Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Loss of Task Manager and ALT+F4 (MALWARE CHASER 2009)


  • This topic is locked This topic is locked
9 replies to this topic

#1 Necropod

Necropod

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:58 AM

Posted 29 October 2009 - 12:00 PM

Hi there

Firstly, i know this subject has been asked 100 times and im sorry. I have searched other forums and read many threads on how to "Repair" this problem but to no avail. Im kinda new to this so please stick with me.....

The Story: My sisters laptop was recently infected with "MALWARE CHASER 2009" so she gave it to me to clean up and repair. So i cleaned up her laptop and all is currently well.

Actions Taken: I removed the "MALWARE CHASER 2009" with the use of a few forums, spybot, malwarebytes anti-malware, AVG Anti-virus, microsoft malicious software removal tool and a few other programs (just to make sure it was squeaky clean). NONE OF THEM REPORT ANY SPYWARE LEFT. I have searched through the Run areas in the registry and cannot see anything unusual??

The Problem: Despite the fact that there is now no trace whatsoever of any spyware (according to scans), i still get the feeling that something is still on the laptop as i am not able to open task manager nor use the ALT+F4 function to close a window. I have tried CTRL+ALT+DEL and also tried it in the RUN command. I have searched the registry to check if they are disabled but they are not i have checked that the registry keys are there and that the files are in the SYSTEM32 folder and even tried running it from there. Other than those two things the laptop runs perfectly without any other problems.....

Im now out of my own ideas and was hoping that maybe someone here with more experience than myself can assist with getting this functionality back. I have listed my HiJack This log below:

**** EDIT: UPDATED HIJACK THIS LOG ****

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:10:42, on 29/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=presario&pf=laptop
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Google Update Service (gupdate1c9e29c17a2d936) (gupdate1c9e29c17a2d936) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

--
End of file - 8276 bytes

Edited by Necropod, 29 October 2009 - 01:14 PM.


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:58 AM

Posted 04 November 2009 - 10:33 PM

Hello,

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 Necropod

Necropod
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:58 AM

Posted 06 November 2009 - 03:14 PM

Hi Syler

I appreciate you making the effort to help me resolve this problem.

I have followed your instructions and have pasted the results below:

----------------------------------------------------------------------------------------------------------------------------------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by sara at 2009-11-06 20:07:44
Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (19%) free of 68 GB
Total RAM: 1014 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:08:35, on 06/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\sara.JOYCE\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\sara.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=presario&pf=laptop
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Google Update Service (gupdate1c9e29c17a2d936) (gupdate1c9e29c17a2d936) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

--
End of file - 8659 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-06-01 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2009-10-28 1471768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-11 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-10-16 1115392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-10-24 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-11-04 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-10-24 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-10-24 256112]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-10-16 1115392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-06 64512]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-05-04 458752]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\CHDAudPropShortcut.exe [2006-06-02 61952]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-06-17 794713]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2006-06-23 102400]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-06-02 135168]
"Cpqset"=C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [2006-06-19 40960]
"RecGuard"=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2009-10-28 2010904]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-06-01 198160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-01-31 68856]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-10-28 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispCPL"=0
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"ConsentPromptBehaviorAdmin"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 3 months======

2009-11-06 20:07:44 ----D---- C:\rsit
2009-11-04 21:27:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-11-04 21:27:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-11-04 21:27:00 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-10-29 20:00:13 ----D---- C:\WINDOWS\ie8updates
2009-10-29 19:58:33 ----HDC---- C:\WINDOWS\ie8
2009-10-29 17:55:50 ----D---- C:\WINDOWS\Prefetch
2009-10-29 17:34:00 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-10-29 17:33:02 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-10-29 17:16:27 ----N---- C:\WINDOWS\system32\msxml6r.dll
2009-10-29 17:16:27 ----N---- C:\WINDOWS\system32\msxml6.dll
2009-10-29 17:15:44 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-10-29 17:15:44 ----N---- C:\WINDOWS\system32\comsdupd.exe
2009-10-29 17:15:43 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-10-29 17:15:23 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2009-10-29 17:15:23 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-10-29 17:15:22 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-10-29 17:15:22 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2009-10-29 17:15:22 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-10-29 17:15:21 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2009-10-29 17:15:21 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-10-29 17:15:21 ----N---- C:\WINDOWS\system32\ati3duag.dll
2009-10-29 17:15:20 ----N---- C:\WINDOWS\system32\azroles.dll
2009-10-29 17:15:19 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-10-29 17:15:17 ----N---- C:\WINDOWS\system32\credssp.dll
2009-10-29 17:15:16 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-10-29 17:15:16 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-10-29 17:15:16 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-10-29 17:15:16 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-10-29 17:15:15 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-10-29 17:15:15 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-10-29 17:15:15 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-10-29 17:15:15 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-10-29 17:15:15 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-10-29 17:15:15 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-10-29 17:15:14 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-10-29 17:15:14 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-10-29 17:15:14 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-10-29 17:15:14 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-10-29 17:15:14 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-10-29 17:15:14 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-10-29 17:15:13 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-10-29 17:15:13 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-10-29 17:15:11 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-10-29 17:15:08 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-10-29 17:15:07 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-10-29 17:15:06 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-10-29 17:15:05 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-10-29 17:15:04 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-10-29 17:15:04 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-10-29 17:15:03 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-10-29 17:15:03 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-10-29 17:15:03 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-10-29 17:15:02 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-10-29 17:15:01 ----N---- C:\WINDOWS\system32\mssha.dll
2009-10-29 17:15:00 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-10-29 17:15:00 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-10-29 17:15:00 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-10-29 17:14:59 ----N---- C:\WINDOWS\system32\napstat.exe
2009-10-29 17:14:59 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-10-29 17:14:58 ----N---- C:\WINDOWS\system32\onex.dll
2009-10-29 17:14:58 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2009-10-29 17:14:57 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-10-29 17:14:57 ----N---- C:\WINDOWS\system32\qagent.dll
2009-10-29 17:14:57 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-10-29 17:14:56 ----N---- C:\WINDOWS\system32\setupn.exe
2009-10-29 17:14:56 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-10-29 17:14:56 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-10-29 17:14:56 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-10-29 17:14:56 ----N---- C:\WINDOWS\system32\qutil.dll
2009-10-29 17:14:56 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-10-29 17:14:55 ----N---- C:\WINDOWS\system32\slserv.exe
2009-10-29 17:14:55 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-10-29 17:14:55 ----N---- C:\WINDOWS\system32\slgen.dll
2009-10-29 17:14:55 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-10-29 17:14:55 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-10-29 17:14:53 ----N---- C:\WINDOWS\system32\verclsid.exe
2009-10-29 17:14:53 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-10-29 17:14:53 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-10-29 17:14:51 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-10-29 17:14:51 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-10-29 17:14:50 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-10-29 17:14:49 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-10-29 17:14:47 ----A---- C:\WINDOWS\system32\xmllite.dll
2009-10-29 17:14:44 ----N---- C:\WINDOWS\slrundll.exe
2009-10-29 17:14:43 ----D---- C:\WINDOWS\system32\en-us
2009-10-29 17:14:38 ----D---- C:\WINDOWS\system32\scripting
2009-10-29 17:14:20 ----D---- C:\WINDOWS\l2schemas
2009-10-29 17:14:12 ----D---- C:\WINDOWS\system32\en
2009-10-29 17:14:10 ----D---- C:\WINDOWS\system32\bits
2009-10-29 16:46:33 ----A---- C:\WINDOWS\002821_.tmp
2009-10-29 16:41:42 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-10-28 22:10:53 ----D---- C:\Program Files\Trend Micro
2009-10-28 21:30:50 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-10-28 16:43:45 ----D---- C:\Documents and Settings\sara.JOYCE\Application Data\AVG9
2009-10-28 15:59:46 ----HD---- C:\$AVG
2009-10-28 15:59:18 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-10-28 15:58:56 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2009-10-28 15:58:22 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2009-10-28 15:54:10 ----A---- C:\WINDOWS\system32\avgfwdx.dll
2009-10-28 15:46:47 ----D---- C:\WINDOWS\pss
2009-10-28 14:06:52 ----D---- C:\WINDOWS\system32\appmgmt
2009-10-28 12:32:09 ----D---- C:\Documents and Settings\sara.JOYCE\Application Data\Malwarebytes
2009-10-28 12:32:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-28 12:32:00 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-28 11:59:24 ----A---- C:\WINDOWS\ntbtlog.txt
2009-10-28 10:54:21 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-28 09:44:18 ----HD---- C:\WINDOWS\PIF
2009-10-24 10:09:07 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-10-24 10:08:29 ----HDC---- C:\WINDOWS\$NtUninstallKB974455$
2009-10-24 10:08:06 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-24 10:07:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-24 10:03:21 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-24 10:03:05 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-10-24 10:02:50 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-10-24 10:02:35 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-10-24 10:02:20 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-24 10:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-10-24 10:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-10-24 10:01:04 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-10-24 10:00:51 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-10-24 10:00:37 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-24 10:00:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-10-24 10:00:08 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-24 09:59:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-10-24 09:59:17 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-10-24 09:57:47 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-10-24 09:57:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973768$
2009-10-24 09:56:49 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-24 09:56:26 ----D---- C:\WINDOWS\ServicePackFiles
2009-10-24 09:56:23 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-10-24 09:56:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-10-24 09:55:46 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-24 09:55:00 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2009-10-24 09:54:26 ----HDC---- C:\WINDOWS\$NtUninstallKB953295$
2009-10-24 09:53:14 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-10-24 09:52:56 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-24 09:52:21 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-09-25 05:37:09 ----N---- C:\WINDOWS\system32\ieencode.dll

======List of files/folders modified in the last 3 months======

2009-11-06 20:07:52 ----D---- C:\WINDOWS\Temp
2009-11-06 20:04:26 ----D---- C:\WINDOWS\system32
2009-11-06 20:04:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-06 20:03:19 ----D---- C:\Program Files\Mozilla Firefox
2009-11-06 20:02:08 ----A---- C:\hpqp.ini
2009-11-06 20:01:59 ----A---- C:\XP_TV.ini
2009-11-06 20:01:50 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2009-11-06 20:01:32 ----D---- C:\WINDOWS
2009-11-06 20:01:12 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-11-06 20:01:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-06 20:01:01 ----D---- C:\WINDOWS\Registration
2009-11-06 20:00:36 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-06 19:57:55 ----D---- C:\WINDOWS\system32\Setup
2009-11-06 19:57:54 ----D---- C:\WINDOWS\system32\drivers
2009-11-06 18:23:12 ----HD---- C:\WINDOWS\inf
2009-11-06 18:21:14 ----D---- C:\WINDOWS\Help
2009-11-04 21:27:36 ----A---- C:\WINDOWS\imsins.BAK
2009-11-04 21:27:23 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-04 17:57:04 ----SHD---- C:\WINDOWS\Installer
2009-11-04 17:23:24 ----D---- C:\WINDOWS\Media
2009-11-04 17:23:24 ----D---- C:\Program Files\Internet Explorer
2009-11-04 17:23:23 ----SHD---- C:\Config.Msi
2009-11-04 17:23:23 ----D---- C:\WINDOWS\system32\wbem
2009-10-29 20:02:26 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-29 20:01:53 ----D---- C:\Program Files\Messenger
2009-10-29 19:59:20 ----D---- C:\WINDOWS\system32\config
2009-10-29 19:10:35 ----D---- C:\Program Files\Outlook Express
2009-10-29 18:05:35 ----A---- C:\WINDOWS\OEWABLog.txt
2009-10-29 17:56:12 ----A---- C:\WINDOWS\setuplog.txt
2009-10-29 17:55:13 ----D---- C:\WINDOWS\AppPatch
2009-10-29 17:55:11 ----RSD---- C:\WINDOWS\Fonts
2009-10-29 17:30:43 ----D---- C:\WINDOWS\security
2009-10-29 17:23:12 ----D---- C:\WINDOWS\system32\inetsrv
2009-10-29 17:17:03 ----D---- C:\WINDOWS\WinSxS
2009-10-29 17:15:40 ----D---- C:\WINDOWS\network diagnostic
2009-10-29 17:15:39 ----D---- C:\WINDOWS\ime
2009-10-29 17:14:43 ----D---- C:\WINDOWS\system32\usmt
2009-10-29 17:14:10 ----D---- C:\WINDOWS\PeerNet
2009-10-29 17:14:09 ----D---- C:\Program Files\Movie Maker
2009-10-29 16:56:21 ----D---- C:\WINDOWS\system32\Restore
2009-10-29 16:56:21 ----D---- C:\WINDOWS\system32\npp
2009-10-29 16:56:20 ----D---- C:\WINDOWS\mui
2009-10-29 16:56:13 ----D---- C:\WINDOWS\msagent
2009-10-29 16:56:03 ----D---- C:\WINDOWS\srchasst
2009-10-29 16:55:59 ----D---- C:\Program Files\NetMeeting
2009-10-29 16:55:53 ----D---- C:\WINDOWS\system32\Com
2009-10-29 16:55:46 ----D---- C:\Program Files\Windows NT
2009-10-29 16:55:32 ----D---- C:\Program Files\Common Files\System
2009-10-29 16:54:35 ----D---- C:\WINDOWS\system32\oobe
2009-10-29 16:54:19 ----D---- C:\WINDOWS\system
2009-10-29 16:46:26 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-10-29 16:41:38 ----D---- C:\WINDOWS\ehome
2009-10-29 11:49:59 ----SD---- C:\WINDOWS\Tasks
2009-10-29 10:58:43 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-10-28 22:10:53 ----D---- C:\Program Files
2009-10-28 19:30:52 ----SHD---- C:\System Volume Information
2009-10-28 18:42:01 ----D---- C:\Program Files\RGB
2009-10-28 15:50:27 ----SD---- C:\Documents and Settings\sara.JOYCE\Application Data\Microsoft
2009-10-28 14:53:45 ----D---- C:\Program Files\ColorFun
2009-10-28 14:35:09 ----D---- C:\Program Files\WinASO
2009-10-28 14:11:58 ----D---- C:\Program Files\NetWaiting
2009-10-28 14:11:56 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-28 14:07:37 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-10-28 14:07:36 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-28 14:06:39 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-10-28 12:30:33 ----SHD---- C:\Documents and Settings\All Users\Application Data\306f0fa
2009-10-28 11:25:58 ----A---- C:\WINDOWS\WININIT.INI
2009-10-28 10:19:07 ----A---- C:\WINDOWS\system.ini
2009-10-24 09:05:20 ----D---- C:\Program Files\AVG
2009-10-24 09:04:24 ----D---- C:\Program Files\Google
2009-10-24 08:21:27 ----SHD---- C:\RECYCLER
2009-10-24 08:15:34 ----D---- C:\Documents and Settings
2009-10-22 09:19:04 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-02 11:01:58 ----A---- C:\WINDOWS\system32\MRT.exe
2009-09-25 05:37:10 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-09-11 14:18:39 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-09-04 21:03:36 ----A---- C:\WINDOWS\system32\msasn1.dll
2009-08-29 08:08:21 ----A---- C:\WINDOWS\system32\wininet.dll
2009-08-29 08:08:21 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-08-29 08:08:20 ----N---- C:\WINDOWS\system32\occache.dll
2009-08-29 08:08:18 ----N---- C:\WINDOWS\system32\jsproxy.dll
2009-08-29 08:08:18 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-08-29 08:08:18 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-08-29 08:08:18 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-08-29 08:08:17 ----N---- C:\WINDOWS\system32\iepeers.dll
2009-08-29 08:08:16 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-08-29 08:08:13 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-08-28 10:35:52 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2009-08-26 08:16:37 ----A---- C:\WINDOWS\system32\strmdll.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-10-28 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-10-28 28424]
R1 AvgTdiX;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-10-28 360584]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-14 12672]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2009-10-28 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys []
R3 AVGIDSFilterxpx;AVG9IDSFilter; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys []
R3 AVGIDSShimxpx;AVG9IDSShim; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys []
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-01-19 424320]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-06-02 572928]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-08-22 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-08-22 201600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-02-27 81408]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-06-17 193120]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-08-22 718464]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2009-10-28 30104]
S3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 KLIF;KLIF; \??\C:\WINDOWS\system32\drivers\klif.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2008-09-04 13056]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys []
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg9emc;AVG E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2009-10-28 906520]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-10-28 285392]
R2 avgfws9;AVG Firewall; C:\Program Files\AVG\AVG9\avgfws9.exe [2009-10-28 2321720]
R2 AVGIDSAgent;AVG9IDSAgent; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2009-10-28 5832712]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-06 102912]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-06 99328]
R2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2008-04-14 4608]
R2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2008-04-14 117248]
S2 gupdate1c9e29c17a2d936;Google Update Service (gupdate1c9e29c17a2d936); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-01 133104]
S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-05-08 98304]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-24 182768]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\wmpnetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------


----------------------------------------------------------------------------------------------------------------------------------------



info.txt logfile of random's system information tool 1.06 2009-11-06 20:08:43

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}\Setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
AVG 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}\SETUP.EXE" -l0x9 UNINST
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -ICPL30A5a.INF
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
CSI-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BA044B0-A5E4-428E-8731-63BD5DD4FDB2}\setup.exe" -l0x9
EPSON Attach To Email-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x9 -UnInstall
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D78F2A2-C893-4ABD-B5FE-AD7011837755}\SETUP.EXE" -l0x9 UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x9 UNINST
EPSON Print CD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\SETUP.EXE" -l0x9 -SYSTEM
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Stylus Photo RX585_RX610 Manual-->C:\Program Files\EPSON\TPMANUAL\ESPRX585_610\ENG\USE_G\DOCUNINS.EXE
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
Google Chrome-->"C:\Program Files\Google\Chrome\Application\3.0.195.27\Installer\setup.exe" --uninstall --system-level
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_CPL30A5m\HXFSETUP.EXE -U -ICPL30A5m.inf
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP DVD Play 2.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 6.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.0-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Quick Launch Buttons 6.10 A1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9 -removeonly uninst
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP User Guides 0037-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{552E6DA4-A0F9-41AC-8473-E825D60674EA}\setup.exe" -l0x9 -removeonly
HP User Guides--System Recovery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC96BBA7-C634-460E-AD18-A0A994213F80}\Setup.exe" -l0x9 -removeonly
HP Wireless Assistant 2.00 G2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
IntelŪ Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
LG PC Suite II-->C:\Program Files\InstallShield Installation Information\{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}\setup.exe -runfromtemp -l0x0009 -removeonly
LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x9 LG -removeonly
Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Macromedia Shockwave Player-->MsiExec.exe /X{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SmartAudio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEF7A12C-CD9B-4773-8AD1-6916138CA7EA}\setup.exe" -l0x9 -removeonly -S
Sonic Audio Module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SonicAC3Encoder-->MsiExec.exe /I{52FBAE98-D389-4281-8C14-21B4046CCB4E}
SonicMPEGEncoder-->MsiExec.exe /I{B16AF568-A644-483C-A6DA-5028CD019C8C}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
WinASO Registry Optimizer 4.5.1-->"C:\Program Files\WinASO\Registry Optimizer\unins000.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

=====HijackThis Backups=====

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) [2009-10-28]
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) [2009-10-29]
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [2009-10-29]
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [2009-10-29]

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: Malware Catcher 2009
AV: AVG Internet Security 3-pack
FW: Malware Catcher 2009
FW: AVG Firewall

======System event log======

Computer Name: JOYCE
Event Code: 8032
Message: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{0145AD5C-4EBC-4C32-97C8-DB1946220D36}.
The backup browser is stopping.

Record Number: 1508
Source Name: BROWSER
Time Written: 20090530135408.000000+060
Event Type: error
User:

Computer Name: JOYCE
Event Code: 8021
Message: The browser was unable to retrieve a list of servers from the browser master \\RICHARDS-LAPTOP on the network \Device\NetBT_Tcpip_{0145AD5C-4EBC-4C32-97C8-DB1946220D36}.
The data is the error code.

Record Number: 1507
Source Name: BROWSER
Time Written: 20090530135038.000000+060
Event Type: warning
User:

Computer Name: JOYCE
Event Code: 7011
Message: Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.

Record Number: 1486
Source Name: Service Control Manager
Time Written: 20090529212353.000000+060
Event Type: error
User:

Computer Name: JOYCE
Event Code: 8032
Message: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{77989FC1-4D2A-4BE2-9954-34D9F5418BF4}.
The backup browser is stopping.

Record Number: 1456
Source Name: BROWSER
Time Written: 20090528210210.000000+060
Event Type: error
User:

Computer Name: JOYCE
Event Code: 8021
Message: The browser was unable to retrieve a list of servers from the browser master \\RICHARDS-LAPTOP on the network \Device\NetBT_Tcpip_{77989FC1-4D2A-4BE2-9954-34D9F5418BF4}.
The data is the error code.

Record Number: 1455
Source Name: BROWSER
Time Written: 20090528205839.000000+060
Event Type: warning
User:

=====Application event log=====

Computer Name: JOYCE
Event Code: 1000
Message: Faulting application msnmsgr.exe, version 8.5.1302.1018, faulting module kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.

Record Number: 186
Source Name: Application Error
Time Written: 20090513204058.000000+060
Event Type: error
User:

Computer Name: JOYCE
Event Code: 1000
Message: Faulting application msnmsgr.exe, version 8.5.1302.1018, faulting module kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.

Record Number: 185
Source Name: Application Error
Time Written: 20090513204007.000000+060
Event Type: error
User:

Computer Name: JOYCE
Event Code: 1000
Message: Faulting application msnmsgr.exe, version 8.5.1302.1018, faulting module kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.

Record Number: 184
Source Name: Application Error
Time Written: 20090513203732.000000+060
Event Type: error
User:

Computer Name: JOYCE
Event Code: 1000
Message: Faulting application iexplore.exe, version 6.0.2900.2180, faulting module vgx.dll, version 6.0.2900.2180, fault address 0x0005c4c7.

Record Number: 169
Source Name: Application Error
Time Written: 20090513073601.000000+060
Event Type: error
User:

Computer Name: JOYCE
Event Code: 1000
Message: Faulting application msnmsgr.exe, version 8.5.1302.1018, faulting module kernel32.dll, version 5.1.2600.3541, fault address 0x00012a6b.

Record Number: 162
Source Name: Application Error
Time Written: 20090512214718.000000+060
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"PCTYPE"=PRESARIO
"PLATFORM"=MCD

-----------------EOF-----------------

Edited by Necropod, 06 November 2009 - 03:15 PM.


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:58 AM

Posted 06 November 2009 - 03:19 PM

Hello Necropod,


Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.



Please post back here with the following logs:
  • MBAM log
  • Gmer log
  • New Rsit log
Thanks

unite.jpg


#5 Necropod

Necropod
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:58 AM

Posted 08 November 2009 - 06:13 PM

Scanned with Malwarebytes Anti Malware - Updated, Searched 100% full scan but does not detect anything (as stated in first post)

I have posted the GMER results as requested below.......

EDIT NOTE: AVG Antivirus was NOT disabled during GMER scan.

-------------------------------------------------------------------------------------------------------------------------------------

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-08 23:08:35
Windows 5.1.2600 Service Pack 3
Running: vupo0ymr.exe; Driver: C:\DOCUME~1\SARA~1.JOY\LOCALS~1\Temp\uxtdypog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwOpenProcess [0xF79C7470]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateProcess [0xF79C7520]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateThread [0xF79C75C0]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwWriteVirtualMemory [0xF79C7660]

---- Kernel code sections - GMER 1.0.15 ----

.text KSecDD.sys!UnsealMessage + FFFF6156 F72E43BA 1 Byte [A0]
.text KSecDD.sys!KSecRegisterSecurityProvider + B F72E49E9 1 Byte [E4]
.text KSecDD.sys!KSecRegisterSecurityProvider + 19 F72E49F7 1 Byte [A8]
.text KSecDD.sys!KSecRegisterSecurityProvider + 25 F72E4A03 1 Byte [9C]
.text KSecDD.sys!KSecRegisterSecurityProvider + 46 F72E4A24 1 Byte [A0]
.text KSecDD.sys!KSecRegisterSecurityProvider + 4F F72E4A2D 1 Byte [9C]
.text ...
.text KSecDD.sys!SecSetPagingMode + 9 F72E4D33 1 Byte [B0]
.text KSecDD.sys!SecSetPagingMode + 1D F72E4D47 1 Byte [04]
.text KSecDD.sys!SecSetPagingMode + 23 F72E4D4D 1 Byte [04]
.text KSecDD.sys!SecSetPagingMode + 36 F72E4D60 1 Byte [04]
.text KSecDD.sys!SecSetPagingMode + 42 F72E4D6C 1 Byte [A4]
.text ...
.text KSecDD.sys!GetSecurityUserInfo + 158 F72E4F66 1 Byte [30]
.text KSecDD.sys!GetSecurityUserInfo + 15D F72E4F6B 1 Byte [6D]
.text KSecDD.sys!GetSecurityUserInfo + 17B F72E4F89 1 Byte [0C]
.text KSecDD.sys!SecMakeSPNEx + 763 F72E5795 1 Byte [9F]
.text KSecDD.sys!SecMakeSPNEx + 76F F72E57A1 1 Byte [AB]
.text KSecDD.sys!SecMakeSPNEx + 7C9 F72E57FB 1 Byte [74]
.text KSecDD.sys!SecMakeSPNEx + 825 F72E5857 1 Byte [8A]
.text KSecDD.sys!SecMakeSPNEx + 854 F72E5886 71 Bytes [56, 57, 8B, 7D, 08, 8B, 47, ...]
.text ...
PAGE KSecDD.sys!CredMarshalTargetInfo + 6B1 F72EAACB 1 Byte [0C]
PAGE KSecDD.sys!CredMarshalTargetInfo + 7AC F72EABC6 1 Byte [16]
PAGE KSecDD.sys!CredMarshalTargetInfo + 7BB F72EABD5 1 Byte [6A]
PAGE KSecDD.sys!CredMarshalTargetInfo + 7C0 F72EABDA 1 Byte [24]
PAGE KSecDD.sys!CredMarshalTargetInfo + 7CA F72EABE4 1 Byte [1C]
PAGE ...
PAGE KSecDD.sys!AcquireCredentialsHandleW + 3D F72EAF4F 19 Bytes [DF, 89, 5D, F4, 74, 1C, FF, ...]
PAGE KSecDD.sys!AcquireCredentialsHandleW + 51 F72EAF63 116 Bytes [85, C0, 7C, 0A, 8B, 73, 08, ...]
PAGE KSecDD.sys!AddCredentialsW + C F72EB024 1 Byte [0C]
PAGE KSecDD.sys!AddCredentialsW + C F72EB024 11 Bytes [0C, 75, 03, 8D, 4D, F0, 3B, ...]
PAGE KSecDD.sys!AddCredentialsW + 18 F72EB030 3 Bytes [F8, 56, 8D]
PAGE KSecDD.sys!AddCredentialsW + 1C F72EB034 114 Bytes [0C, 56, 51, FF, 75, 20, FF, ...]
PAGE KSecDD.sys!QueryCredentialsAttributesW F72EB0A8 13 Bytes [CC, CC, CC, CC, 8B, FF, 55, ...]
PAGE KSecDD.sys!QueryCredentialsAttributesW + E F72EB0B6 148 Bytes [0C, 53, 56, 8B, 75, 14, 33, ...]
PAGE KSecDD.sys!QueryCredentialsAttributesW + A3 F72EB14B 80 Bytes [85, F6, C7, 45, FC, 30, 00, ...]
PAGE KSecDD.sys!QueryCredentialsAttributesW + F4 F72EB19C 59 Bytes [76, 49, 8B, 4D, 18, 8B, 41, ...]
PAGE KSecDD.sys!QueryCredentialsAttributesW + 130 F72EB1D8 46 Bytes [83, E1, FC, 01, 4D, FC, 83, ...]
PAGE ...
PAGE KSecDD.sys!EnumerateSecurityPackagesW + 2 F72EB536 3 Bytes [FF, 33, C0]
PAGE KSecDD.sys!EnumerateSecurityPackagesW + 6 F72EB53A 5 Bytes [C2, 04, 00, CC, CC] {RET 0x4; INT 3 ; INT 3 }
PAGE KSecDD.sys!EnumerateSecurityPackagesW + E F72EB542 13 Bytes [8B, FF, 55, 8B, EC, 5D, E9, ...] {MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; POP EBP; JMP 0xffffffffffffea3e; INT 3 ; INT 3 }
PAGE KSecDD.sys!QuerySecurityPackageInfoW + E F72EB552 37 Bytes [8B, FF, 55, 8B, EC, 8D, 45, ...]
PAGE KSecDD.sys!LsaEnumerateLogonSessions + C F72EB578 84 Bytes [8B, FF, 55, 8B, EC, 81, EC, ...]
PAGE KSecDD.sys!InitializeSecurityContextW + 2B F72EB5CD 5 Bytes [4D, E0, 8B, 4E, 04]
PAGE KSecDD.sys!InitializeSecurityContextW + 31 F72EB5D3 133 Bytes [4D, E4, 3B, C3, 8B, 4D, 28, ...]
PAGE KSecDD.sys!InitializeSecurityContextW + B7 F72EB659 2 Bytes [5D, A8]
PAGE KSecDD.sys!InitializeSecurityContextW + BA F72EB65C 1 Byte [BD]
PAGE KSecDD.sys!InitializeSecurityContextW + BF F72EB661 30 Bytes [F3, A5, 8B, C8, 8D, 45, CC, ...]
PAGE ...
PAGE KSecDD.sys!AcceptSecurityContext + 2B F72EB811 5 Bytes [4D, E0, 8B, 4E, 04]
PAGE KSecDD.sys!AcceptSecurityContext + 31 F72EB817 62 Bytes [4D, E4, 3B, C3, 8B, 4D, 1C, ...]
PAGE KSecDD.sys!AcceptSecurityContext + 70 F72EB856 32 Bytes [72, 08, 8D, 85, F0, FE, FF, ...]
PAGE KSecDD.sys!AcceptSecurityContext + 91 F72EB877 47 Bytes JMP AB747F7E
PAGE KSecDD.sys!AcceptSecurityContext + C1 F72EB8A7 56 Bytes [F8, 50, 89, 75, 08, E8, FB, ...]
PAGE ...
PAGE KSecDD.sys!ExportSecurityContext + 2 F72EBD38 38 Bytes [75, 0C, FF, 72, 04, FF, 50, ...]
PAGE KSecDD.sys!ExportSecurityContext + 29 F72EBD5F 78 Bytes [83, 3D, A8, 83, 2E, F7, 00, ...]
PAGE KSecDD.sys!ImportSecurityContextW + 34 F72EBDAE 32 Bytes [55, F8, 89, 11, EB, 05, B8, ...]
PAGE KSecDD.sys!ImportSecurityContextW + 55 F72EBDCF 134 Bytes [03, 56, 57, 33, D2, BF, 00, ...]
PAGE KSecDD.sys!ImportSecurityContextW + DD F72EBE57 28 Bytes [08, 89, 4D, DC, 8B, 4B, 0C, ...]
PAGE KSecDD.sys!ImportSecurityContextW + FA F72EBE74 8 Bytes [45, D8, 89, 7D, CC, 89, 75, ...]
PAGE KSecDD.sys!ImportSecurityContextW + 103 F72EBE7D 57 Bytes [55, F0, 89, 55, F4, 8D, 5D, ...]
PAGE ...
PAGE KSecDD.sys!SecMakeSPN F72EC1C0 5 Bytes [CC, CC, CC, CC, 8B]
PAGE KSecDD.sys!SecMakeSPN + 6 F72EC1C6 25 Bytes [55, 8B, EC, 83, EC, 24, A1, ...]
PAGE KSecDD.sys!SecMakeSPN + 20 F72EC1E0 118 Bytes [F2, 07, 00, 00, 85, C0, 74, ...]
PAGE KSecDD.sys!SecMakeSPN + 97 F72EC257 65 Bytes [FF, 55, 8B, EC, 83, EC, 20, ...]
PAGE KSecDD.sys!SecMakeSPN + 135 F72EC2F5 37 Bytes [33, 4D, F4, 89, 4D, FC, EB, ...]
PAGE ...
PAGEMSG KSecDD.sys!QuerySecurityContextToken + 2 F72EE0CA 12 Bytes [50, 10, EB, 05, B8, 01, 03, ...] {PUSH EAX; ADC BL, CH; ADD EAX, 0x90301b8; SBB BYTE [EBP-0x3e], 0x10}
PAGEMSG KSecDD.sys!QuerySecurityContextToken + F F72EE0D7 110 Bytes [CC, CC, CC, CC, CC, 8B, FF, ...]
PAGEMSG KSecDD.sys!QueryContextAttributesW + 1E F72EE146 54 Bytes [04, 88, FF, 75, 10, FF, 75, ...]
PAGEMSG KSecDD.sys!QueryContextAttributesW + 55 F72EE17D 20 Bytes [0A, 3B, 0D, A4, 83, 2E, F7, ...]
PAGEMSG KSecDD.sys!QueryContextAttributesW + 6A F72EE192 57 Bytes [FF, 72, 04, FF, 50, 1C, EB, ...]
PAGEMSG KSecDD.sys!MakeSignature + 34 F72EE1CC 85 Bytes [8B, 0D, 30, 74, 2E, F7, 53, ...]
PAGEMSG KSecDD.sys!SealMessage + 2 F72EE222 10 Bytes [85, C0, 89, 45, 08, 7C, 14, ...] {TEST EAX, EAX; MOV [EBP+0x8], EAX; JL 0x1b; CMP EBX, 0xc}
PAGEMSG KSecDD.sys!SealMessage + D F72EE22D 8 Bytes [1D, 8B, 0E, 8B, 45, 10, 89, ...]
PAGEMSG KSecDD.sys!SealMessage + 16 F72EE236 7 Bytes [4E, 04, 89, 48, 04, EB, 0E] {DEC ESI; ADD AL, 0x89; DEC EAX; ADD AL, 0xeb; PUSH CS}
PAGEMSG KSecDD.sys!SealMessage + 1E F72EE23E 38 Bytes [FB, 0C, 75, 09, 6A, 00, 57, ...]
PAGEMSG KSecDD.sys!UnsealMessage + 1 F72EE265 33 Bytes [46, 10, 32, DB, 83, 38, 00, ...]
PAGEMSG KSecDD.sys!UnsealMessage + 23 F72EE287 32 Bytes [4E, 08, 75, 02, B3, 01, 8A, ...]
PAGEMSG KSecDD.sys!UnsealMessage + 44 F72EE2A8 31 Bytes [CC, CC, CC, CC, 8B, FF, 55, ...]
PAGEMSG KSecDD.sys!UnsealMessage + 64 F72EE2C8 102 Bytes [4D, 08, 8D, 46, 04, 89, 0E, ...]
PAGEMSG KSecDD.sys!UnsealMessage + CB F72EE32F 4 Bytes [01, 89, 4E, 04]
PAGEMSG ...

---- User code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\lsass.exe[1164] C:\WINDOWS\system32\LSASRV.dll image checksum mismatch; time/date stamp mismatch; unknown module: NTDSA.dllunknown module: DNSAPI.dllunknown module: CRYPTUI.dllunknown module: certcli.dllunknown module: PAUTOENR.dllunknown module: MPR.dllunknown module: MSASN1.dllunknown module: NTDSAPI.dll

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ksecdd.sys!AcquireCredentialsHandleW] [F72EAEE8] KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ksecdd.sys!SecMakeSPN] [F72EC196] KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ksecdd.sys!FreeCredentialsHandle] [F72EB05A] KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ksecdd.sys!DeleteSecurityContext] [F72EB4C4] KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ksecdd.sys!InitializeSecurityContextW] [F72EB578] KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ksecdd.sys!FreeContextBuffer] [F72EB52A] KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ksecdd.sys!QueryContextAttributesW] [F72EE028] KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ksecdd.sys!QueryContextAttributesW] [F72EE028] KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ksecdd.sys!FreeContextBuffer] [F72EB52A] KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ksecdd.sys!ImpersonateSecurityContext] [F72EDF44] KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ksecdd.sys!DeleteSecurityContext] [F72EB4C4] KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ksecdd.sys!AcquireCredentialsHandleW] [F72EAEE8] KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ksecdd.sys!AddCredentialsW] [F72EAFEE] KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ksecdd.sys!AcceptSecurityContext] [F72EB7BC] KSecDD.sys (Kernel Security Support Provider Interface/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!SearchPathW] [7C80AA36] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!TlsAlloc] [7C80E77C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!RaiseException] [7C812E3F] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!QueueUserWorkItem] [7C812AA9] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!CreateTimerQueueTimer] [7C830A6A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!RegisterWaitForSingleObjectEx] [7C82117D] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!DeleteTimerQueueTimer] [7C82B086] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!UnregisterWaitEx] [7C821130] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!WaitForSingleObjectEx] [7C83006A] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!MapViewOfFileEx] [7C90FF2D] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!VirtualAllocEx] [7C80B936] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!lstrcmpiW] [7C809B12] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!NtDeviceIoControlFile] [7C914ED9] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!RtlCopyUnicodeString] [7C925C82] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!RtlCreateHeap] [7C90D51E] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!NtMapViewOfSection] [7C90DF0E] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!NtUnmapViewOfSection] [7C9264EE] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!RtlDestroyHeap] [7C9100C4] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!RtlAllocateHeap] [7C90120E] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!DbgBreakPoint] [7C90D60E] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!NtOpenProcessToken] [7C90D92E] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!NtQuerySystemInformation] [7C90D6DE] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!NtPrivilegedServiceAuditAlarm] [7C90D6BE] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!NtPrivilegeCheck] [7C90D5FE] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!NtOpenProcess] [7C90D65E] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!NtOpenThread] [7C90D7FE] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!NtQueryInformationProcess] [7C90DFAE] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!NtWriteVirtualMemory] [7C90D9FE] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!NtReadVirtualMemory] [7C90D3FE] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!NtImpersonateClientOfPort] [7C929DA7] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!RtlImpersonateSelf] [7C90DF4E] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!NtWaitForSingleObject] [7C90DC8E] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!NtSetInformationObject] [7C90DCBE] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!NtSetInformationToken] [7C90D2AE] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!NtDuplicateToken] [7C91314C] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!RtlCopyLuid] [7C90D96E] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!NtQueryValueKey] [7C90D5CE] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!NtOpenKey] [7C90D27E] C:\WINDOWS\system32\ntdll.dll (NT Layer DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\SAMSRV.dll [LSASRV.dll!LsarQueryInformationPolicy] [757388E1] C:\WINDOWS\system32\LSASRV.dll (LSA Server DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\SAMSRV.dll [LSASRV.dll!LsaIFree_LSAPR_POLICY_INFORMATION] [7573F3FE] C:\WINDOWS\system32\LSASRV.dll (LSA Server DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\SAMSRV.dll [LSASRV.dll!LsaIHealthCheck] [75746004] C:\WINDOWS\system32\LSASRV.dll (LSA Server DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\SAMSRV.dll [LSASRV.dll!LsaIGetBootOption] [75797D4E] C:\WINDOWS\system32\LSASRV.dll (LSA Server DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\SAMSRV.dll [LSASRV.dll!LsaISetBootOption] [75797C1F] C:\WINDOWS\system32\LSASRV.dll (LSA Server DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\SAMSRV.dll [LSASRV.dll!LsaIChangeSecretCipherKey] [7578EDAA] C:\WINDOWS\system32\LSASRV.dll (LSA Server DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\SAMSRV.dll [LSASRV.dll!LsaILookupWellKnownName] [7579ED57] C:\WINDOWS\system32\LSASRV.dll (LSA Server DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\SAMSRV.dll [LSASRV.dll!LsarSetInformationPolicy] [7574853C] C:\WINDOWS\system32\LSASRV.dll (LSA Server DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\SAMSRV.dll [LSASRV.dll!LsaIRegisterPolicyChangeNotificationCallback] [7573EC5A] C:\WINDOWS\system32\LSASRV.dll (LSA Server DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\SAMSRV.dll [LSASRV.dll!LsaISafeMode] [75745BC2] C:\WINDOWS\system32\LSASRV.dll (LSA Server DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\SAMSRV.dll [LSASRV.dll!LsaISamIndicatedDsStarted] [7579E6C7] C:\WINDOWS\system32\LSASRV.dll (LSA Server DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\SAMSRV.dll [LSASRV.dll!LsaIQueryInformationPolicyTrusted] [75745B47] C:\WINDOWS\system32\LSASRV.dll (LSA Server DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\SAMSRV.dll [LSASRV.dll!LsaIAuditSamEvent] [757866B5] C:\WINDOWS\system32\LSASRV.dll (LSA Server DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\SAMSRV.dll [LSASRV.dll!LsaIAuditNotifyPackageLoad] [75745E6D] C:\WINDOWS\system32\LSASRV.dll (LSA Server DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\SAMSRV.dll [LSASRV.dll!LsaISetSerialNumberPolicy] [7579CC13] C:\WINDOWS\system32\LSASRV.dll (LSA Server DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\SAMSRV.dll [LSASRV.dll!LsaINotifyChangeNotification] [7574AE92] C:\WINDOWS\system32\LSASRV.dll (LSA Server DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\SAMSRV.dll [LSASRV.dll!LsarClose] [7573759C] C:\WINDOWS\system32\LSASRV.dll (LSA Server DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\SAMSRV.dll [LSASRV.dll!LsaIOpenPolicyTrusted] [75745C04] C:\WINDOWS\system32\LSASRV.dll (LSA Server DLL/Microsoft Corporation)
IAT C:\WINDOWS\system32\lsass.exe[1164] @ C:\WINDOWS\system32\SAMSRV.dll [LSASRV.dll!LsaIRegisterNotification] [75743C49] C:\WINDOWS\system32\LSASRV.dll (LSA Server DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies )

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272b00026
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272b00026@0022a9a931cd 0xBD 0x67 0x40 0xAA ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000272b00026 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000272b00026@0022a9a931cd 0xBD 0x67 0x40 0xAA ...

---- EOF - GMER 1.0.15 ----

Edited by Necropod, 08 November 2009 - 06:15 PM.


#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:58 AM

Posted 08 November 2009 - 08:37 PM

I know you stated in your first post that you had run MBAM, but that was over a week ago an MBAM would have had a few updates since then
and you could have picked up other malware, that is why I like to see a new and updated log.


Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#7 Necropod

Necropod
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:58 AM

Posted 09 November 2009 - 04:08 PM

MALWAREBYTES ANTI-MALWARE: UPDATE COMPLETE.............CURRENTLY SCANNING.........


I did disable the Antivirus as best i could as task manager wasnt working and for some reason AVG decided it was a brilliant idea to make it a pain in the arse to disable their antivirus (no simple exit or close, you have to turn everthing off manually)........i kept the firewall on as a precaution.

I have posted the results of COMBOFIX below, whatever it did my task manager and ALT+F4 appears to be working now?? any chance you could please isolate what the problem actually was?

Was this the problem? -----> c:\windows\kb913800.exe


--------------------------------------------------------------------------------------------------------------------------------------

ComboFix 09-11-08.03 - sara 09/11/2009 20:14.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.487 [GMT 0:00]
Running from: c:\documents and settings\sara.JOYCE\Desktop\ComboFix.exe
AV: AVG Internet Security 3-pack *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\sara.JOYCE\Application Data\Microsoft\dtPaper
c:\documents and settings\sara.JOYCE\Application Data\Microsoft\dtPaper\1.html
c:\documents and settings\sara.JOYCE\Application Data\Microsoft\dtPaper\cfg.msg
c:\documents and settings\sara.JOYCE\Application Data\Microsoft\dtPaper\tmp.bmp
c:\recycler\S-1-5-21-4170393032-940445385-1204758502-1005
c:\recycler\S-1-5-21-4170393032-940445385-1204758502-1006
c:\recycler\S-1-5-21-4170393032-940445385-1204758502-1007
c:\recycler\S-1-5-21-4170393032-940445385-1204758502-1008
c:\windows\kb913800.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-10-09 to 2009-11-09 )))))))))))))))))))))))))))))))
.

2009-11-09 17:55 . 2009-10-28 15:59 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2009-11-09 17:53 . 2009-10-28 15:58 610072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2009-11-09 17:53 . 2009-10-28 15:58 1657112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-11-06 20:07 . 2009-11-06 20:08 -------- d-----w- C:\rsit
2009-11-06 19:48 . 2008-04-14 05:42 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-11-06 19:48 . 2001-08-17 22:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-11-06 19:48 . 2008-04-14 05:42 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-11-06 19:48 . 2001-08-17 22:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-11-06 19:47 . 2001-08-17 22:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-11-06 19:46 . 2001-08-17 22:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2009-11-06 19:46 . 2001-08-17 12:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-11-06 19:46 . 2008-04-13 22:04 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-11-06 19:45 . 2008-04-14 00:16 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2009-11-06 19:45 . 2008-04-13 22:04 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-11-06 19:45 . 2008-04-14 12:42 221184 ----a-w- c:\windows\system32\dllcache\wmpns.dll
2009-11-06 19:43 . 2008-04-13 22:05 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2009-11-06 19:43 . 2001-08-17 12:12 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2009-11-06 19:43 . 2001-08-17 13:28 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2009-11-06 19:42 . 2001-08-17 22:36 53760 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll
2009-11-06 19:42 . 2001-08-17 22:36 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2009-11-06 19:42 . 2006-03-15 20:00 31232 ----a-w- c:\windows\system32\dllcache\weitekp9.sys
2009-11-06 19:42 . 2006-03-15 20:00 41600 ----a-w- c:\windows\system32\dllcache\weitekp9.dll
2009-11-06 19:42 . 2008-04-14 00:15 31744 ----a-w- c:\windows\system32\dllcache\wceusbsh.sys
2009-11-06 19:42 . 2008-04-13 22:04 23615 ----a-w- c:\windows\system32\dllcache\wch7xxnt.sys
2009-11-06 19:42 . 2001-08-17 13:28 701386 ----a-w- c:\windows\system32\dllcache\wdhaalba.sys
2009-11-06 19:42 . 2001-08-17 12:10 35871 ----a-w- c:\windows\system32\dllcache\wbfirdma.sys
2009-11-06 19:40 . 2001-08-17 13:28 64605 ----a-w- c:\windows\system32\dllcache\vvoice.sys
2009-11-06 19:40 . 2001-08-17 13:28 397502 ----a-w- c:\windows\system32\dllcache\vpctcom.sys
2009-11-06 19:40 . 2001-08-17 13:28 604253 ----a-w- c:\windows\system32\dllcache\vmodem.sys
2009-11-06 19:40 . 2001-08-17 12:14 249402 ----a-w- c:\windows\system32\dllcache\vinwm.sys
2009-11-06 19:40 . 2001-08-17 13:49 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys
2009-11-06 19:40 . 2008-04-14 05:42 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-11-06 19:39 . 2001-08-17 13:28 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2009-11-06 19:39 . 2001-08-17 13:28 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
2009-11-06 19:39 . 2001-08-17 13:28 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys
2009-11-06 19:39 . 2001-08-17 13:28 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys
2009-11-06 19:39 . 2001-08-17 13:28 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys
2009-11-06 19:39 . 2001-08-17 13:28 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2009-11-06 19:38 . 2001-08-17 13:28 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys
2009-11-06 19:38 . 2001-08-17 13:28 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys
2009-11-06 19:38 . 2008-04-14 00:15 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys
2009-11-06 19:38 . 2008-04-14 00:15 17152 ----a-w- c:\windows\system32\dllcache\usbohci.sys
2009-11-06 19:38 . 2008-04-14 00:15 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-11-06 19:38 . 2008-04-13 22:05 32384 ----a-w- c:\windows\system32\dllcache\usb101et.sys
2009-11-06 19:38 . 2001-08-17 22:36 94720 ----a-w- c:\windows\system32\dllcache\umaxud32.dll
2009-11-06 19:38 . 2001-08-17 22:36 28160 ----a-w- c:\windows\system32\dllcache\umaxu40.dll
2009-11-06 19:38 . 2001-08-17 22:36 26624 ----a-w- c:\windows\system32\dllcache\umaxu22.dll
2009-11-06 19:37 . 2001-08-17 22:36 69632 ----a-w- c:\windows\system32\dllcache\umaxu12.dll
2009-11-06 19:37 . 2001-08-17 22:36 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll
2009-11-06 19:37 . 2001-08-17 13:58 22912 ----a-w- c:\windows\system32\dllcache\umaxpcls.sys
2009-11-06 19:37 . 2001-08-17 22:36 50176 ----a-w- c:\windows\system32\dllcache\umaxp60.dll
2009-11-06 19:37 . 2001-08-17 22:36 47616 ----a-w- c:\windows\system32\dllcache\umaxcam.dll
2009-11-06 19:37 . 2001-08-17 22:36 211968 ----a-w- c:\windows\system32\dllcache\um54scan.dll
2009-11-06 19:37 . 2001-08-17 22:36 216064 ----a-w- c:\windows\system32\dllcache\um34scan.dll
2009-11-06 19:37 . 2001-08-17 13:48 11520 ----a-w- c:\windows\system32\dllcache\twotrack.sys
2009-11-06 19:36 . 2006-03-15 20:00 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe
2009-11-06 19:36 . 2001-08-17 12:51 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2009-11-06 19:36 . 2001-08-17 22:36 525568 ----a-w- c:\windows\system32\dllcache\tridxp.dll
2009-11-06 19:36 . 2001-08-17 12:51 159232 ----a-w- c:\windows\system32\dllcache\tridkbm.sys
2009-11-06 19:36 . 2001-08-17 14:56 440576 ----a-w- c:\windows\system32\dllcache\tridkb.dll
2009-11-06 19:36 . 2001-08-17 12:51 222336 ----a-w- c:\windows\system32\dllcache\trid3dm.sys
2009-11-06 19:36 . 2001-08-17 14:56 315520 ----a-w- c:\windows\system32\dllcache\trid3d.dll
2009-11-06 19:35 . 2001-08-17 12:12 34375 ----a-w- c:\windows\system32\dllcache\tpro4.sys
2009-11-06 19:35 . 2001-08-17 22:35 42496 ----a-w- c:\windows\system32\dllcache\tp4res.dll
2009-11-06 19:35 . 2008-04-14 05:42 82944 ----a-w- c:\windows\system32\dllcache\tp4mon.exe
2009-11-06 19:35 . 2001-08-17 22:36 31744 ----a-w- c:\windows\system32\dllcache\tp4.dll
2009-11-06 19:35 . 2001-08-17 14:02 230912 ----a-w- c:\windows\system32\dllcache\tosdvd03.sys
2009-11-06 19:35 . 2001-08-17 14:01 241664 ----a-w- c:\windows\system32\dllcache\tosdvd02.sys
2009-11-06 19:35 . 2001-08-17 12:10 28232 ----a-w- c:\windows\system32\dllcache\tos4mo.sys
2009-11-06 19:35 . 2001-08-17 12:14 123995 ----a-w- c:\windows\system32\dllcache\tjisdn.sys
2009-11-06 19:34 . 2001-08-17 12:51 138528 ----a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2009-11-06 19:34 . 2001-08-17 14:56 81408 ----a-w- c:\windows\system32\dllcache\tgiul50.dll
2009-11-06 19:34 . 2008-04-14 00:10 149376 ----a-w- c:\windows\system32\dllcache\tffsport.sys
2009-11-06 19:34 . 2006-03-15 20:00 19464 ----a-w- c:\windows\system32\dllcache\tdspx.sys
2009-11-06 19:34 . 2001-08-17 12:13 17129 ----a-w- c:\windows\system32\dllcache\tdkcd31.sys
2009-11-06 19:34 . 2006-03-15 20:00 21896 ----a-w- c:\windows\system32\dllcache\tdipx.sys
2009-11-06 19:34 . 2001-08-17 12:13 37961 ----a-w- c:\windows\system32\dllcache\tdk100b.sys
2009-11-06 19:34 . 2006-03-15 20:00 13192 ----a-w- c:\windows\system32\dllcache\tdasync.sys
2009-11-06 19:34 . 2001-08-17 13:49 30464 ----a-w- c:\windows\system32\dllcache\tbatm155.sys
2009-11-06 19:33 . 2001-08-17 13:52 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys
2009-11-06 19:33 . 2001-08-17 12:50 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys
2009-11-06 19:33 . 2001-08-17 14:56 172768 ----a-w- c:\windows\system32\dllcache\t2r4disp.dll
2009-11-06 19:33 . 2001-08-17 22:36 94293 ----a-w- c:\windows\system32\dllcache\sxports.dll
2009-11-06 19:33 . 2001-08-17 13:50 103936 ----a-w- c:\windows\system32\dllcache\sx.sys
2009-11-06 19:33 . 2001-08-17 14:02 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys
2009-11-06 19:32 . 2001-08-17 22:36 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll
2009-11-06 19:32 . 2001-08-17 22:36 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll
2009-11-06 19:32 . 2001-08-17 22:36 53760 ----a-w- c:\windows\system32\dllcache\sw_wheel.dll
2009-11-06 19:32 . 2001-08-17 22:36 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll
2009-11-06 19:32 . 2008-04-14 00:16 15232 ----a-w- c:\windows\system32\dllcache\streamip.sys
2009-11-06 19:32 . 2001-08-17 22:36 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll
2009-11-06 19:32 . 2001-08-17 22:36 53248 ----a-w- c:\windows\system32\dllcache\stlncoin.dll
2009-11-06 19:32 . 2001-08-17 12:18 285760 ----a-w- c:\windows\system32\dllcache\stlnata.sys
2009-11-06 19:31 . 2001-08-17 13:51 16896 ----a-w- c:\windows\system32\dllcache\stcusb.sys
2009-11-06 19:31 . 2006-03-15 20:00 16896 ----a-w- c:\windows\system32\dllcache\status.dll
2009-11-06 19:31 . 2001-08-17 12:11 48736 ----a-w- c:\windows\system32\dllcache\srwlnd5.sys
2009-11-06 19:31 . 2001-08-17 22:36 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2009-11-06 19:31 . 2006-03-15 20:00 101376 ----a-w- c:\windows\system32\dllcache\srusbusd.dll
2009-11-06 19:31 . 2001-08-17 22:36 24660 ----a-w- c:\windows\system32\dllcache\spxupchk.dll
2009-11-06 19:30 . 2001-08-17 13:51 61824 ----a-w- c:\windows\system32\dllcache\speed.sys
2009-11-06 19:30 . 2001-08-17 22:36 106584 ----a-w- c:\windows\system32\dllcache\spdports.dll
2009-11-06 19:30 . 2001-08-17 13:56 7552 ----a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-11-06 19:30 . 2001-08-17 12:51 37040 ----a-w- c:\windows\system32\dllcache\sonypi.sys
2009-11-06 19:30 . 2001-08-17 22:36 114688 ----a-w- c:\windows\system32\dllcache\sonypi.dll
2009-11-06 19:30 . 2001-08-17 12:51 20752 ----a-w- c:\windows\system32\dllcache\sonync.sys
2009-11-06 19:30 . 2001-08-17 13:53 9600 ----a-w- c:\windows\system32\dllcache\sonymc.sys
2009-11-06 19:30 . 2008-04-14 00:10 7552 ----a-w- c:\windows\system32\dllcache\sonyait.sys
2009-11-06 19:30 . 2006-03-15 20:00 143422 ----a-w- c:\windows\system32\dllcache\softkey.dll
2009-11-06 19:30 . 2001-08-17 22:36 7168 ----a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll
2009-11-06 19:30 . 2001-08-17 13:53 7040 ----a-w- c:\windows\system32\dllcache\snyaitmc.sys
2009-11-06 19:29 . 2006-03-15 20:00 10240 ----a-w- c:\windows\system32\dllcache\snmpstup.dll
2009-11-06 19:29 . 2001-08-17 22:36 12288 ----a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll
2009-11-06 19:29 . 2006-03-15 20:00 5632 ----a-w- c:\windows\system32\dllcache\smimsgif.dll
2009-11-06 19:29 . 2001-08-17 12:51 58368 ----a-w- c:\windows\system32\dllcache\smiminib.sys
2009-11-06 19:29 . 2006-03-15 20:00 5632 ----a-w- c:\windows\system32\dllcache\smierrsy.dll
2009-11-06 19:29 . 2006-03-15 20:00 15872 ----a-w- c:\windows\system32\dllcache\smierrsm.dll
2009-11-06 19:29 . 2001-08-17 14:56 147200 ----a-w- c:\windows\system32\dllcache\smidispb.dll
2009-11-06 19:29 . 2001-08-17 12:12 25034 ----a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2009-11-06 19:27 . 2008-04-13 22:05 63547 ----a-w- c:\windows\system32\dllcache\sla30nd5.sys
2009-11-06 19:27 . 2001-08-17 12:12 91294 ----a-w- c:\windows\system32\dllcache\skfpwin.sys
2009-11-06 19:27 . 2001-08-17 12:12 94698 ----a-w- c:\windows\system32\dllcache\sk98xwin.sys
2009-11-06 19:27 . 2001-08-17 14:56 157696 ----a-w- c:\windows\system32\dllcache\sisv256.dll
2009-11-06 19:27 . 2001-08-17 12:50 50432 ----a-w- c:\windows\system32\dllcache\sisv.sys
2009-11-06 19:27 . 2008-04-13 22:05 32768 ----a-w- c:\windows\system32\dllcache\sisnic.sys
2009-11-06 19:27 . 2001-08-17 22:36 238592 ----a-w- c:\windows\system32\dllcache\sisgrv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-09 18:54 . 2006-09-12 03:42 59200 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-29 17:29 . 2006-06-29 18:43 92087 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-29 10:58 . 2006-12-01 23:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-28 23:05 . 2009-05-10 21:58 5354 ----a-w- c:\documents and settings\sara.JOYCE\Application Data\wklnhst.dat
2009-10-28 18:42 . 2006-09-12 04:10 -------- d-----w- c:\program files\RGB
2009-10-28 15:00 . 2009-10-28 14:43 6740 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-28 15:00 . 2009-10-28 14:43 2012 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-10-28 14:53 . 2008-04-13 18:21 -------- d-----w- c:\program files\ColorFun
2009-10-28 14:35 . 2006-12-01 23:55 -------- d-----w- c:\program files\WinASO
2009-10-28 14:11 . 2006-09-12 04:36 -------- d-----w- c:\program files\NetWaiting
2009-10-28 14:11 . 2006-09-12 10:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-28 14:07 . 2007-11-24 12:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-28 12:30 . 2009-06-03 11:48 -------- d-sh--w- c:\documents and settings\All Users\Application Data\306f0fa
2009-10-24 09:05 . 2009-03-18 21:59 -------- d-----w- c:\program files\AVG
2009-10-24 09:04 . 2006-09-12 04:22 -------- d-----w- c:\program files\Google
2009-10-24 08:16 . 2009-10-24 08:15 59200 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-24 08:16 . 2009-10-24 08:15 128 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\fusioncache.dat
2009-09-25 05:37 . 2009-09-25 05:37 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-11 14:18 . 2006-03-16 04:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2006-03-16 04:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2006-03-16 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:16 . 2006-03-16 04:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2007-08-23 17:06 . 2007-08-23 17:05 36647 ----a-w- c:\program files\DeIsL1.isu
2006-12-23 07:06 . 2006-12-23 07:06 251 ----a-w- c:\program files\wt3d.ini
2006-12-02 02:44 . 2006-12-01 19:44 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-10-16 12:13 1115392 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-31 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-06-23 102400]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-02 135168]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-09 2016536]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-01 198160]
"MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2008-04-14 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-06-02 61952]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Sara\Start Menu\Programs\Startup\
GSP Menu.lnk - c:\program files\GSP\GSPMENU.EXE [2007-8-23 12800]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2005-1-26 1074176]

c:\documents and settings\Donna\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-28 15:59 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [28/10/2009 15:59 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [28/10/2009 15:59 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [28/10/2009 15:59 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [28/10/2009 15:59 360584]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [28/10/2009 15:58 906520]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [28/10/2009 15:58 285392]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [09/11/2009 17:54 2304192]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [28/10/2009 15:54 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [28/10/2009 15:58 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [28/10/2009 15:58 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [28/10/2009 15:58 25736]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [28/10/2009 15:58 5832712]
S2 gupdate1c9e29c17a2d936;Google Update Service (gupdate1c9e29c17a2d936);c:\program files\Google\Update\GoogleUpdate.exe [01/06/2009 09:33 133104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [28/10/2009 15:54 30104]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 09:33]

2009-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-01 09:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-09 20:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????[??????`?@?????L?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-11-09 20:37
ComboFix-quarantined-files.txt 2009-11-09 20:37

Pre-Run: 13,742,931,968 bytes free
Post-Run: 14,126,678,016 bytes free

- - End Of File - - 1C91C08A91103BB2841882A803C0DC63

#8 Necropod

Necropod
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:58 AM

Posted 09 November 2009 - 06:43 PM

The results of the Malwarebytes Anti-Malware:

Malwarebytes' Anti-Malware 1.41
Database version: 3134
Windows 5.1.2600 Service Pack 3

09/11/2009 23:41:01
mbam-log-2009-11-09 (23-41-01).txt

Scan type: Full Scan (C:\|)
Objects scanned: 318928
Time elapsed: 1 hour(s), 52 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#9 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:58 AM

Posted 10 November 2009 - 03:19 PM

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\documents and settings\All Users\Application Data\306f0fa
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=-

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

unite.jpg


#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:58 AM

Posted 15 November 2009 - 06:34 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users