlanet
2009-10-13 17:42:03 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Key Metric Software
2009-10-13 17:28:24 ----D---- C:\Program Files\Key Metric Software
2009-10-13 17:28:24 ----D---- C:\Program Files\Common Files\Key Metric Software
2009-10-13 17:28:10 ----HDC---- C:\Documents and Settings\All Users\Application Data\{C3CF28F9-C7CD-4149-A7AC-C73171364F3D}
2009-10-13 02:36:21 ----A---- C:\Documents and Settings\Compaq_Owner\Application Data\111858046.tmp
2009-10-12 22:21:51 ----D---- C:\PHOTOSHOP
2009-10-12 22:09:14 ----A---- C:\WINDOWS\GetSteamS.dll
2009-10-12 19:45:36 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Move Networks
2009-10-11 19:53:29 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\MozillaControl
2009-10-11 19:52:06 ----D---- C:\Program Files\Mozilla ActiveX Control v1.7.12
2009-10-11 19:49:06 ----D---- C:\Program Files\Graboid
2009-10-11 19:24:50 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-10-11 19:24:39 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2009-10-11 19:22:14 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-10-11 19:21:17 ----A---- C:\WINDOWS\imsins.BAK
2009-10-11 19:21:02 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-10-11 19:09:03 ----D---- C:\Program Files\Rhapsody
2009-10-11 19:05:57 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\vlc
2009-10-11 19:02:58 ----D---- C:\Program Files\VideoLAN
2009-10-11 15:19:05 ----D---- C:\Program Files\PeerGuardian2
2009-10-07 01:35:43 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\DivX
2009-10-07 01:12:02 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-10-07 00:46:53 ----D---- C:\Program Files\Xvid
2009-10-07 00:46:53 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2009-10-07 00:46:53 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-10-06 23:59:31 ----A---- C:\RootRepeal report 10-06-09 (23-59-31).txt
2009-09-30 23:15:53 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-09-30 21:18:15 ----D---- C:\Program Files\Common Files\Software Update Utility

======List of files/folders modified in the last 1 months======

2009-10-25 02:33:54 ----D---- C:\Program Files\Trend Micro
2009-10-25 02:33:23 ----D---- C:\WINDOWS\Temp
2009-10-25 02:33:18 ----D---- C:\WINDOWS\Prefetch
2009-10-25 01:40:21 ----D---- C:\Program Files\Mozilla Firefox
2009-10-24 20:28:25 ----D---- C:\WINDOWS
2009-10-24 20:01:04 ----D---- C:\Program Files\SpeedFan
2009-10-24 19:58:53 ----A---- C:\WINDOWS\LogonStudio.ini
2009-10-23 19:07:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-23 17:12:50 ----HD---- C:\WINDOWS\inf
2009-10-23 17:12:47 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-22 11:37:30 ----D---- C:\WINDOWS\system32\drivers
2009-10-21 22:21:13 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-10-21 21:39:53 ----D---- C:\WINDOWS\system32
2009-10-21 21:38:59 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2009-10-21 08:41:42 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-10-21 00:31:53 ----D---- C:\Program Files\FileZilla FTP Client
2009-10-20 09:51:45 ----SHD---- C:\WINDOWS\Installer
2009-10-20 09:51:45 ----HD---- C:\Config.Msi
2009-10-20 05:53:56 ----SD---- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft
2009-10-19 15:24:42 ----RD---- C:\Program Files
2009-10-19 15:15:56 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\uTorrent
2009-10-19 14:51:51 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-15 17:22:42 ----A---- C:\WINDOWS\system32\pbsvc.exe
2009-10-13 17:28:24 ----D---- C:\Program Files\Common Files
2009-10-13 13:06:30 ----D---- C:\Program Files\Adobe
2009-10-13 02:36:22 ----D---- C:\e2e1023ad934de62a55d83
2009-10-11 19:32:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-11 19:32:30 ----D---- C:\WINDOWS\AppPatch
2009-10-11 19:23:40 ----D---- C:\Program Files\Windows Media Player
2009-10-11 19:21:13 ----D---- C:\WINDOWS\system32\LogFiles
2009-10-11 19:19:13 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Real
2009-10-10 19:17:52 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Apple Computer
2009-10-07 01:12:56 ----D---- C:\Program Files\DivX
2009-10-07 01:11:00 ----D---- C:\Program Files\Common Files\DivX Shared
2009-10-06 23:15:03 ----D---- C:\Program Files\Steam
2009-10-05 01:06:16 ----D---- C:\Program Files\Turbine
2009-10-03 20:37:23 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire
2009-10-03 19:53:45 ----A---- C:\WINDOWS\Gunzlauncher.INI
2009-10-03 18:02:12 ----SD---- C:\WINDOWS\Tasks
2009-09-30 21:58:47 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Athlon64 Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-05-08 35840]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-17 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-17 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-12 108552]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2004-09-24 12928]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-20 2317696]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 rt2870;D-Link 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2009-04-15 715520]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2006-02-14 32768]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 37376]
S1 cbidf2nt;cbidf2nt; C:\WINDOWS\system32\drivers\cbidf2nt.sys []
S1 msgpc2k;msgpc2k; C:\WINDOWS\system32\drivers\msgpc2k.sys []
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S3 ALSysIO;ALSysIO; \??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\ALSysIO.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\DFN17A.tmp []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-07 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-07 21568]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-20 737874]
S3 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 nocashio;nocashio; C:\WINDOWS\system32\drivers\nocashio.sys [2009-09-15 4096]
S3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
S3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2002-07-29 23808]
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2004-09-29 229888]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2003-07-11 32768]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2004-09-23 173312]
S3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2009-06-26 1956352]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-04 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ANIWConnService;ANIWConn Service; C:\WINDOWS\system32\ANIWConnService.exe [2009-02-26 147456]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-17 297752]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-18 153376]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-09-10 269648]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-05-01 168004]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-10-21 75064]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2007-01-19 49152]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-17 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveTurbineMessageService;Turbine Message Service - Live; C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe [2009-09-13 267760]
S3 LiveTurbineNetworkService;Turbine Network Service - Live; C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [2009-09-13 218608]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------















INFO.TXT
==========
info.txt logfile of random's system information tool 1.06 2009-10-25 02:33:58

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Age of Empires III-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Agere Systems PCI Soft Modem-->agrsmdel
AI RoboForm (All Users)-->"C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
AIM 7-->C:\Program Files\AIM\uninst.exe
ANIO Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Call of Duty® - World at War™ 1.1 Patch-->C:\Program Files\InstallShield Installation Information\{AFAE2B15-89A0-4215-A030-F7B5B478886B}\setup.exe -runfromtemp -l0x0409
Call of Duty® - World at War™ 1.2 Patch-->C:\Program Files\InstallShield Installation Information\{2BF0AE92-C3BC-4112-9066-1546342B1FAE}\setup.exe -runfromtemp -l0x0409
Call of Duty® - World at War™ 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{9F01A67B-7D67-482F-9D4F-D5980A440FD4}\setup.exe -runfromtemp -l0x0409
Call of Duty® - World at War™ 1.5 Patch-->C:\Program Files\InstallShield Installation Information\{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}\setup.exe -runfromtemp -l0x0409
Call of Duty® - World at War™ 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}\setup.exe -runfromtemp -l0x0409
Call of Duty® - World at War™-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x0409
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
ConvertHelper 2.2-->"C:\Program Files\ConvertHelper\unins000.exe"
Deckadance-->C:\Program Files\Image-Line\Deckadance\uninstall.exe
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
D-Link Wireless 150 USB Adapter DWA-125-->C:\Program Files\InstallShield Installation Information\{5EE83279-5FEA-4885-823A-B90C23A72DF0}\setup.exe -runfromtemp -l0x0009 -removeonly
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
Dungeons and Dragons Online™ - Eberron Unlimited™ - Live-->"C:\Program Files\Turbine\Dungeons and Dragons Online - Eberron Unlimited\Uninstall.exe" /silent /query 15b35190-c6f9-11d9-9669-0800200c9a66_is1
FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
FolderSizes 4-->"C:\Documents and Settings\All Users\Application Data\{C3CF28F9-C7CD-4149-A7AC-C73171364F3D}\FolderSizes4-Setup.exe" REMOVE=TRUE MODIFY=FALSE
FolderSizes 4-->C:\Documents and Settings\All Users\Application Data\{C3CF28F9-C7CD-4149-A7AC-C73171364F3D}\FolderSizes4-Setup.exe
Garena-->C:\Program Files\Garena\uninst.exe
Google Gears-->MsiExec.exe /I{961D35E8-D426-3E2E-8222-F4FFD9E104FD}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Graboid Video 1.65-->C:\Program Files\Graboid\uninst.exe
Help and Support Additions-->C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
InterVideo DiscLabel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3F058C0-A21C-452D-8D99-95B1A45F417D}\setup.exe" REMOVEALL
InterVideo WinDVD Creator-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
KBD-->C:\HP\KBD\KBD.EXE uninstalled
LimeWire PRO 5.2.13-->"C:\Program Files\LimeWire\uninstall.exe"
LogonStudio-->C:\PROGRA~1\WINCUS~1\LOGONS~1\UNWISE.EXE C:\PROGRA~1\WINCUS~1\LOGONS~1\INSTALL.LOG
MagicDisc 2.7.106-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Miro-->C:\Program Files\Participatory Culture Foundation\Miro\uninstall.exe
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
NDSROM Player-->C:\Program Files\NDSROM Player\Uninstal.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
ObjectDock Plus-->C:\PROGRA~1\Stardock\OBJECT~2\objectdock.exe /uninstall
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
PC-Doctor for Windows-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA} /l1033
PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2\unins000.exe"
PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Rumble Fighter-->"C:\Program Files\OGPlanet\RumbleFighter\uninstall.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Simfatic Forms 3.0.5.175-->"C:\Program Files\Simfatic Solutions\SimfaticForms\uninst\unins000.exe"
SiS 900 PCI Fast Ethernet Adapter Driver-->C:\WINDOWS\SiS\900\Uninst.exe
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
Spytector 1.3.7-->C:\Program Files\Spytector\Spytector.exe /u
Styler-->MsiExec.exe /I{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TaskSwitchXP-->C:\Program Files\TaskSwitchXP\uninst.exe
Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
Trinity GunZ 6.4.0-->C:\Trinity Entertainment\Trinity GunZ\Uninstall.exe
Turbine Download Manager - Live-->"C:\Program Files\Turbine\Turbine Download Manager\UninstallTDM.exe" /silent /query 62289540-dc30-11dc-95ff-0800200c9a66_is1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WindowBlinds-->C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\INSTALL.LOG
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Hotfix - KB883667-->C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wolfenstein™ 1.1 Patch-->C:\Program Files\InstallShield Installation Information\{E03B44A3-9237-4B55-B7A5-DB1DD46920D3}\setup.exe -runfromtemp -l0x0409
Wolfenstein-->C:\Program Files\InstallShield Installation Information\{F9B37992-968C-4264-8449-489032FC28DE}\setup.exe -runfromtemp -l0x0409
Xvid 1.2.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Widgets-->C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe

======Security center information======

AV: AVG Anti-Virus

======System event log======

Computer Name: YOUR-1A4D29F243
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 002401132932. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 1959
Source Name: Dhcp
Time Written: 20090910133117.000000-420
Event Type: warning
User:

Computer Name: YOUR-1A4D29F243
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 002401132932. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 1953
Source Name: Dhcp
Time Written: 20090910133112.000000-420
Event Type: warning
User:

Computer Name: YOUR-1A4D29F243
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 002401132932. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 1951
Source Name: Dhcp
Time Written: 20090910133107.000000-420
Event Type: warning
User:

Computer Name: YOUR-1A4D29F243
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 002401132932. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 1949
Source Name: Dhcp
Time Written: 20090910133102.000000-420
Event Type: warning
User:

Computer Name: YOUR-1A4D29F243
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 002401132932. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 1947
Source Name: Dhcp
Time Written: 20090910133057.000000-420
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\DivX Shared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2c02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:39 PM

Posted 25 October 2009 - 07:52 AM

Hi,

I can see that you do have some baddies that need cleaning up, but I don't see any definate signs of virut or sality at the moment, can you tell me why you
think you have these infections?


Peer-to-Peer Programs Warning
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case µTorrent and LimeWire ). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s). However, please refrain from using them until your computer has been declared clean.



Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.



Please post back here with the following logs:
  • MBAM log
  • Gmer log
  • New Rsit log
Thanks

unite.jpg


#5 Dinked

Dinked
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 25 October 2009 - 07:39 PM

Well i removed saity since no one replied in half a month.
But my internet keeps turning off on me, and my CPU usage is always at 100% basically.

MBAM LOG
=================
Malwarebytes' Anti-Malware 1.40
Database version: 2738
Windows 5.1.2600 Service Pack 2

9/3/2009 9:12:39 PM
mbam-log-2009-09-03 (21-12-39).txt

Scan type: Quick Scan
Objects scanned: 128617
Time elapsed: 14 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Manson (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\MicPhone (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\podmena (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\ThunMail (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Manson\liser.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\MicPhone\antit.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\podmena\podmena.sys (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\ThunMail\testabd.ex_ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\ro122458.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\svchosts.exe (Trojan.Agent) -> Quarantined and deleted successfully.










GMER LOG
=================
GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-25 17:35:24
Windows 5.1.2600 Service Pack 2
Running: 7gso0q6v.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\axlcaaog.sys


---- System - GMER 1.0.15 ----

SSDT spex.sys ZwCreateKey [0xB7EA70E0]
SSDT spex.sys ZwEnumerateKey [0xB7EC5CA4]
SSDT spex.sys ZwEnumerateValueKey [0xB7EC6032]
SSDT spex.sys ZwOpenKey [0xB7EA70C0]
SSDT spex.sys ZwQueryKey [0xB7EC610A]
SSDT spex.sys ZwQueryValueKey [0xB7EC5F8A]
SSDT spex.sys ZwSetValueKey [0xB7EC619C]

INT 0x62 ? 89ADABF8
INT 0x82 ? 89ADABF8
INT 0x83 ? 89ADABF8
INT 0x84 ? 898DFBF8
INT 0x94 ? 898DFBF8
INT 0xA4 ? 898DFBF8
INT 0xB4 ? 898DFBF8

---- Kernel code sections - GMER 1.0.15 ----

? spex.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B65F962C 5 Bytes JMP 898DF1D8

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EA8042] spex.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EA813E] spex.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EA80C0] spex.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EA8800] spex.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EA86D6] spex.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\wuauclt.exe[2260] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6603B14C] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wuauclt.exe[2260] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6603B1A3] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wuauclt.exe[2260] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6603B146] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wuauclt.exe[2260] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowLongW] [66603EA3] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wuauclt.exe[2260] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6603B1A3] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wuauclt.exe[2260] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6603B14C] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wuauclt.exe[2260] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6603B14C] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wuauclt.exe[2260] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6603B1A3] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wuauclt.exe[2260] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6603B14C] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wuauclt.exe[2260] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6603B1A3] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wuauclt.exe[2260] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6603B146] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wuauclt.exe[2260] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6603B1A3] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wuauclt.exe[2260] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6603B14C] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wuauclt.exe[2260] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [6603B220] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wuauclt.exe[2260] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [6603B269] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wuauclt.exe[2260] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowLongA] [66603E7C] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wuauclt.exe[2260] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowLongW] [66603EA3] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wuauclt.exe[2260] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6603B14C] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wuauclt.exe[2260] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6603B1A3] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wuauclt.exe[2260] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6603B146] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wuauclt.exe[2260] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [6603B269] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wuauclt.exe[2260] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowLongW] [66603EA3] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\WINDOWS\system32\wuauclt.exe[2260] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [6603B220] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wuauclt.exe[2260] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6603B1A3] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wuauclt.exe[2260] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6603B146] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wuauclt.exe[2260] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6603B14C] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\WINDOWS\system32\wuauclt.exe[2260] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!SetWindowLongW] [66603EA3] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3852] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6603B1A3] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3852] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6603B14C] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3852] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6603B14C] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3852] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6603B1A3] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3852] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6603B14C] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3852] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6603B1A3] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3852] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExA] [6603B146] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3852] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6603B1A3] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3852] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6603B14C] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3852] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!SetWindowLongA] [66603E7C] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3852] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6603B14C] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3852] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6603B1A3] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3852] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6603B146] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3852] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowLongW] [66603EA3] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3852] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6603B146] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3852] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6603B1A3] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3852] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6603B14C] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3852] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [6603B220] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3852] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [6603B269] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3852] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowLongA] [66603E7C] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3852] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowLongW] [66603EA3] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3852] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6603B14C] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3852] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6603B1A3] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3852] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6603B146] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3852] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [6603B269] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3852] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowLongW] [66603EA3] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll (WindowBlinds Helper DLL/Stardock.Net, Inc)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3852] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [6603B220] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll (WindowBlinds (32 bit XP)/Stardock Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 89A6C1F8
Device \FileSystem\Fastfat \FatCdrom 88DC0500

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\NetBT \Device\NetBT_Tcpip_{D1CBC67D-C59F-4B9B-A3CF-318FD34D0821} 896351F8
Device \Driver\usbohci \Device\USBPDO-0 898DE1F8
Device \Driver\usbohci \Device\USBPDO-1 898DE1F8
Device \Driver\usbohci \Device\USBPDO-2 898DE1F8
Device \Driver\usbehci \Device\USBPDO-3 898DD1F8

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Ftdisk \Device\HarddiskVolume1 89A6E1F8
Device \Driver\USBSTOR \Device\00000071 8995D500
Device \Driver\Ftdisk \Device\HarddiskVolume2 89A6E1F8
Device \Driver\USBSTOR \Device\00000072 8995D500
Device \Driver\Cdrom \Device\CdRom0 8990D1F8
Device \Driver\USBSTOR \Device\00000073 8995D500
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 89ADA1F8
Device \Driver\atapi \Device\Ide\IdePort0 89ADA1F8
Device \Driver\atapi \Device\Ide\IdePort1 89ADA1F8
Device \Driver\atapi \Device\Ide\IdePort2 89ADA1F8
Device \Driver\atapi \Device\Ide\IdePort3 89ADA1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 89ADA1F8
Device \Driver\Cdrom \Device\CdRom1 8990D1F8
Device \Driver\USBSTOR \Device\00000074 8995D500
Device \Driver\NetBT \Device\NetBt_Wins_Export 896351F8
Device \Driver\NetBT \Device\NetbiosSmb 896351F8

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbohci \Device\USBFDO-0 898DE1F8
Device \Driver\usbohci \Device\USBFDO-1 898DE1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 893A51F8
Device \Driver\USBSTOR \Device\0000006e 8995D500
Device \Driver\usbohci \Device\USBFDO-2 898DE1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 893A51F8
Device \Driver\usbehci \Device\USBFDO-3 898DD1F8
Device \Driver\Ftdisk \Device\FtControl 89A6E1F8
Device \FileSystem\Fastfat \Fat 88DC0500

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 88DF4500

---- Threads - GMER 1.0.15 ----

Thread System [4:448] B2F5D3A0
Thread System [4:452] B2F3ECE0

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

---- EOF - GMER 1.0.15 ----










RSIT LOG
=================
Logfile of random's system information tool 1.06 (written by random/random)
Run by Compaq_Owner at 2009-10-25 17:38:42
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 12 GB (17%) free of 71 GB
Total RAM: 1535 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:38:48 PM, on 10/25/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ANIWConnService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Compaq_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless 150 USB Adapter DWA-125] C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Key] C:\WINDOWS\system32\avscanner.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Key] C:\WINDOWS\system32\avscanner.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ANIWConn Service (ANIWConnService) - Unknown owner - C:\WINDOWS\system32\ANIWConnService.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 10501 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2910290264-54949787-2835151920-1009Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2910290264-54949787-2835151920-1009UA.job
C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Compaq_Owner.job
C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Compaq_Owner.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-08-17 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-10-18 5976904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-18 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll [2009-08-21 2097152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-18 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - C:\Program Files\Styler\TB\StylerTB.dll [2006-05-02 102400]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-10-18 5976904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-18 149280]
"KBD"=C:\HP\KBD\KBD.EXE [2003-02-11 61440]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-04-17 196608]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-04-13 69632]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2004-04-14 233472]
"VTTimer"=VTTimer.exe []
"SiSPower"=SiSPower.dll,ModeAgent []
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-10-21 2025752]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"PS2"=C:\WINDOWS\system32\ps2.exe [2003-09-12 98304]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2007-01-19 49152]
"D-Link D-Link Wireless 150 USB Adapter DWA-125"=C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe [2009-04-22 1683456]
"LogonStudio"=C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe [2002-09-03 987187]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-05-01 13750272]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-09-10 420176]
"Key"=C:\WINDOWS\system32\avscanner.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"RoboForm"=C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2009-10-18 160592]
"Key"=C:\WINDOWS\system32\avscanner.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-07 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe [1998-05-07 52736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2004-08-20 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2009-05-01 13750272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2009-05-01 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-07-16 25604904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskSwitchXP]
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe [2006-08-04 62976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2004-10-20 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
C:\WINDOWS\vVX3000.exe [2009-06-26 757248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^MagicDisc.lnk]
C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2009-02-23 576000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
C:\PROGRA~1\Stardock\OBJECT~2\OBJECT~1.EXE [2007-04-24 3581680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Styler.lnk]
C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2009-09-08 15086]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
C:\PROGRA~1\Yahoo!\Widgets\YAHOOW~1.EXE [2008-03-18 4742184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wbsys.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-17 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll [2009-09-08 210168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe:*:Enabled:BackWeb for Presario"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\7zSA4.tmp\SymNRT.exe"="C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\7zSA4.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgdiag.exe"="C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"
"C:\Program Files\AVG\AVG8\avgdiagex.exe"="C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\Steam\steamapps\Sandldan\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\Sandldan\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\AIM6\aim.exe"="C:\Program Files\AIM6\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Steam\steamapps\chrisx1x\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\chrisx1x\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AIM"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Participatory Culture Foundation\Miro\Miro.exe"="C:\Program Files\Participatory Culture Foundation\Miro\Miro.exe:*:Enabled:Miro"
"C:\Program Files\Participatory Culture Foundation\Miro\Miro_Downloader.exe"="C:\Program Files\Participatory Culture Foundation\Miro\Miro_Downloader.exe:*:Enabled:Miro_Downloader"
"C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\Unreal Tournament\UnrealTournament\System\UnrealTournament.exe"="C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\Unreal Tournament\UnrealTournament\System\UnrealTournament.exe:*:Enabled:UnrealTournament"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Documents and Settings\Compaq_Owner\Desktop\gArena\[www.1st-hacks.com] ultimate garena v1.3.1 by Darkus\Garena.exe"="C:\Documents and Settings\Compaq_Owner\Desktop\gArena\[www.1st-hacks.com] ultimate garena v1.3.1 by Darkus\Garena.exe:*:Enabled:Garena"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe"="C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService"
"C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe"="C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService"
"C:\Documents and Settings\Compaq_Owner\Desktop\utorrent.exe"="C:\Documents and Settings\Compaq_Owner\Desktop\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Simfatic Solutions\SimfaticForms\SimfaticForms.exe"="C:\Program Files\Simfatic Solutions\SimfaticForms\SimfaticForms.exe:*:Enabled:Simfatic Forms "
"C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe"="C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Rhapsody\rhapsody.exe"="C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:Rhapsody Media Player"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty® - World at War™ "
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War™ "
"C:\Program Files\LSoft Technologies Inc\Active@ ISO Burner\IsoBurner.exe"="C:\Program Files\LSoft Technologies Inc\Active@ ISO Burner\IsoBurner.exe:*:Enabled:Active@ ISO Burner"
"C:\Trinity Entertainment\Trinity GunZ\Gunz.exe"="C:\Trinity Entertainment\Trinity GunZ\Gunz.exe:*:Enabled:Gunz"
"C:\Documents and Settings\Compaq_Owner\Desktop\WarezHQ.exe"="C:\Documents and Settings\Compaq_Owner\Desktop\WarezHQ.exe:*:Enabled:Warez HQ Porn Client - Free Version"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWxxxxxxxxx.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWxxxxxxxxx.exe:*:Enabled:Call of Duty®: World at War Campaign/Coop"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWx.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWx.exe:*:Enabled:Call of Duty®: World at War Campaign/Coop"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

======List of files/folders created in the last 1 months======

2009-10-25 02:33:19 ----D---- C:\rsit
2009-10-19 15:24:42 ----D---- C:\Program Files\Spytector
2009-10-18 16:11:04 ----D---- C:\Documents and Settings\All Users\Application Data\RoboForm
2009-10-18 16:10:26 ----D---- C:\Program Files\Siber Systems
2009-10-18 14:39:14 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\FileZilla
2009-10-18 14:33:22 ----D---- C:\generator
2009-10-18 14:18:21 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\SimfaticForms
2009-10-18 14:10:38 ----D---- C:\Program Files\Simfatic Solutions
2009-10-17 18:09:43 ----A---- C:\WINDOWS\system32\dsocache.dll
2009-10-17 18:02:44 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-10-17 13:43:37 ----D---- C:\Program Files\ConvertHelper
2009-10-15 17:07:06 ----D---- C:\Program Files\Activision
2009-10-15 01:48:46 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\system32
2009-10-13 22:25:11 ----D---- C:\Program Files\OGPlanet
2009-10-13 17:42:03 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Key Metric Software
2009-10-13 17:28:24 ----D---- C:\Program Files\Key Metric Software
2009-10-13 17:28:24 ----D---- C:\Program Files\Common Files\Key Metric Software
2009-10-13 17:28:10 ----HDC---- C:\Documents and Settings\All Users\Application Data\{C3CF28F9-C7CD-4149-A7AC-C73171364F3D}
2009-10-12 22:21:51 ----D---- C:\PHOTOSHOP
2009-10-12 22:09:14 ----A---- C:\WINDOWS\GetSteamS.dll
2009-10-12 19:45:36 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Move Networks
2009-10-11 19:53:29 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\MozillaControl
2009-10-11 19:52:06 ----D---- C:\Program Files\Mozilla ActiveX Control v1.7.12
2009-10-11 19:49:06 ----D---- C:\Program Files\Graboid
2009-10-11 19:24:50 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-10-11 19:24:39 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2009-10-11 19:22:14 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-10-11 19:21:17 ----A---- C:\WINDOWS\imsins.BAK
2009-10-11 19:21:02 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-10-11 19:09:03 ----D---- C:\Program Files\Rhapsody
2009-10-11 19:05:57 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\vlc
2009-10-11 19:02:58 ----D---- C:\Program Files\VideoLAN
2009-10-11 15:19:05 ----D---- C:\Program Files\PeerGuardian2
2009-10-07 01:35:43 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\DivX
2009-10-07 01:12:02 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-10-07 00:46:53 ----D---- C:\Program Files\Xvid
2009-10-07 00:46:53 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2009-10-07 00:46:53 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-10-06 23:59:31 ----A---- C:\RootRepeal report 10-06-09 (23-59-31).txt
2009-09-30 23:15:53 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-09-30 21:18:15 ----D---- C:\Program Files\Common Files\Software Update Utility

======List of files/folders modified in the last 1 months======

2009-10-25 17:38:43 ----D---- C:\Program Files\Trend Micro
2009-10-25 17:38:16 ----D---- C:\WINDOWS\Temp
2009-10-25 15:36:45 ----D---- C:\Program Files\SpeedFan
2009-10-25 15:35:44 ----D---- C:\WINDOWS\Prefetch
2009-10-25 15:35:16 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-25 15:34:38 ----D---- C:\Program Files\Mozilla Firefox
2009-10-25 15:22:25 ----A---- C:\WINDOWS\LogonStudio.ini
2009-10-25 14:10:20 ----SD---- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft
2009-10-25 14:10:20 ----D---- C:\WINDOWS\system32
2009-10-25 14:10:20 ----D---- C:\WINDOWS
2009-10-23 19:07:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-23 17:12:50 ----HD---- C:\WINDOWS\inf
2009-10-22 11:37:30 ----D---- C:\WINDOWS\system32\drivers
2009-10-21 22:21:13 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-10-21 21:38:59 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2009-10-21 08:41:42 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-10-21 00:31:53 ----D---- C:\Program Files\FileZilla FTP Client
2009-10-20 09:51:45 ----SHD---- C:\WINDOWS\Installer
2009-10-20 09:51:45 ----HD---- C:\Config.Msi
2009-10-19 15:24:42 ----RD---- C:\Program Files
2009-10-19 15:15:56 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\uTorrent
2009-10-19 14:51:51 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-15 17:22:42 ----A---- C:\WINDOWS\system32\pbsvc.exe
2009-10-13 17:28:24 ----D---- C:\Program Files\Common Files
2009-10-13 13:06:30 ----D---- C:\Program Files\Adobe
2009-10-13 02:36:22 ----D---- C:\e2e1023ad934de62a55d83
2009-10-11 19:32:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-11 19:32:30 ----D---- C:\WINDOWS\AppPatch
2009-10-11 19:23:40 ----D---- C:\Program Files\Windows Media Player
2009-10-11 19:21:13 ----D---- C:\WINDOWS\system32\LogFiles
2009-10-11 19:19:13 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Real
2009-10-10 19:17:52 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Apple Computer
2009-10-07 01:12:56 ----D---- C:\Program Files\DivX
2009-10-07 01:11:00 ----D---- C:\Program Files\Common Files\DivX Shared
2009-10-06 23:15:03 ----D---- C:\Program Files\Steam
2009-10-05 01:06:16 ----D---- C:\Program Files\Turbine
2009-10-03 20:37:23 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire
2009-10-03 19:53:45 ----A---- C:\WINDOWS\Gunzlauncher.INI
2009-10-03 18:02:12 ----SD---- C:\WINDOWS\Tasks
2009-09-30 21:58:47 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Athlon64 Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-05-08 35840]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-17 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-17 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-12 108552]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2004-09-24 12928]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-20 2317696]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 rt2870;D-Link 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2009-04-15 715520]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2006-02-14 32768]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 37376]
S1 cbidf2nt;cbidf2nt; C:\WINDOWS\system32\drivers\cbidf2nt.sys []
S1 msgpc2k;msgpc2k; C:\WINDOWS\system32\drivers\msgpc2k.sys []
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S3 ALSysIO;ALSysIO; \??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\ALSysIO.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 axlcaaog;axlcaaog; \??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\axlcaaog.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\DFN17A.tmp []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-07 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-07 21568]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-20 737874]
S3 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 nocashio;nocashio; C:\WINDOWS\system32\drivers\nocashio.sys [2009-09-15 4096]
S3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
S3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2002-07-29 23808]
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2004-09-29 229888]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2003-07-11 32768]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2004-09-23 173312]
S3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2009-06-26 1956352]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-04 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ANIWConnService;ANIWConn Service; C:\WINDOWS\system32\ANIWConnService.exe [2009-02-26 147456]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-17 297752]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-18 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-05-01 168004]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-10-21 75064]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2007-01-19 49152]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-17 133104]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-09-10 269648]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveTurbineMessageService;Turbine Message Service - Live; C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe [2009-09-13 267760]
S3 LiveTurbineNetworkService;Turbine Network Service - Live; C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [2009-09-13 218608]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:39 PM

Posted 25 October 2009 - 09:19 PM

Your version of Malwarebytes is well out of date, you have Database version: 2738, the latest as of writing this is Database version: 3033,
update to the latest version and run another quick scan.


Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Then

Please click this link-->Jotti
When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\WINDOWS\system32\dsocache.dll
C:\WINDOWS\system32\drivers\nocashio.sys

Please post back the results of the scan in your next post.
If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/


  • Go to Start >> Run, and type Notepad into the run box, then click Ok.
  • Copy and paste the following code into Notepad. ( Do not include the word "CODE")
FOR %%A IN (
C:\generator
C:\Documents and Settings\Compaq_Owner\Application Data\system32
) DO (
DIR /A %%A >>"Look.txt"&START NOTEPAD "Look.txt"&DEL %0
)
  • Click on the File tab, and select Save.
  • In the box that opens type search.bat for the File name.
  • Change the Save as type to All Files, then save it to your Desktop. (It should look like this Posted Image)
  • Double click search.bat, a box will pop up briefly on your screen and disappear, this is normal.
  • A notepad will open called Look.txt, please copy and paste this in your next reply.

Please post back here with the following logs:
  • Jotti results
  • Look.txt
  • New MBAM log
  • New Rsit log
Thanks

unite.jpg


#7 Dinked

Dinked
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 26 October 2009 - 03:33 PM

I have the right version, the log didn't update or something. On my Mal ware bytes it says Version 3034.


OH also C:\Generator is a folder containing html for a website i made.
but ill scan it anyways




LOOK.TXT
==========
Volume in drive C is PRESARIO
Volume Serial Number is CC4F-E2FE

Directory of C:\generator

10/18/2009 02:33 PM <DIR> .
10/18/2009 02:33 PM <DIR> ..
10/18/2009 02:33 PM <DIR> code
0 File(s) 0 bytes
3 Dir(s) 7,689,744,384 bytes free
Volume in drive C is PRESARIO
Volume Serial Number is CC4F-E2FE

Directory of C:\

Volume in drive C is PRESARIO
Volume Serial Number is CC4F-E2FE

Directory of C:\Documents and Settings\Compaq_Owner\Desktop

Volume in drive C is PRESARIO
Volume Serial Number is CC4F-E2FE

Directory of C:\Documents and Settings\Compaq_Owner\Desktop\Data



DSOCACHE.DLL is too big. its 266 MB


Filename: nocashio.sys
Status:
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Sun 7 Jun 2009 07:48:47 (CET) Permalink




RSIT LOG
==============


Logfile of random's system information tool 1.06 (written by random/random)
Run by Compaq_Owner at 2009-10-26 13:30:33
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 7 GB (10%) free of 71 GB
Total RAM: 1535 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:30:35 PM, on 10/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ANIWConnService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Compaq_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless 150 USB Adapter DWA-125] C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Key] C:\WINDOWS\system32\avscanner.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Key] C:\WINDOWS\system32\avscanner.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ANIWConn Service (ANIWConnService) - Unknown owner - C:\WINDOWS\system32\ANIWConnService.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 11294 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2910290264-54949787-2835151920-1009Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2910290264-54949787-2835151920-1009UA.job
C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Compaq_Owner.job
C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Compaq_Owner.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-08-17 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-10-18 5976904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-18 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.32.0\gears.dll [2009-08-21 2097152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-18 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - C:\Program Files\Styler\TB\StylerTB.dll [2006-05-02 102400]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-10-18 5976904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-18 149280]
"KBD"=C:\HP\KBD\KBD.EXE [2003-02-11 61440]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-04-17 196608]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-04-13 69632]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2004-04-14 233472]
"VTTimer"=VTTimer.exe []
"SiSPower"=SiSPower.dll,ModeAgent []
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-10-21 2025752]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"PS2"=C:\WINDOWS\system32\ps2.exe [2003-09-12 98304]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2007-01-19 49152]
"D-Link D-Link Wireless 150 USB Adapter DWA-125"=C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe [2009-04-22 1683456]
"LogonStudio"=C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe [2002-09-03 987187]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-05-01 13750272]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-09-10 420176]
"Key"=C:\WINDOWS\system32\avscanner.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"RoboForm"=C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2009-10-18 160592]
"Key"=C:\WINDOWS\system32\avscanner.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-07 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe [1998-05-07 52736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2004-08-20 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2009-05-01 13750272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2009-05-01 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-07-16 25604904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskSwitchXP]
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe [2006-08-04 62976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2004-10-20 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
C:\WINDOWS\vVX3000.exe [2009-06-26 757248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^MagicDisc.lnk]
C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2009-02-23 576000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
C:\PROGRA~1\Stardock\OBJECT~2\OBJECT~1.EXE [2007-04-24 3581680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Styler.lnk]
C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2009-09-08 15086]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
C:\PROGRA~1\Yahoo!\Widgets\YAHOOW~1.EXE [2008-03-18 4742184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wbsys.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-17 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll [2009-09-08 210168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe:*:Enabled:BackWeb for Presario"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\7zSA4.tmp\SymNRT.exe"="C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\7zSA4.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgdiag.exe"="C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"
"C:\Program Files\AVG\AVG8\avgdiagex.exe"="C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\Steam\steamapps\Sandldan\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\Sandldan\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\AIM6\aim.exe"="C:\Program Files\AIM6\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Steam\steamapps\chrisx1x\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\chrisx1x\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AIM"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Participatory Culture Foundation\Miro\Miro.exe"="C:\Program Files\Participatory Culture Foundation\Miro\Miro.exe:*:Enabled:Miro"
"C:\Program Files\Participatory Culture Foundation\Miro\Miro_Downloader.exe"="C:\Program Files\Participatory Culture Foundation\Miro\Miro_Downloader.exe:*:Enabled:Miro_Downloader"
"C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\Unreal Tournament\UnrealTournament\System\UnrealTournament.exe"="C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\Unreal Tournament\UnrealTournament\System\UnrealTournament.exe:*:Enabled:UnrealTournament"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Documents and Settings\Compaq_Owner\Desktop\gArena\[www.1st-hacks.com] ultimate garena v1.3.1 by Darkus\Garena.exe"="C:\Documents and Settings\Compaq_Owner\Desktop\gArena\[www.1st-hacks.com] ultimate garena v1.3.1 by Darkus\Garena.exe:*:Enabled:Garena"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe"="C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService"
"C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe"="C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService"
"C:\Documents and Settings\Compaq_Owner\Desktop\utorrent.exe"="C:\Documents and Settings\Compaq_Owner\Desktop\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Simfatic Solutions\SimfaticForms\SimfaticForms.exe"="C:\Program Files\Simfatic Solutions\SimfaticForms\SimfaticForms.exe:*:Enabled:Simfatic Forms "
"C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe"="C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Rhapsody\rhapsody.exe"="C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:Rhapsody Media Player"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty® - World at War™ "
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War™ "
"C:\Program Files\LSoft Technologies Inc\Active@ ISO Burner\IsoBurner.exe"="C:\Program Files\LSoft Technologies Inc\Active@ ISO Burner\IsoBurner.exe:*:Enabled:Active@ ISO Burner"
"C:\Trinity Entertainment\Trinity GunZ\Gunz.exe"="C:\Trinity Entertainment\Trinity GunZ\Gunz.exe:*:Enabled:Gunz"
"C:\Documents and Settings\Compaq_Owner\Desktop\WarezHQ.exe"="C:\Documents and Settings\Compaq_Owner\Desktop\WarezHQ.exe:*:Enabled:Warez HQ Porn Client - Free Version"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWxxxxxxxxx.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWxxxxxxxxx.exe:*:Enabled:Call of Duty®: World at War Campaign/Coop"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWx.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWx.exe:*:Enabled:Call of Duty®: World at War Campaign/Coop"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

======List of files/folders created in the last 1 months======

2009-10-25 02:33:19 ----D---- C:\rsit
2009-10-18 16:11:04 ----D---- C:\Documents and Settings\All Users\Application Data\RoboForm
2009-10-18 16:10:26 ----D---- C:\Program Files\Siber Systems
2009-10-18 14:39:14 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\FileZilla
2009-10-18 14:33:22 ----D---- C:\generator
2009-10-18 14:18:21 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\SimfaticForms
2009-10-18 14:10:38 ----D---- C:\Program Files\Simfatic Solutions
2009-10-17 18:09:43 ----A---- C:\WINDOWS\system32\dsocache.dll
2009-10-17 18:02:44 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-10-17 13:43:37 ----D---- C:\Program Files\ConvertHelper
2009-10-15 17:07:06 ----D---- C:\Program Files\Activision
2009-10-15 01:48:46 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\system32
2009-10-13 22:25:11 ----D---- C:\Program Files\OGPlanet
2009-10-13 17:42:03 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Key Metric Software
2009-10-13 17:28:24 ----D---- C:\Program Files\Key Metric Software
2009-10-13 17:28:24 ----D---- C:\Program Files\Common Files\Key Metric Software
2009-10-13 17:28:10 ----HDC---- C:\Documents and Settings\All Users\Application Data\{C3CF28F9-C7CD-4149-A7AC-C73171364F3D}
2009-10-12 22:21:51 ----D---- C:\PHOTOSHOP
2009-10-12 22:09:14 ----A---- C:\WINDOWS\GetSteamS.dll
2009-10-12 19:45:36 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Move Networks
2009-10-11 19:53:29 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\MozillaControl
2009-10-11 19:52:06 ----D---- C:\Program Files\Mozilla ActiveX Control v1.7.12
2009-10-11 19:49:06 ----D---- C:\Program Files\Graboid
2009-10-11 19:24:50 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-10-11 19:24:39 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2009-10-11 19:22:14 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-10-11 19:21:17 ----A---- C:\WINDOWS\imsins.BAK
2009-10-11 19:21:02 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-10-11 19:09:03 ----D---- C:\Program Files\Rhapsody
2009-10-11 19:05:57 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\vlc
2009-10-11 19:02:58 ----D---- C:\Program Files\VideoLAN
2009-10-11 15:19:05 ----D---- C:\Program Files\PeerGuardian2
2009-10-07 01:35:43 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\DivX
2009-10-07 01:12:02 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-10-07 00:46:53 ----D---- C:\Program Files\Xvid
2009-10-07 00:46:53 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2009-10-07 00:46:53 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-10-06 23:59:31 ----A---- C:\RootRepeal report 10-06-09 (23-59-31).txt
2009-09-30 23:15:53 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-09-30 21:18:15 ----D---- C:\Program Files\Common Files\Software Update Utility

======List of files/folders modified in the last 1 months======

2009-10-26 13:30:34 ----D---- C:\Program Files\Trend Micro
2009-10-26 13:29:26 ----D---- C:\WINDOWS\Temp
2009-10-26 12:23:41 ----D---- C:\Program Files\Mozilla Firefox
2009-10-26 12:21:23 ----D---- C:\WINDOWS\Prefetch
2009-10-26 05:36:34 ----D---- C:\WINDOWS
2009-10-26 01:18:32 ----RD---- C:\Program Files
2009-10-25 22:40:57 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\uTorrent
2009-10-25 18:07:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-25 15:36:45 ----D---- C:\Program Files\SpeedFan
2009-10-25 15:35:16 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-25 15:22:25 ----A---- C:\WINDOWS\LogonStudio.ini
2009-10-25 14:10:20 ----SD---- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft
2009-10-25 14:10:20 ----D---- C:\WINDOWS\system32
2009-10-23 17:12:50 ----HD---- C:\WINDOWS\inf
2009-10-22 11:37:30 ----D---- C:\WINDOWS\system32\drivers
2009-10-21 22:21:13 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-10-21 21:38:59 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2009-10-21 08:41:42 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-10-21 00:31:53 ----D---- C:\Program Files\FileZilla FTP Client
2009-10-20 09:51:45 ----SHD---- C:\WINDOWS\Installer
2009-10-20 09:51:45 ----HD---- C:\Config.Msi
2009-10-19 14:51:51 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-15 17:22:42 ----A---- C:\WINDOWS\system32\pbsvc.exe
2009-10-13 17:28:24 ----D---- C:\Program Files\Common Files
2009-10-13 13:06:30 ----D---- C:\Program Files\Adobe
2009-10-13 02:36:22 ----D---- C:\e2e1023ad934de62a55d83
2009-10-11 19:32:30 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-11 19:32:30 ----D---- C:\WINDOWS\AppPatch
2009-10-11 19:23:40 ----D---- C:\Program Files\Windows Media Player
2009-10-11 19:21:13 ----D---- C:\WINDOWS\system32\LogFiles
2009-10-11 19:19:13 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Real
2009-10-10 19:17:52 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Apple Computer
2009-10-07 01:12:56 ----D---- C:\Program Files\DivX
2009-10-07 01:11:00 ----D---- C:\Program Files\Common Files\DivX Shared
2009-10-06 23:15:03 ----D---- C:\Program Files\Steam
2009-10-05 01:06:16 ----D---- C:\Program Files\Turbine
2009-10-03 20:37:23 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire
2009-10-03 19:53:45 ----A---- C:\WINDOWS\Gunzlauncher.INI
2009-10-03 18:02:12 ----SD---- C:\WINDOWS\Tasks
2009-09-30 21:58:47 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Athlon64 Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-05-08 35840]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-17 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-17 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-12 108552]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2004-09-24 12928]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-20 2317696]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 rt2870;D-Link 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2009-04-15 715520]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2006-02-14 32768]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 37376]
S1 cbidf2nt;cbidf2nt; C:\WINDOWS\system32\drivers\cbidf2nt.sys []
S1 msgpc2k;msgpc2k; C:\WINDOWS\system32\drivers\msgpc2k.sys []
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S3 ALSysIO;ALSysIO; \??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\ALSysIO.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 axlcaaog;axlcaaog; \??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\axlcaaog.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\DFN17A.tmp []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-07 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-07 21568]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-20 737874]
S3 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 nocashio;nocashio; C:\WINDOWS\system32\drivers\nocashio.sys [2009-09-15 4096]
S3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
S3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2002-07-29 23808]
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2004-09-29 229888]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2003-07-11 32768]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2004-09-23 173312]
S3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2009-06-26 1956352]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-04 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ANIWConnService;ANIWConn Service; C:\WINDOWS\system32\ANIWConnService.exe [2009-02-26 147456]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-17 297752]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-18 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-05-01 168004]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-10-21 75064]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2007-01-19 49152]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-17 133104]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-09-10 269648]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveTurbineMessageService;Turbine Message Service - Live; C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe [2009-09-13 267760]
S3 LiveTurbineNetworkService;Turbine Network Service - Live; C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [2009-09-13 218608]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:39 PM

Posted 26 October 2009 - 04:23 PM

The problem is that you have posted an old log, run malwarebytes and post an up to date log please, also run this batch.
  • Go to Start >> Run, and type Notepad into the run box, then click Ok.
  • Copy and paste the following code into Notepad. ( Do not include the word "CODE")
FOR %%A IN (
"C:\Documents and Settings\Compaq_Owner\Application Data\system32"
"C:\Documents and Settings\All Users\Application Data\TEMP"
) DO (
DIR /A %%A >>"Look1.txt"&START NOTEPAD "Look1.txt"&DEL %0
)
  • Click on the File tab, and select Save.
  • In the box that opens type search.bat for the File name.
  • Change the Save as type to All Files, then save it to your Desktop. (It should look like this Posted Image)
  • Double click search.bat, a box will pop up briefly on your screen and disappear, this is normal.
  • A notepad will open called Look1.txt, please copy and paste this in your next reply.

unite.jpg


#9 Dinked

Dinked
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 28 October 2009 - 02:59 AM

K..


MBAM LOG
================
Malwarebytes' Anti-Malware 1.41
Database version: 3033
Windows 5.1.2600 Service Pack 2

10/25/2009 2:10:20 PM
mbam-log-2009-10-25 (14-10-20).txt

Scan type: Quick Scan
Objects scanned: 146906
Time elapsed: 19 minute(s), 16 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\svchost.exe (Spyware.Passwords) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spytector 1.3.7 (Spyware.Spytector) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jusched.exe (Spyware.Passwords) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\svchost.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\WINDOWS\justched.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\111858046.tmp (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\file1.exe (Spyware.Keylogger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Desktop\Beaver's SMS Bomber.exe (Spyware.Passwords) -> Not selected for removal.
C:\WINDOWS\system32\nvwrse32.dll (Spyware.EliteKeylogger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clbcax86.dll (Spyware.EliteKeylogger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pbsvcsvr.exe (Spyware.EliteKeylogger) -> Quarantined and deleted successfully.






LOOK 1
===============

Volume in drive C is PRESARIO
Volume Serial Number is CC4F-E2FE

Directory of C:\Documents and Settings\Compaq_Owner\Application Data\system32

10/15/2009 01:48 AM <DIR> .
10/15/2009 01:48 AM <DIR> ..
0 File(s) 0 bytes
2 Dir(s) 7,686,938,624 bytes free
Volume in drive C is PRESARIO
Volume Serial Number is CC4F-E2FE

Directory of C:\Documents and Settings\All Users\Application Data\TEMP

10/26/2009 03:35 PM <DIR> .
10/26/2009 03:35 PM <DIR> ..
0 File(s) 0 bytes
2 Dir(s) 7,686,918,144 bytes free

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:39 PM

Posted 28 October 2009 - 08:32 AM

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.



We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Services
    cbidf2nt
    msgpc2k
    ALSysIO
    axlcaaog
    sslh
    GarenaPEngine
    :Reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "VTTimer"=-
    "SiSPower"=-
    "Key"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Key"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Documents and Settings\Compaq_Owner\Desktop\WarezHQ.exe"=-
    :Files
    c:\windows\system32\mlfcache.dat
    c:\windows\IFinst27.exe
    :Commands
    [EmptyTemp]
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Reamove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.



Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Please post back here with the following logs:
  • OTM results
  • Kaspersky report
  • New Rsit log
Thanks

unite.jpg


#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:39 PM

Posted 01 November 2009 - 08:31 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg


#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:39 PM

Posted 11 November 2009 - 09:19 PM

Topic reopened at OP request.

unite.jpg


#13 Dinked

Dinked
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 12 November 2009 - 10:24 PM

RSIT LOG
========


Logfile of random's system information tool 1.06 (written by random/random)
Run by Compaq_Owner at 2009-11-12 19:22:13
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 22 GB (32%) free of 71 GB
Total RAM: 1535 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:22:20 PM, on 11/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ANIWConnService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Compaq_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [D-Link D-Link Wireless 150 USB Adapter DWA-125] C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [NBHGui] "C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ANIWConn Service (ANIWConnService) - Unknown owner - C:\WINDOWS\system32\ANIWConnService.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 11612 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2910290264-54949787-2835151920-1009Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2910290264-54949787-2835151920-1009UA.job
C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Compaq_Owner.job
C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Compaq_Owner.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-08-17 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-10-18 5976904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-10 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll [2009-10-16 2101248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - C:\Program Files\Styler\TB\StylerTB.dll [2006-05-02 102400]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2009-10-18 5976904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"KBD"=C:\HP\KBD\KBD.EXE [2003-02-11 61440]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-04-17 196608]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-04-13 69632]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2004-04-14 233472]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-11-02 2028312]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"PS2"=C:\WINDOWS\system32\ps2.exe [2003-09-12 98304]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"ANIWZCS2Service"=C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2007-01-19 49152]
"D-Link D-Link Wireless 150 USB Adapter DWA-125"=C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe [2009-04-22 1683456]
"LogonStudio"=C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe [2002-09-03 987187]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-04-30 13750272]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-09-10 420176]
"NBHGui"=C:\Program Files\Nero\Nero 9\InCD\NBHGui.exe []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-10 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"RoboForm"=C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2009-10-18 160592]
"Google Update"=C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-07 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-07 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe [1998-05-07 52736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2004-08-20 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2009-04-30 13750272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2009-04-30 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-07-16 25604904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TaskSwitchXP]
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe [2006-08-04 62976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2004-10-20 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
C:\WINDOWS\vVX3000.exe [2009-06-26 757248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^MagicDisc.lnk]
C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2009-02-23 576000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
C:\PROGRA~1\Stardock\OBJECT~2\OBJECT~1.EXE [2007-04-24 3581680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Styler.lnk]
C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2009-09-08 15086]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
C:\PROGRA~1\Yahoo!\Widgets\YAHOOW~1.EXE [2008-03-18 4742184]

C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wbsys.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-17 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll [2009-09-08 210168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe:*:Enabled:BackWeb for Presario"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\7zSA4.tmp\SymNRT.exe"="C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\7zSA4.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgdiag.exe"="C:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"
"C:\Program Files\AVG\AVG8\avgdiagex.exe"="C:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\Steam\steamapps\Sandldan\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\Sandldan\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\AIM6\aim.exe"="C:\Program Files\AIM6\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Steam\steamapps\chrisx1x\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\chrisx1x\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AIM"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Participatory Culture Foundation\Miro\Miro.exe"="C:\Program Files\Participatory Culture Foundation\Miro\Miro.exe:*:Enabled:Miro"
"C:\Program Files\Participatory Culture Foundation\Miro\Miro_Downloader.exe"="C:\Program Files\Participatory Culture Foundation\Miro\Miro_Downloader.exe:*:Enabled:Miro_Downloader"
"C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\Unreal Tournament\UnrealTournament\System\UnrealTournament.exe"="C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\Unreal Tournament\UnrealTournament\System\UnrealTournament.exe:*:Enabled:UnrealTournament"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Documents and Settings\Compaq_Owner\Desktop\gArena\[www.1st-hacks.com] ultimate garena v1.3.1 by Darkus\Garena.exe"="C:\Documents and Settings\Compaq_Owner\Desktop\gArena\[www.1st-hacks.com] ultimate garena v1.3.1 by Darkus\Garena.exe:*:Enabled:Garena"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe"="C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService"
"C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe"="C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService"
"C:\Documents and Settings\Compaq_Owner\Desktop\utorrent.exe"="C:\Documents and Settings\Compaq_Owner\Desktop\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Simfatic Solutions\SimfaticForms\SimfaticForms.exe"="C:\Program Files\Simfatic Solutions\SimfaticForms\SimfaticForms.exe:*:Enabled:Simfatic Forms "
"C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe"="C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty® - World at War™ "
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War™ "
"C:\Program Files\LSoft Technologies Inc\Active@ ISO Burner\IsoBurner.exe"="C:\Program Files\LSoft Technologies Inc\Active@ ISO Burner\IsoBurner.exe:*:Enabled:Active@ ISO Burner"
"C:\Trinity Entertainment\Trinity GunZ\Gunz.exe"="C:\Trinity Entertainment\Trinity GunZ\Gunz.exe:*:Enabled:Gunz"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWxxxxxxxxx.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWxxxxxxxxx.exe:*:Enabled:Call of Duty®: World at War Campaign/Coop"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWx.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWx.exe:*:Enabled:Call of Duty®: World at War Campaign/Coop"
"C:\Program Files\Rhapsody\rhapsody.exe"="C:\Program Files\Rhapsody\rhapsody.exe:*:Enabled:Rhapsody Media Player"
"C:\Program Files\Java\jre6\bin\javaws.exe"="C:\Program Files\Java\jre6\bin\javaws.exe:*:Enabled:Java™ Web Start Launcher"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f8ff530-578d-11de-88c5-0011d814fb4e}]
shell\AutoRun\command - K:\COMMANDS.EXE


======List of files/folders created in the last 1 months======

2009-11-10 12:54:38 ----A---- C:\WINDOWS\system32\javaws.exe
2009-11-10 12:54:38 ----A---- C:\WINDOWS\system32\javaw.exe
2009-11-10 12:54:38 ----A---- C:\WINDOWS\system32\java.exe
2009-11-10 12:52:59 ----D---- C:\_OTM
2009-11-10 12:40:16 ----D---- C:\WINDOWS\ERDNT
2009-11-10 12:39:44 ----D---- C:\Program Files\ERUNT
2009-11-09 19:38:59 ----D---- C:\Program Files\AC3Filter
2009-11-05 18:35:00 ----D---- C:\Program Files\Xilisoft
2009-11-04 16:10:03 ----A---- C:\WINDOWS\NeroDigital.ini
2009-11-04 16:02:33 ----D---- C:\Program Files\Windows Sidebar
2009-11-04 16:01:53 ----A---- C:\WINDOWS\Irremote.ini
2009-11-04 15:43:23 ----D---- C:\Program Files\Nero
2009-11-04 15:42:40 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2009-11-04 15:42:37 ----D---- C:\Program Files\Common Files\Nero
2009-11-02 11:49:50 ----D---- C:\Program Files\Common Files\DirectX
2009-11-02 11:31:49 ----D---- C:\Program Files\Codemasters
2009-10-25 01:33:19 ----D---- C:\rsit
2009-10-18 15:11:04 ----D---- C:\Documents and Settings\All Users\Application Data\RoboForm
2009-10-18 15:10:26 ----D---- C:\Program Files\Siber Systems
2009-10-18 13:39:14 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\FileZilla
2009-10-18 13:33:22 ----D---- C:\generator
2009-10-18 13:18:21 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\SimfaticForms
2009-10-18 13:10:38 ----D---- C:\Program Files\Simfatic Solutions
2009-10-17 17:09:43 ----A---- C:\WINDOWS\system32\dsocache.dll
2009-10-17 17:02:44 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-10-17 12:43:37 ----D---- C:\Program Files\ConvertHelper
2009-10-15 00:48:46 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\system32
2009-10-13 21:25:11 ----D---- C:\Program Files\OGPlanet
2009-10-13 16:42:03 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Key Metric Software
2009-10-13 16:28:24 ----D---- C:\Program Files\Key Metric Software
2009-10-13 16:28:24 ----D---- C:\Program Files\Common Files\Key Metric Software
2009-10-13 16:28:10 ----HDC---- C:\Documents and Settings\All Users\Application Data\{C3CF28F9-C7CD-4149-A7AC-C73171364F3D}

======List of files/folders modified in the last 1 months======

2009-11-12 19:22:15 ----D---- C:\Program Files\Trend Micro
2009-11-12 19:21:08 ----D---- C:\WINDOWS\Temp
2009-11-12 19:17:16 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\uTorrent
2009-11-12 19:08:02 ----D---- C:\Program Files\Mozilla Firefox
2009-11-11 05:56:49 ----D---- C:\WINDOWS\Prefetch
2009-11-10 14:06:45 ----D---- C:\Program Files\SpeedFan
2009-11-10 13:59:44 ----A---- C:\WINDOWS\LogonStudio.ini
2009-11-10 13:49:21 ----D---- C:\WINDOWS
2009-11-10 13:11:35 ----SHD---- C:\WINDOWS\Installer
2009-11-10 13:11:08 ----HD---- C:\Config.Msi
2009-11-10 13:11:05 ----D---- C:\Program Files\Common Files
2009-11-10 13:10:26 ----D---- C:\WINDOWS\system32
2009-11-10 12:55:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-10 12:54:06 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-11-10 12:39:44 ----RD---- C:\Program Files
2009-11-06 03:27:14 ----HD---- C:\WINDOWS\inf
2009-11-06 03:26:22 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-05 20:10:57 ----D---- C:\WINDOWS\system32\drivers
2009-11-05 18:40:09 ----D---- C:\Documents and Settings
2009-11-04 16:36:28 ----D---- C:\Program Files\PeerGuardian2
2009-11-04 15:45:05 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-04 12:57:55 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire
2009-11-02 11:44:04 ----D---- C:\WINDOWS\system32\DirectX
2009-11-02 11:42:30 ----RSD---- C:\WINDOWS\assembly
2009-11-01 15:44:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-28 00:32:10 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\vlc
2009-10-26 13:26:26 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-10-26 13:18:54 ----D---- C:\WINDOWS\Minidump
2009-10-25 13:10:20 ----SD---- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft
2009-10-21 20:38:59 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2009-10-21 07:41:42 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-10-20 23:31:53 ----D---- C:\Program Files\FileZilla FTP Client
2009-10-19 13:51:51 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-15 16:22:42 ----A---- C:\WINDOWS\system32\pbsvc.exe
2009-10-13 16:37:12 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-10-13 12:07:47 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Move Networks
2009-10-13 12:06:30 ----D---- C:\Program Files\Adobe
2009-10-13 01:36:22 ----D---- C:\e2e1023ad934de62a55d83

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Athlon64 Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-05-08 35840]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-17 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-17 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-12 108552]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2004-09-24 12928]
R2 ANIO;ANIO Service; \??\C:\WINDOWS\system32\ANIO.SYS []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-20 2317696]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 rt2870;D-Link 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2009-04-15 715520]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2006-02-14 32768]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 37376]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-07 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-07 21568]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-20 737874]
S3 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 nocashio;nocashio; C:\WINDOWS\system32\drivers\nocashio.sys [2009-09-15 4096]
S3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
S3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys []
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2002-07-29 23808]
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2004-09-29 229888]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2003-07-11 32768]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2004-09-23 173312]
S3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2009-06-26 1956352]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-04 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ANIWConnService;ANIWConn Service; C:\WINDOWS\system32\ANIWConnService.exe [2009-02-26 147456]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-17 297752]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-11-10 153376]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-09-10 269648]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-04-30 168004]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-10-21 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-10-26 189184]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 ANIWZCSdService;ANIWZCSd Service; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2007-01-19 49152]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-17 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveTurbineMessageService;Turbine Message Service - Live; C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe [2009-09-13 267760]
S3 LiveTurbineNetworkService;Turbine Network Service - Live; C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [2009-09-13 218608]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Attached Files



#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:39 PM

Posted 12 November 2009 - 10:39 PM

Well it looks like you didn't get all the Virut\sality, this is not good news, the recommended course of action with this infection is to format, and I think that would be
the best thing to do here.

So unfortunately I am not going to be able to help you here, but if you would like to try and clean this up your self then their are some instruction below on
how you may try to do this, although I would suggest you save yourself the time and format.


Your system is infected with a nasty variant of Virut, a polymorphic file infector with IRCBot functionality which infects .exe, .scr files, downloads more malicious files to your system, and opens a back door that compromises your computer. Virux is an even more complex file infector which also infects script files (.php, .asp, and .html). When Virut creates infected files, it also creates non-functional files that are corrupted beyond repair. In many cases the infected files cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files become corrupted and the system may become irreparable.

The virus has a number of bugs in its code, and as a result it may misinfect a proportion of executable files....some W32/Virut.h infections are corrupted beyond repair.

McAfee Risk Assessment and Overview of W32/Virut
This kind of infection is contracted and spread by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and an increasing source of system infection. However, the CA Security Advisor Research Blog says they have found MySpace user pages carrying the malicious Virut URL. Either way you can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. You should change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:There is no guarantee this infection can be completely removed. In some instances it may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Reinstalling Windows without first wiping the entire hard drive with a repartition and/or format will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there afterwards. Please read:

If you insist on trying to fix this infection instead of following our advice to reformat and reinstall your operating system, there are various rescue disks available from major anti-virus vendors which you can try. Keep in mind, even the vendors like Kaspersky say there is no quarantee that some files will not get corrupted during the disinfection process. In the end most folks end up reformatting out of frustration after spending hours attempting to repair and remove infected files. IMO the safest and easiest thing to do is just reformat and reinstall Windows.

Bleeping Computer DOES NOT assume any responsibility for your attempt to repair this infection using any of the following tools. You do this at your own risk and against our advice.

These are links to Anti-virus vendors that offer free LiveCD or Rescue CD files that are used to boot from for repair of unbootable and damaged systems, rescue data, scan the system for virus infections. Burn it as an image to a disk to get a bootable CD. All (except Avira) are in the ISO Image file format. Avira uses an EXE that has built-in CD burning capability.If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn.


Regards
Syler

unite.jpg


#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:39 PM

Posted 14 November 2009 - 03:48 PM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users