Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Blocked, Must system restore and clean each time


  • This topic is locked This topic is locked
14 replies to this topic

#1 macman104

macman104

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 31 January 2010 - 05:34 AM

I picked up a virus, not sure from where, and got a popup for a fake anti-virus software. I shut that down, and went into safe mode to scan with malware-bytes to hopefully remove the infection. Booted into safemode with networking so I could make sure mwbytes was up-to-date but couldn't connect to the internet. I was able to clean the infection, mwbytes found at that time:

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jcbwwxde (Trojan.FakeAlert.N) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jcbwwxde (Trojan.FakeAlert.N) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Josh\Local Settings\Temp\e.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Thinking it was gone, I moved on, but found my internet would not connect. My iphone could connect to the wireless network, and so could everyone else in my house. Finally, after mwbytes scans and trying to figure out the cause, I performed a system restore and things were fine. Then the next day, same thing, scans showed nothing, but upon system restore it worked again.

I wonder if there is something deeper that mwbytes can't find. I got it working right now, so I created a restore point, and turned off/on system restore, because I know sometimes and infection can reside there as well. I just rebuilt this computer after a very stubborn infection, so I would just like to make sure it is actually 100% clean right now.

Thank you for your time.

DDS.txt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~```

DDS (Ver_09-12-01.01) - NTFSx86
Run by Josh at 4:16:05.67 on Sun 01/31/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3062.2379 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Documents and Settings\Josh\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Josh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Josh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Documents and Settings\Josh\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = hxxp://search.dell.com/index.aspx
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\josh\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [UltraMon] "c:\program files\ultramon\UltraMon.exe" /auto
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
uPolicies-explorer: NoSMHelp = 01000000
uPolicies-explorer: NoSMMyPictures = 01000000
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-23 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-23 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-23 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-1-23 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-1-23 285392]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2006-9-24 11776]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2009-12-1 119296]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [2006-9-24 3584]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

=============== Created Last 30 ================

2010-01-31 10:12:59 86016 ----a-w- c:\windows\unvise32.exe
2010-01-31 10:12:49 0 d-----w- C:\DYADGames
2010-01-31 07:11:53 0 d-----w- c:\windows\system32\wbem\Repository
2010-01-26 23:13:54 0 d-----w- C:\DYADGames(2)
2010-01-26 22:43:01 0 d-----w- c:\program files\WinLemm
2010-01-24 20:32:30 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2010-01-24 10:36:22 7477 ----a-w- c:\windows\system32\novao5.ctm
2010-01-24 10:36:13 98304 ----a-w- c:\windows\system32\tsccvid.dll
2010-01-24 10:36:03 0 d-----w- c:\docume~1\alluse~1\applic~1\StatSoft
2010-01-24 10:35:07 0 d-----w- c:\program files\StatSoft
2010-01-24 10:34:28 327680 ----a-w- c:\windows\system32\pythoncom25.dll
2010-01-24 10:34:28 102400 ----a-w- c:\windows\system32\pywintypes25.dll
2010-01-24 10:33:59 0 d-----w- C:\Python25
2010-01-24 10:33:42 0 d-----w- c:\program files\Mestrelab Research S.L
2010-01-24 10:26:00 0 d-----w- c:\docume~1\alluse~1\applic~1\CambridgeSoft
2010-01-24 10:19:53 0 d-----w- c:\program files\CambridgeSoft
2010-01-24 10:18:24 0 d-----w- C:\CStemp
2010-01-23 23:42:50 0 d-----w- c:\program files\WinISO
2010-01-23 23:30:09 35190 ----a-w- c:\windows\scunin.dat
2010-01-23 23:30:08 967 ----a-w- c:\windows\ScUnin.pif
2010-01-23 23:30:08 94208 ----a-w- c:\windows\ScUnin.exe
2010-01-23 23:29:43 0 d-----w- c:\program files\Starcraft
2010-01-23 23:26:07 2829 ----a-w- c:\windows\War3Unin.pif
2010-01-23 23:26:07 17551 ----a-w- c:\windows\War3Unin.dat
2010-01-23 23:26:07 126976 ----a-w- c:\windows\War3Unin.exe
2010-01-23 23:20:29 0 d-----w- c:\windows\system32\XPSViewer
2010-01-23 23:19:53 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-01-23 23:19:53 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-01-23 23:19:35 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-01-23 23:19:35 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-01-23 23:19:35 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-01-23 23:19:35 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-01-23 23:19:35 117760 ------w- c:\windows\system32\prntvpt.dll
2010-01-23 23:19:34 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-01-23 23:19:34 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-01-23 23:06:14 0 d-----w- c:\program files\runewizard
2010-01-23 23:06:08 0 d-----w- c:\program files\ATMA V
2010-01-23 23:05:20 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-01-23 23:05:20 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-01-23 23:05:20 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-01-23 22:59:32 35569 ----a-w- c:\windows\DIIUnin.dat
2010-01-23 22:59:31 2829 ----a-w- c:\windows\DIIUnin.pif
2010-01-23 22:59:30 94208 ----a-w- c:\windows\DIIUnin.exe
2010-01-23 22:53:30 0 d-----w- c:\program files\Diablo II
2010-01-23 22:47:14 0 d-----w- c:\program files\common files\Thomson ResearchSoft
2010-01-23 22:43:33 0 d-----w- c:\program files\common files\Risxtd
2010-01-23 22:42:41 0 d-----w- c:\program files\EndNote X1
2010-01-23 22:40:13 0 d-----w- c:\program files\Wisdom-soft AutoScreenRecorder 3 Free
2010-01-23 22:37:18 0 d-----w- c:\docume~1\josh\applic~1\avidemux
2010-01-23 22:36:59 0 d-----w- c:\program files\Avidemux 2.5
2010-01-23 22:33:55 0 d-----w- c:\program files\VirtualDub-1.9.8
2010-01-23 22:29:24 36 ----a-w- c:\documents and settings\josh\.org.eclipse.epp.usagedata.recording.userId
2010-01-23 22:29:01 36 ----a-w- c:\documents and settings\josh\.com.yoxos.update.fingerprint
2010-01-23 22:25:54 0 d-----w- c:\documents and settings\josh\Java
2010-01-23 22:08:36 0 d-----w- c:\program files\Eclipse
2010-01-23 22:06:53 0 d-----w- c:\program files\VCD Gear
2010-01-23 21:51:28 0 d-----w- c:\program files\OriginLab
2010-01-23 21:44:15 0 d-----w- c:\program files\Lemmings
2010-01-23 21:11:02 0 d-----w- c:\program files\EnvMan
2010-01-23 21:07:54 266360 ----a-w- c:\windows\system32\TweakUI.exe
2010-01-23 21:07:54 160217 ----a-w- c:\windows\system32\PowerToysLicense.rtf
2010-01-23 21:07:06 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2010-01-23 21:07:05 609824 ----a-w- c:\windows\system32\comctl32.ocx
2010-01-23 21:07:05 36864 ----a-w- c:\windows\system32\trayicon_handler.ocx
2010-01-23 21:07:05 28672 ----a-w- c:\windows\system32\mousewheel.ocx
2010-01-23 21:07:05 164144 ----a-w- c:\windows\system32\comct232.ocx
2010-01-23 21:07:04 212240 ----a-w- c:\windows\system32\richtx32.ocx
2010-01-23 21:07:04 0 d-----w- c:\program files\DVD Flick
2010-01-23 21:04:11 0 d-----w- c:\windows\pss
2010-01-23 21:03:33 0 d-----w- c:\program files\CCleaner
2010-01-23 20:45:00 0 d-----w- c:\program files\common files\Macrovision Shared
2010-01-23 20:44:45 0 d-----w- c:\program files\Rosetta Stone
2010-01-23 20:44:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Rosetta Stone
2010-01-23 20:40:21 0 d--h--w- C:\$AVG
2010-01-23 20:40:12 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-23 20:40:11 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-23 20:40:06 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-23 20:40:03 0 d-----w- c:\windows\system32\drivers\Avg
2010-01-23 20:39:51 0 d-----w- c:\program files\AVG
2010-01-23 20:39:50 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-01-23 20:31:45 0 d-----w- c:\docume~1\josh\applic~1\TextPad
2010-01-23 20:31:40 0 d-----w- c:\program files\TextPad 4
2010-01-23 20:30:56 0 d-----w- c:\program files\Wisdom-soft ScreenHunter 5 Free
2010-01-23 20:28:27 0 d-----w- c:\docume~1\alluse~1\applic~1\WEBREG
2010-01-23 20:27:52 0 d-----w- c:\program files\Yahoo!
2010-01-23 20:24:28 118272 ----a-w- c:\windows\system32\hpz3l696.dll
2010-01-23 20:23:51 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2010-01-23 20:23:51 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2010-01-23 20:11:42 271704 ----a-w- c:\windows\system32\hpzids01.dll
2010-01-23 20:11:40 974848 ----a-w- c:\windows\system32\hpost_p01a.dll
2010-01-23 20:11:40 737280 ----a-w- c:\windows\system32\hposwia_p01a.dll
2010-01-23 20:11:40 372736 ----a-w- c:\windows\system32\hppldcoi.dll
2010-01-23 20:11:40 307200 ----a-w- c:\windows\system32\hposc_p01a.dll
2010-01-23 20:11:37 0 d-----w- c:\program files\common files\HP
2010-01-23 20:11:36 0 d-----w- c:\program files\common files\Hewlett-Packard
2010-01-23 20:11:18 0 d-----w- c:\program files\HP
2010-01-23 20:11:15 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-01-23 20:11:15 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-01-23 20:10:26 547 ------w- c:\windows\hpomdl30.dat
2010-01-23 20:10:26 150927 ----a-w- c:\windows\hpoins30.dat
2010-01-23 20:07:28 198 ----a-w- c:\documents and settings\josh\vgalusr1.vr
2010-01-23 20:07:20 271872 ----a-w- c:\windows\system32\Cxf0332b.dll
2010-01-23 20:07:20 260096 ----a-w- c:\windows\system32\Cxf0332a.dll
2010-01-23 20:07:20 25088 ----a-w- c:\windows\system32\Cxf0332c.dll
2010-01-23 20:07:19 863744 ----a-w- c:\windows\system32\Cw3245mt.dll
2010-01-23 20:07:14 118784 ----a-w- c:\windows\system32\SciFiSoft.dll
2010-01-23 20:06:57 0 d-----w- c:\program files\SFSCHLR
2010-01-23 20:05:50 0 d-----w- c:\program files\MathType
2010-01-23 20:00:24 0 d-----w- c:\program files\common files\Adobe Systems Shared
2010-01-23 13:03:37 0 d-----w- c:\program files\MSXML 4.0
2010-01-22 05:27:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-01-21 22:20:53 0 d-----w- c:\program files\common files\Config
2010-01-21 22:20:41 0 d-----w- c:\program files\common files\Inet
2010-01-21 22:16:56 0 d-----w- c:\program files\common files\AnswerWorks 5.0
2010-01-21 22:16:42 4199784 ----a-w- c:\windows\system32\cdintf400.dll
2010-01-21 22:16:24 0 d-----w- c:\program files\common files\Intuit
2010-01-21 22:16:16 0 d-----w- c:\program files\Quicken
2010-01-21 22:16:16 0 d-----w- c:\docume~1\josh\applic~1\Intuit
2010-01-21 22:16:08 120 ----a-w- c:\windows\QUICKEN.INI
2010-01-21 22:11:50 0 d-----w- c:\docume~1\alluse~1\applic~1\Intuit
2010-01-16 05:03:42 0 d-----w- c:\program files\WinSCP
2010-01-14 22:08:13 3243 ----a-w- c:\windows\system32\wbem\Outlook_01ca95661082bfcc.mof
2010-01-14 19:16:59 322048 ----a-w- c:\windows\system32\sculptapi.dll
2010-01-14 19:16:35 0 d-----w- c:\program files\CrossFire Commander 7.1
2010-01-14 10:59:17 0 d-----w- c:\program files\Unlocker
2010-01-14 10:51:21 32 ----a-w- c:\windows\CD_Start.INI
2010-01-14 09:47:53 376 ----a-w- c:\windows\ODBC.INI
2010-01-14 09:47:47 17920 ----a-w- c:\windows\system32\mdimon.dll
2010-01-14 09:46:52 0 d-----w- c:\program files\Microsoft ActiveSync
2010-01-14 09:46:17 0 d-----w- c:\windows\SHELLNEW
2010-01-14 06:50:28 36400 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-14 03:06:18 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-14 03:06:18 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-01-14 03:05:42 0 d-----w- c:\program files\iPod
2010-01-14 03:05:38 0 d-----w- c:\program files\iTunes
2010-01-14 03:05:38 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-14 03:04:34 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-01-14 03:04:34 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-01-14 02:10:14 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-01-14 02:10:13 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-01-14 02:10:13 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-01-14 02:10:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-01-14 01:00:44 0 d-----w- c:\docume~1\josh\applic~1\Realtime Soft
2010-01-14 01:00:37 0 d-----w- c:\program files\UltraMon
2010-01-14 01:00:37 0 d-----w- c:\program files\common files\Realtime Soft
2010-01-14 01:00:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Realtime Soft
2010-01-13 05:28:52 0 d-----r- c:\program files\Skype
2010-01-10 08:04:45 0 d-----w- c:\docume~1\alluse~1\applic~1\AIM
2010-01-10 08:04:41 0 d-----w- c:\program files\common files\Software Update Utility
2010-01-10 08:04:41 0 d-----w- c:\program files\AIM
2010-01-10 08:04:40 0 d-----w- c:\program files\common files\AOL
2010-01-10 08:04:32 453 ---ha-w- C:\IPH.PH
2010-01-07 22:00:29 0 d-----w- c:\program files\common files\Deterministic Networks
2010-01-07 21:57:07 1594 ----a-w- c:\windows\VPNUnInstall.MIF
2010-01-07 20:31:03 0 d-----w- c:\docume~1\josh\applic~1\Malwarebytes
2010-01-07 20:31:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 20:30:58 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 20:30:58 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 20:30:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-07 20:08:29 0 d-----r- C:\Sandbox
2010-01-07 20:07:21 2076 ----a-w- c:\windows\Sandboxie.ini
2010-01-07 20:07:15 0 d-----w- c:\program files\Sandboxie
2010-01-07 19:58:32 0 d-----w- c:\windows\Internet Logs
2010-01-07 19:58:09 125328 ----a-w- c:\windows\system32\drivers\dne2000.sys
2010-01-07 19:58:09 106768 ----a-w- c:\windows\system32\dneinobj.dll
2010-01-07 19:57:50 0 d-----w- c:\program files\Cisco Systems
2010-01-07 19:57:42 1594 ----a-w- c:\windows\VPNInstall.MIF
2010-01-07 07:24:15 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-07 07:24:10 0 d-----w- c:\program files\DAEMON Tools Lite
2010-01-07 07:23:57 0 d-----w- c:\docume~1\josh\applic~1\DAEMON Tools Lite
2010-01-07 07:23:55 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2010-01-07 07:10:37 0 d-----w- c:\program files\VideoLAN
2010-01-07 07:09:46 0 d-----w- c:\program files\uTorrent
2010-01-07 07:09:19 0 d-----w- c:\docume~1\josh\applic~1\uTorrent
2010-01-07 07:06:44 0 d-----w- c:\windows\Downloaded Installations
2010-01-07 06:52:24 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-01-07 02:40:34 0 d-----w- c:\program files\pebuilder3110a
2010-01-07 02:27:16 0 d-----w- c:\program files\Runtime Software
2010-01-07 02:20:11 306688 ----a-w- c:\windows\IsUninst.exe
2010-01-07 02:11:09 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-01-07 02:11:09 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-01-07 02:11:07 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-01-07 02:11:07 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-01-07 02:05:39 0 d-----w- c:\program files\Windows Media Connect 2
2010-01-07 02:04:39 0 d-----w- c:\windows\system32\LogFiles
2010-01-07 01:59:33 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-07 01:29:14 0 d-----w- c:\windows\system32\scripting
2010-01-07 01:29:14 0 d-----w- c:\windows\l2schemas
2010-01-07 01:29:13 0 d-----w- c:\windows\system32\en
2010-01-07 01:29:13 0 d-----w- c:\windows\system32\bits
2010-01-07 01:28:12 0 d-----w- c:\windows\ServicePackFiles
2010-01-07 01:26:32 0 d-----w- c:\windows\network diagnostic
2010-01-07 01:24:04 0 d-----w- c:\windows\EHome
2010-01-07 01:21:59 0 d-sh--w- c:\documents and settings\josh\UserData
2010-01-07 01:01:58 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-01-07 01:01:12 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-01-07 01:01:12 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-01-07 01:01:12 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-01-07 01:01:12 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-01-07 01:01:12 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-01-07 01:01:12 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-01-07 01:01:11 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-01-07 01:01:11 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-01-07 01:00:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-01-07 00:59:50 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2010-01-07 00:59:10 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-01-07 00:59:09 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-07 00:59:08 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2010-01-07 00:59:07 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-01-07 00:59:06 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-01-07 00:58:48 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-01-07 00:58:47 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-01-07 00:58:47 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-01-07 00:58:23 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-01-07 00:58:18 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-01-07 00:58:14 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-01-07 00:58:14 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-01-07 00:58:14 1206508 -c----w- c:\windows\system32\dllcache\sysmain.sdb
2010-01-07 00:57:02 56680 ----a-w- c:\windows\system32\rpcnet.exe
2010-01-07 00:57:02 56680 ----a-w- c:\windows\system32\rpcnet.dll
2010-01-07 00:53:10 0 d-----w- c:\windows\system32\PreInstall
2010-01-07 00:50:45 989952 ----a-r- c:\windows\system32\drivers\HSF_DPV.sys
2010-01-07 00:50:45 94208 ----a-r- c:\windows\system32\mdmxsdk.dll
2010-01-07 00:50:45 731136 ----a-r- c:\windows\system32\drivers\HSF_CNXT.sys
2010-01-07 00:50:45 217088 ----a-r- c:\windows\system32\UCI32M21.dll
2010-01-07 00:50:45 211200 ----a-r- c:\windows\system32\drivers\HSFHWAZL.sys
2010-01-07 00:50:45 12672 ----a-r- c:\windows\system32\drivers\mdmxsdk.sys
2010-01-07 00:50:45 0 d-----w- c:\program files\CONEXANT
2010-01-07 00:50:27 143891 ----a-w- c:\windows\system32\drivers\del1028.cty
2010-01-07 00:46:15 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-01-07 00:46:09 806912 ----a-w- c:\windows\system32\BCMLogon.dll
2010-01-07 00:44:11 0 d-----w- c:\program files\Marvell
2010-01-07 00:43:48 0 d-----w- c:\docume~1\josh\applic~1\TMP
2010-01-07 00:41:15 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-01-07 00:41:13 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2010-01-07 00:41:11 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2010-01-07 00:41:08 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2010-01-07 00:41:06 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2010-01-07 00:41:05 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2010-01-07 00:41:03 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2010-01-07 00:41:02 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2010-01-07 00:39:54 94208 ----a-w- c:\windows\system32\stacsv.exe
2010-01-07 00:39:54 4952064 ----a-w- c:\windows\system32\stacgui.cpl
2010-01-07 00:39:54 405504 ----a-w- c:\windows\stsystra.exe
2010-01-07 00:39:54 1601536 ----a-w- c:\windows\system32\stlang.dll
2010-01-07 00:39:52 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2010-01-07 00:39:18 270336 ----a-w- c:\windows\system32\stacapi.dll
2010-01-07 00:39:18 146944 ----a-w- c:\windows\system32\st325602.dll
2010-01-07 00:39:18 1222840 ----a-w- c:\windows\system32\drivers\sthda.sys
2010-01-07 00:39:17 0 d-----w- c:\program files\SigmaTel
2010-01-07 00:33:14 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2010-01-07 00:33:12 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-01-07 00:33:06 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2010-01-07 00:32:52 0 d-----w- c:\program files\DellTPad
2010-01-07 00:32:47 164400 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2010-01-07 00:32:47 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2010-01-07 00:32:47 100542 ----a-w- c:\windows\system32\Vxdif.dll
2010-01-07 00:28:54 172032 ----a-w- c:\windows\system32\igfxres.dll
2010-01-07 00:22:45 90112 ----a-w- c:\windows\system32\snymsico.dll
2010-01-07 00:22:45 42496 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2010-01-07 00:22:45 39936 ----a-w- c:\windows\system32\drivers\rimmptsk.sys
2010-01-07 00:22:45 37376 ----a-w- c:\windows\system32\drivers\rixdptsk.sys
2010-01-07 00:22:45 16480 ----a-w- c:\windows\system32\rixdicon.dll
2010-01-07 00:19:22 0 d-----w- c:\windows\system32\ReinstallBackups
2010-01-07 00:19:15 0 d-----w- C:\Intel
2010-01-07 00:09:10 5 ----a-w- c:\windows\system32\drivers\DELL_INS_1525.MRK
2010-01-07 00:09:10 5 ----a-w- c:\windows\system32\drivers\1028_DELL_INS_1525.MRK
2010-01-07 00:09:03 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2010-01-07 00:08:50 0 d--h--w- c:\windows\$hf_mig$
2010-01-07 00:08:24 666 ----a-w- c:\windows\speed.reg
2010-01-07 00:03:33 0 d-----w- c:\windows\system32\vmm32
2010-01-07 00:03:33 0 d-----w- c:\program files\Dell
2010-01-07 00:00:59 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2010-01-07 00:00:58 0 d-s---w- c:\windows\system32\Microsoft
2010-01-06 23:54:14 0 d-sh--w- c:\documents and settings\all users\DRM
2010-01-06 23:53:59 0 d--h--w- c:\program files\WindowsUpdate
2010-01-06 23:52:54 0 d-----w- c:\program files\common files\MSSoap
2010-01-06 23:51:24 0 d-----w- c:\program files\Online Services
2010-01-06 23:51:19 0 d-----w- c:\program files\Messenger
2010-01-06 23:51:15 0 d-----w- c:\program files\MSN Gaming Zone
2010-01-06 23:50:26 0 d-----w- c:\program files\Windows NT
2010-01-06 17:39:30 0 d-----w- c:\program files\common files\ODBC
2010-01-06 17:39:26 0 d-----w- c:\program files\common files\SpeechEngines
2010-01-06 17:38:54 0 d-----r- c:\documents and settings\all users\Documents

==================== Find3M ====================

2010-01-31 10:10:26 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-01-06 23:52:04 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-05 10:00:29 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00:20 17408 ----a-w- c:\windows\system32\corpol.dll
2009-11-03 00:51:14 9728 ----a-w- c:\windows\system32\wceprv.dll

============= FINISH: 4:16:38.84 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:42 AM

Posted 07 February 2010 - 11:23 AM

Hello,

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


  1. Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  2. Disconnect from the Internet and close all running programs, as this process may crash your computer.
  3. Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  4. Double click on Gmer to run it.
  5. Allow the gmer.sys driver to load if asked.
  6. You may see a rootkit warning window, If you do, click No.
  7. Untick the following boxes on the right side of the Gmer screen.
    Sections
    IAT/EAT
    Files
    Show All
  8. Click on and wait for the scan to finish.
  9. If you see a rootkit warning window, click OK.
  10. Push and save the logfile to your desktop.
  11. Copy and Paste the contents of that file in your next post.



Then please post back here with the following:
  • log.txt
  • info.txt
  • Gmer log

Thanks

unite.jpg


#3 macman104

macman104
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 07 February 2010 - 01:37 PM

I hope it's ok that I included my external harddrives in the scan, cause I want to make sure nothing is hiding on those either. I have 3. I also noticed yahoo toolbar was there, and hoping that could be removed as well.

~~~~~~~~~~~~~~~~GMER LOG~~~~~~~~~~~~~~~~~~
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-07 12:31:25
Windows 5.1.2600 Service Pack 3
Running: bd8dhkl4.exe; Driver: C:\DOCUME~1\Josh\LOCALS~1\Temp\pxtdypow.sys


---- System - GMER 1.0.15 ----

SSDT spka.sys ZwCreateKey [0xB9EB50E0]
SSDT spka.sys ZwEnumerateKey [0xB9ECDDA4]
SSDT spka.sys ZwEnumerateValueKey [0xB9ECE132]
SSDT spka.sys ZwOpenKey [0xB9EB50C0]
SSDT spka.sys ZwQueryKey [0xB9ECE20A]
SSDT spka.sys ZwQueryValueKey [0xB9ECE08A]
SSDT spka.sys ZwSetValueKey [0xB9ECE29C]

INT 0x62 ? 8A4CCBF8
INT 0x63 ? 8A21CBF8
INT 0x63 ? 8A21CBF8
INT 0x63 ? 8A21CBF8
INT 0x63 ? 8A21CBF8
INT 0x73 ? 8A4CCBF8
INT 0x94 ? 8A21CBF8
INT 0xA4 ? 8A21CBF8
INT 0xA4 ? 8A21CBF8
INT 0xA4 ? 8A21CBF8

Code 8A25ABAC ZwRequestPort
Code 8A25AC4C ZwRequestWaitReplyPort
Code 8A25AB0C ZwTraceEvent
Code 8A25ABAB NtRequestPort
Code 8A25AC4B NtRequestWaitReplyPort
Code 8A25AB0B NtTraceEvent

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A4CB1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{48795A4E-8164-45E4-85A7-7BEA8BDC6344} 89BED500

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\USBSTOR \Device\0000009d 899B9500
Device \Driver\USBSTOR \Device\0000009e 899B9500
Device \Driver\USBSTOR \Device\0000009f 899B9500
Device \Driver\usbuhci \Device\USBPDO-0 8A2D11F8
Device \Driver\usbuhci \Device\USBPDO-1 8A2D11F8
Device \Driver\usbehci \Device\USBPDO-2 8A2BF1F8
Device \Driver\usbuhci \Device\USBPDO-3 8A2D11F8
Device \Driver\usbehci \Device\USBPDO-4 8A2BF1F8

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\PCI_PNP1370 \Device\00000056 spka.sys
Device \Driver\usbuhci \Device\USBPDO-5 8A2D11F8
Device \Driver\USBSTOR \Device\000000a1 899B9500
Device \Driver\usbuhci \Device\USBPDO-6 8A2D11F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A53B1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A53B1F8
Device \Driver\Cdrom \Device\CdRom0 8A280398
Device \Driver\Cdrom \Device\CdRom1 8A280398
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A53B1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B9E2FB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Ftdisk \Device\HarddiskVolume4 8A53B1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 89BED500
Device \Driver\NetBT \Device\NetbiosSmb 89BED500

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\USBSTOR \Device\00000099 899B9500
Device \Driver\usbuhci \Device\USBFDO-0 8A2D11F8
Device \Driver\sptd \Device\1307758870 spka.sys
Device \Driver\usbuhci \Device\USBFDO-1 8A2D11F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 899BC500
Device \Driver\usbehci \Device\USBFDO-2 8A2BF1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{F0CCE2EF-242D-4DAE-B3B2-11DCB14A4A65} 89BED500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 899BC500
Device \Driver\usbuhci \Device\USBFDO-3 8A2D11F8
Device \Driver\Ftdisk \Device\FtControl 8A53B1F8
Device \Driver\usbuhci \Device\USBFDO-4 8A2D11F8
Device \Driver\usbuhci \Device\USBFDO-5 8A2D11F8
Device \Driver\usbehci \Device\USBFDO-6 8A2BF1F8
Device \Driver\a7nzx0zx \Device\Scsi\a7nzx0zx1 8A15A1F8
Device \Driver\a7nzx0zx \Device\Scsi\a7nzx0zx1Port2Path0Target0Lun0 8A15A1F8
Device \Driver\USBSTOR \Device\0000009a 899B9500
Device \FileSystem\Cdfs \Cdfs 899B6500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD1 0xFF 0xA3 0x78 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFB 0x1A 0x78 0x89 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x62 0x96 0xBD 0x38 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD1 0xFF 0xA3 0x78 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFB 0x1A 0x78 0x89 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x62 0x96 0xBD 0x38 ...

---- EOF - GMER 1.0.15 ----

Attached Files

  • Attached File  info.txt   26.95KB   10 downloads
  • Attached File  log.txt   50.63KB   13 downloads
  • Attached File  Gmer.log   14.19KB   4 downloads


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:42 AM

Posted 07 February 2010 - 04:18 PM

I don't see much wrong in your logs, just a few bits to clean, when you reply with the logs please post them rather than attaching them it makes the easier to look at.

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.

We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the icon on your desktop.
  • Paste the following code under the area. Do not include the word "Code".
    CODE
    :Reg
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    ""=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "AdobeBridge"=-
    :Files
    G:\RECYCLER\UcHelp.exe
    :Commands
    [EmptyTemp]
  • Push the large button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will hACelp protect your drives from future infection.

Go to Add or Remove programs and uninstall this outdated Java version.

Java™ 6 Update 7

Then please post back here with the following logs:
  • OTM results
  • New rsit log

Thanks

unite.jpg


#5 macman104

macman104
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 08 February 2010 - 05:25 PM

All done. Although, when I ran the OTM, I forgot to plug the external (G:) into the computer, so it couldn't find that file. I wasn't sure if it was ok to run it again, so I just left it, and figured you could provide another script if I need to run it again.

~~~~~~~~~~~~~~~~~~OTM Log~~~~~~~~~~~~~~~~~~~~
All processes killed
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
========== FILES ==========
File/Folder G:\RECYCLER\UcHelp.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Josh
->Temp folder emptied: 19674198 bytes
->Temporary Internet Files folder emptied: 1101566 bytes
->Java cache emptied: 538242 bytes
->Google Chrome cache emptied: 40254160 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 555252 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 127176 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10933278 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 20529309 bytes

Total Files Cleaned = 92.00 mb


OTM by OldTimer - Version 3.1.8.0 log created on 02082010_152503

Files moved on Reboot...

Registry entries deleted on Reboot...

~~~~~~~~~~~~~~~~~~~~~RSIT log.log~~~~~~~~~~~~~~~~~~~
Logfile of random's system information tool 1.06 (written by random/random)
Run by Josh at 2010-02-08 16:21:52
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 106 GB (44%) free of 238 GB
Total RAM: 3062 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:22:02 PM, on 2/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Documents and Settings\Josh\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Josh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Josh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Josh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Josh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Josh\Desktop\BleepingComputer\RSIT.exe
C:\Program Files\trend micro\Josh.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://search.dell.com/index.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Josh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11810 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1085031214-2146997909-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1085031214-2146997909-1004UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-01-23 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2010-02-02 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-02 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-02 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-09-05 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-09-05 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-09-05 137752]
"OEM02Mon.exe"=C:\WINDOWS\OEM02Mon.exe [2007-05-10 36864]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2007-10-25 167936]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2007-10-09 2183168]
"CoolSwitch"=C:\WINDOWS\system32\taskswitch.exe [2002-03-19 45632]
"UltraMon"=C:\Program Files\UltraMon\UltraMon.exe [2006-10-12 304640]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2009-10-26 15872]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-01-23 2033432]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-01-22 141608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Google Update"=C:\Documents and Settings\Josh\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-06 135664]
"SandboxieControl"=C:\Program Files\Sandboxie\SbieCtrl.exe [2009-12-01 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
C:\WINDOWS\INSTAL~1\{AC76B~1\SC_ACR~1.EXE [2010-02-01 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
C:\WINDOWS\INSTAL~1\{A7091~1\ICON3E~1.ICO [2010-01-07 6144]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe

C:\Documents and Settings\Josh\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-01-23 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-08-24 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoSMHelp"=01000000
"NoSMMyPictures"=01000000
"NoUserNameInStartMenu"=01000000
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AIM"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\CrossFire Commander 7.1\xfdlink.exe"="C:\Program Files\CrossFire Commander 7.1\xfdlink.exe:*:Enabled:CrossFire DataLink"
"C:\Documents and Settings\Josh\Local Settings\Temp\7zS77B3\setup\hpznui01.exe"="C:\Documents and Settings\Josh\Local Settings\Temp\7zS77B3\setup\hpznui01.exe:*:Enabled:hpznui01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application"
"C:\Program Files\Eclipse\eclipse.exe"="C:\Program Files\Eclipse\eclipse.exe:*:Enabled:eclipse"
"C:\Program Files\CambridgeSoft\ChemOffice2010\Chem3D\Chem3D.exe"="C:\Program Files\CambridgeSoft\ChemOffice2010\Chem3D\Chem3D.exe:*:Enabled:ChemBio3D Ultra 12.0"
"C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE"="C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE:*:Enabled:Microsoft Office Excel"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Josh\Local Settings\Temp\7zS77B3\setup\hpznui01.exe"="C:\Documents and Settings\Josh\Local Settings\Temp\7zS77B3\setup\hpznui01.exe:*:Enabled:hpznui01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application"

======List of files/folders created in the last 1 months======

2010-02-08 15:53:01 ----RASHD---- C:\autorun.inf
2010-02-08 15:40:45 ----D---- C:\Program Files\iPod
2010-02-08 15:40:38 ----D---- C:\Program Files\iTunes
2010-02-08 15:38:38 ----D---- C:\Program Files\Bonjour
2010-02-08 15:25:03 ----D---- C:\_OTM
2010-02-08 15:24:12 ----D---- C:\WINDOWS\ERDNT
2010-02-08 15:23:13 ----D---- C:\Program Files\ERUNT
2010-02-07 11:44:04 ----D---- C:\rsit
2010-02-07 11:44:04 ----D---- C:\Program Files\trend micro
2010-02-03 22:10:54 ----D---- C:\WINDOWS\Sun
2010-02-02 22:35:50 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-02-02 22:35:22 ----A---- C:\WINDOWS\system32\javaws.exe
2010-02-02 22:35:22 ----A---- C:\WINDOWS\system32\javaw.exe
2010-02-02 22:35:22 ----A---- C:\WINDOWS\system32\java.exe
2010-02-02 22:35:22 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-02-02 19:31:58 ----D---- C:\Documents and Settings\Josh\Application Data\DVD Flick
2010-02-01 14:30:04 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2010-02-01 14:25:12 ----D---- C:\Program Files\Adobe Media Player
2010-02-01 14:23:03 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-02-01 05:10:34 ----A---- C:\WINDOWS\system32\CNMVS5c.DLL
2010-02-01 05:10:34 ----A---- C:\WINDOWS\system32\CNMLM5c.DLL
2010-02-01 05:10:33 ----A---- C:\WINDOWS\system32\CNMCP5c.exe
2010-02-01 05:10:31 ----HD---- C:\BJPrinter
2010-02-01 02:23:52 ----D---- C:\Documents and Settings\Josh\Application Data\Move Networks
2010-01-31 16:14:27 ----D---- C:\Documents and Settings\Josh\Application Data\EndNote
2010-01-31 04:33:25 ----A---- C:\RootRepeal report 01-31-10 (04-33-25).txt
2010-01-31 04:12:59 ----A---- C:\WINDOWS\unvise32.exe
2010-01-31 04:12:49 ----D---- C:\DYADGames
2010-01-31 01:11:39 ----D---- C:\Config.Msi
2010-01-29 20:25:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-26 17:13:54 ----D---- C:\DYADGames(2)
2010-01-26 16:43:01 ----D---- C:\Program Files\WinLemm
2010-01-25 08:34:42 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-01-24 04:36:13 ----A---- C:\WINDOWS\system32\tsccvid.dll
2010-01-24 04:36:03 ----D---- C:\Documents and Settings\All Users\Application Data\StatSoft
2010-01-24 04:35:56 ----A---- C:\WINDOWS\system32\regsvr32.exe.log
2010-01-24 04:35:07 ----D---- C:\Program Files\StatSoft
2010-01-24 04:34:28 ----A---- C:\WINDOWS\system32\pywintypes25.dll
2010-01-24 04:34:28 ----A---- C:\WINDOWS\system32\pythoncom25.dll
2010-01-24 04:33:59 ----D---- C:\Python25
2010-01-24 04:33:42 ----D---- C:\Program Files\Mestrelab Research S.L
2010-01-24 04:26:00 ----D---- C:\Documents and Settings\All Users\Application Data\CambridgeSoft
2010-01-24 04:19:53 ----D---- C:\Program Files\CambridgeSoft
2010-01-24 04:18:24 ----D---- C:\CStemp
2010-01-23 17:42:50 ----D---- C:\Program Files\WinISO
2010-01-23 17:30:08 ----A---- C:\WINDOWS\ScUnin.exe
2010-01-23 17:29:43 ----D---- C:\Program Files\Starcraft
2010-01-23 17:26:07 ----A---- C:\WINDOWS\War3Unin.exe
2010-01-23 17:24:14 ----D---- C:\Program Files\Warcraft III
2010-01-23 17:20:29 ----D---- C:\WINDOWS\system32\XPSViewer
2010-01-23 17:20:24 ----D---- C:\Program Files\MSBuild
2010-01-23 17:20:16 ----D---- C:\Program Files\Reference Assemblies
2010-01-23 17:19:53 ----A---- C:\WINDOWS\system32\msvcr70.dll
2010-01-23 17:19:53 ----A---- C:\WINDOWS\system32\msvcp70.dll
2010-01-23 17:19:35 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2010-01-23 17:19:35 ----N---- C:\WINDOWS\system32\prntvpt.dll
2010-01-23 17:19:34 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2010-01-23 17:06:14 ----D---- C:\Program Files\runewizard
2010-01-23 17:06:08 ----D---- C:\Program Files\ATMA V
2010-01-23 17:05:20 ----AT---- C:\WINDOWS\system32\SIntfNT.dll
2010-01-23 17:05:20 ----AT---- C:\WINDOWS\system32\SIntf32.dll
2010-01-23 17:05:20 ----AT---- C:\WINDOWS\system32\SIntf16.dll
2010-01-23 16:59:30 ----A---- C:\WINDOWS\DIIUnin.exe
2010-01-23 16:53:30 ----D---- C:\Program Files\Diablo II
2010-01-23 16:47:14 ----D---- C:\Program Files\Common Files\Thomson ResearchSoft
2010-01-23 16:43:33 ----D---- C:\Program Files\Common Files\Risxtd
2010-01-23 16:42:41 ----D---- C:\Program Files\EndNote X1
2010-01-23 16:40:13 ----D---- C:\Program Files\Wisdom-soft AutoScreenRecorder 3 Free
2010-01-23 16:37:18 ----D---- C:\Documents and Settings\Josh\Application Data\avidemux
2010-01-23 16:36:59 ----D---- C:\Program Files\Avidemux 2.5
2010-01-23 16:33:55 ----D---- C:\Program Files\VirtualDub-1.9.8
2010-01-23 16:32:17 ----D---- C:\Program Files\Gabest
2010-01-23 16:08:36 ----D---- C:\Program Files\Eclipse
2010-01-23 16:06:53 ----D---- C:\Program Files\VCD Gear
2010-01-23 15:53:21 ----A---- C:\WINDOWS\system32\PdfDll32.dll
2010-01-23 15:53:21 ----A---- C:\WINDOWS\system32\Lvkrn14n.dll
2010-01-23 15:53:21 ----A---- C:\WINDOWS\system32\LtTtf14n.Dll
2010-01-23 15:53:21 ----A---- C:\WINDOWS\system32\LTSGM14n.dll
2010-01-23 15:53:21 ----A---- C:\WINDOWS\system32\ltserial.dll
2010-01-23 15:53:21 ----A---- C:\WINDOWS\system32\ltkrn14n.dll
2010-01-23 15:53:21 ----A---- C:\WINDOWS\system32\ltimg14n.dll
2010-01-23 15:53:21 ----A---- C:\WINDOWS\system32\ltfil14n.dll
2010-01-23 15:53:21 ----A---- C:\WINDOWS\system32\LTEml14n.dll
2010-01-23 15:53:21 ----A---- C:\WINDOWS\system32\ltefx14n.dll
2010-01-23 15:53:21 ----A---- C:\WINDOWS\system32\ltdoc14n.dll
2010-01-23 15:53:21 ----A---- C:\WINDOWS\system32\LTDIS14n.dll
2010-01-23 15:53:21 ----A---- C:\WINDOWS\system32\LTDic14n.dll
2010-01-23 15:53:21 ----A---- C:\WINDOWS\system32\LTCLR14n.dll
2010-01-23 15:53:20 ----A---- C:\WINDOWS\system32\ltann14n.dll
2010-01-23 15:53:20 ----A---- C:\WINDOWS\system32\LtAct14n.dll
2010-01-23 15:53:20 ----A---- C:\WINDOWS\system32\ltact.dll
2010-01-23 15:53:20 ----A---- C:\WINDOWS\system32\LPWSE05n.exe
2010-01-23 15:53:20 ----A---- C:\WINDOWS\system32\LPUNI05N.dll
2010-01-23 15:53:20 ----A---- C:\WINDOWS\system32\LPUMD05n.dll
2010-01-23 15:53:20 ----A---- C:\WINDOWS\system32\LPUIT05N.dll
2010-01-23 15:53:20 ----A---- C:\WINDOWS\system32\LPUIR05r.dll
2010-01-23 15:53:20 ----A---- C:\WINDOWS\system32\LPUID05n.dll
2010-01-23 15:53:20 ----A---- C:\WINDOWS\system32\LpTxt05n.dll
2010-01-23 15:53:20 ----A---- C:\WINDOWS\system32\LpRTF05n.dll
2010-01-23 15:53:20 ----A---- C:\WINDOWS\system32\LPRPC05u.dll
2010-01-23 15:53:20 ----A---- C:\WINDOWS\system32\LPRNT05N.DLL
2010-01-23 15:53:20 ----A---- C:\WINDOWS\system32\LPRES05N.DLL
2010-01-23 15:53:20 ----A---- C:\WINDOWS\system32\LPPMN05u.DLL
2010-01-23 15:53:20 ----A---- C:\WINDOWS\system32\LpPdf05n.dll
2010-01-23 15:53:20 ----A---- C:\WINDOWS\system32\LPKRN05N.DLL
2010-01-23 15:53:20 ----A---- C:\WINDOWS\system32\LPINS05N.dll
2010-01-23 15:53:20 ----A---- C:\WINDOWS\system32\LpHTM05n.dll
2010-01-23 15:53:20 ----A---- C:\WINDOWS\system32\LPEML05N.DLL
2010-01-23 15:53:19 ----A---- C:\WINDOWS\system32\LpEmf05n.dll
2010-01-23 15:53:19 ----A---- C:\WINDOWS\system32\Lpdrv05n.DLL
2010-01-23 15:53:19 ----A---- C:\WINDOWS\system32\LpDoc05n.dll
2010-01-23 15:53:19 ----A---- C:\WINDOWS\system32\LPDLG05N.DLL
2010-01-23 15:53:19 ----A---- C:\WINDOWS\system32\LPCPN05N.dll
2010-01-23 15:53:19 ----A---- C:\WINDOWS\system32\Lfwmf14n.dll
2010-01-23 15:53:19 ----A---- C:\WINDOWS\system32\lfpdf14n.dll
2010-01-23 15:53:19 ----A---- C:\WINDOWS\system32\lfjb214n.dll
2010-01-23 15:53:19 ----A---- C:\WINDOWS\system32\lffax14n.dll
2010-01-23 15:53:19 ----A---- C:\WINDOWS\system32\LFCMP14n.dll
2010-01-23 15:51:28 ----D---- C:\Program Files\OriginLab
2010-01-23 15:44:15 ----D---- C:\Program Files\Lemmings
2010-01-23 15:11:02 ----D---- C:\Program Files\EnvMan
2010-01-23 15:07:54 ----A---- C:\WINDOWS\system32\TweakUI.exe
2010-01-23 15:07:06 ----A---- C:\WINDOWS\system32\ssubtmr6.dll
2010-01-23 15:07:04 ----D---- C:\Program Files\DVD Flick
2010-01-23 15:04:11 ----D---- C:\WINDOWS\pss
2010-01-23 15:03:33 ----D---- C:\Program Files\CCleaner
2010-01-23 14:45:00 ----D---- C:\Program Files\Common Files\Macrovision Shared
2010-01-23 14:44:45 ----D---- C:\Program Files\Rosetta Stone
2010-01-23 14:44:45 ----D---- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
2010-01-23 14:40:21 ----HD---- C:\$AVG
2010-01-23 14:40:12 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-01-23 14:39:51 ----D---- C:\Program Files\AVG
2010-01-23 14:39:50 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2010-01-23 14:31:45 ----D---- C:\Documents and Settings\Josh\Application Data\TextPad
2010-01-23 14:31:40 ----D---- C:\Program Files\TextPad 4
2010-01-23 14:30:56 ----D---- C:\Program Files\Wisdom-soft ScreenHunter 5 Free
2010-01-23 14:28:27 ----D---- C:\Documents and Settings\All Users\Application Data\WEBREG
2010-01-23 14:28:10 ----D---- C:\Documents and Settings\Josh\Application Data\HP
2010-01-23 14:27:52 ----D---- C:\Program Files\Yahoo!
2010-01-23 14:25:32 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2010-01-23 14:24:28 ----A---- C:\WINDOWS\system32\hpz3l696.dll
2010-01-23 14:11:42 ----A---- C:\WINDOWS\system32\hpzids01.dll
2010-01-23 14:11:36 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2010-01-23 14:11:18 ----D---- C:\Program Files\HP
2010-01-23 14:07:20 ----A---- C:\WINDOWS\system32\Cxf0332c.dll
2010-01-23 14:07:20 ----A---- C:\WINDOWS\system32\Cxf0332b.dll
2010-01-23 14:07:20 ----A---- C:\WINDOWS\system32\Cxf0332a.dll
2010-01-23 14:07:19 ----A---- C:\WINDOWS\system32\Cw3245mt.dll
2010-01-23 14:07:14 ----A---- C:\WINDOWS\system32\SciFiSoft.dll
2010-01-23 14:06:57 ----D---- C:\Program Files\SFSCHLR
2010-01-23 14:05:50 ----D---- C:\Program Files\MathType
2010-01-23 14:00:43 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2010-01-23 14:00:24 ----D---- C:\Program Files\Common Files\Adobe Systems Shared
2010-01-23 07:03:37 ----D---- C:\Program Files\MSXML 4.0
2010-01-21 23:27:00 ----D---- C:\Program Files\Java
2010-01-21 23:26:59 ----D---- C:\Program Files\Common Files\Java
2010-01-21 23:26:30 ----D---- C:\Documents and Settings\Josh\Application Data\Sun
2010-01-21 16:20:53 ----D---- C:\Program Files\Common Files\Config
2010-01-21 16:20:41 ----D---- C:\Program Files\Common Files\Inet
2010-01-21 16:16:56 ----D---- C:\Program Files\Common Files\AnswerWorks 5.0
2010-01-21 16:16:42 ----A---- C:\WINDOWS\system32\cdintf400.dll
2010-01-21 16:16:24 ----D---- C:\Program Files\Common Files\Intuit
2010-01-21 16:16:16 ----D---- C:\Program Files\Quicken
2010-01-21 16:16:16 ----D---- C:\Documents and Settings\Josh\Application Data\Intuit
2010-01-21 16:16:08 ----A---- C:\WINDOWS\QUICKEN.INI
2010-01-21 16:14:23 ----RSD---- C:\WINDOWS\assembly
2010-01-21 16:14:02 ----D---- C:\WINDOWS\Microsoft.NET
2010-01-21 16:11:50 ----D---- C:\Documents and Settings\All Users\Application Data\Intuit
2010-01-15 23:03:42 ----D---- C:\Program Files\WinSCP
2010-01-14 13:16:59 ----A---- C:\WINDOWS\system32\sculptapi.dll
2010-01-14 13:16:35 ----D---- C:\Program Files\CrossFire Commander 7.1
2010-01-14 04:59:17 ----D---- C:\Program Files\Unlocker
2010-01-14 04:51:21 ----A---- C:\WINDOWS\CD_Start.INI
2010-01-14 03:47:53 ----A---- C:\WINDOWS\ODBC.INI
2010-01-14 03:47:47 ----A---- C:\WINDOWS\system32\mdimon.dll
2010-01-14 03:46:56 ----D---- C:\Program Files\Microsoft.NET
2010-01-14 03:46:52 ----D---- C:\Program Files\Microsoft ActiveSync
2010-01-14 03:46:30 ----D---- C:\Program Files\Common Files\DESIGNER
2010-01-14 03:46:17 ----D---- C:\WINDOWS\SHELLNEW
2010-01-14 03:46:13 ----D---- C:\Program Files\Microsoft Office
2010-01-14 03:29:16 ----RHD---- C:\MSOCache
2010-01-13 21:06:29 ----D---- C:\Documents and Settings\Josh\Application Data\Apple Computer
2010-01-13 21:06:18 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2010-01-13 21:05:38 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-13 21:04:58 ----D---- C:\Program Files\QuickTime
2010-01-13 21:04:56 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2010-01-13 21:04:43 ----D---- C:\Program Files\Apple Software Update
2010-01-13 21:04:34 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2010-01-13 21:03:36 ----D---- C:\Program Files\Common Files\Apple
2010-01-13 21:03:36 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2010-01-13 20:10:14 ----A---- C:\WINDOWS\system32\ptpusb.dll
2010-01-13 20:10:12 ----A---- C:\WINDOWS\system32\ptpusd.dll
2010-01-13 19:00:44 ----D---- C:\Documents and Settings\Josh\Application Data\Realtime Soft
2010-01-13 19:00:37 ----D---- C:\Program Files\UltraMon
2010-01-13 19:00:37 ----D---- C:\Program Files\Common Files\Realtime Soft
2010-01-13 19:00:37 ----D---- C:\Documents and Settings\All Users\Application Data\Realtime Soft
2010-01-12 23:29:02 ----D---- C:\Documents and Settings\Josh\Application Data\Skype
2010-01-12 23:28:52 ----RD---- C:\Program Files\Skype
2010-01-12 23:28:49 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2010-01-12 16:48:40 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-10 02:06:05 ----D---- C:\Documents and Settings\Josh\Application Data\acccore
2010-01-10 02:04:45 ----D---- C:\Documents and Settings\All Users\Application Data\AIM
2010-01-10 02:04:41 ----D---- C:\Program Files\Common Files\Software Update Utility
2010-01-10 02:04:41 ----D---- C:\Program Files\AIM
2010-01-10 02:04:40 ----D---- C:\Program Files\Common Files\AOL

======List of files/folders modified in the last 1 months======

2010-02-08 16:17:38 ----D---- C:\WINDOWS\system32
2010-02-08 16:17:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-08 16:15:47 ----SHD---- C:\WINDOWS\Installer
2010-02-08 16:13:23 ----D---- C:\WINDOWS\Temp
2010-02-08 16:13:22 ----D---- C:\WINDOWS
2010-02-08 16:13:10 ----A---- C:\WINDOWS\system32\rpcnetp.exe
2010-02-08 16:13:07 ----A---- C:\WINDOWS\system32\rpcnet.dll
2010-02-08 16:10:58 ----D---- C:\WINDOWS\WinSxS
2010-02-08 16:09:16 ----D---- C:\Program Files\Common Files
2010-02-08 16:05:05 ----HD---- C:\WINDOWS\inf
2010-02-08 16:05:05 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-02-08 16:03:04 ----RD---- C:\Program Files
2010-02-08 16:02:14 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-08 15:39:31 ----D---- C:\WINDOWS\Prefetch
2010-02-08 15:25:03 ----D---- C:\Documents and Settings\Josh\Application Data\uTorrent
2010-02-08 02:47:55 ----D---- C:\Documents and Settings\Josh\Application Data\vlc
2010-02-03 23:12:56 ----A---- C:\WINDOWS\Sandboxie.ini
2010-02-01 20:57:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-01 20:56:57 ----D---- C:\WINDOWS\system32\drivers
2010-02-01 18:58:14 ----D---- C:\Documents and Settings\Josh\Application Data\Adobe
2010-02-01 14:27:47 ----D---- C:\Program Files\Adobe
2010-02-01 14:27:32 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-02-01 14:26:35 ----D---- C:\Program Files\Common Files\Adobe
2010-02-01 14:24:45 ----RSD---- C:\WINDOWS\Fonts
2010-01-31 15:16:34 ----A---- C:\WINDOWS\system32\rpcnet.exe
2010-01-31 15:14:57 ----A---- C:\WINDOWS\system32\rpcnetp.dll
2010-01-31 04:11:04 ----SHD---- C:\System Volume Information
2010-01-31 04:11:04 ----D---- C:\WINDOWS\system32\Restore
2010-01-31 01:12:13 ----D---- C:\WINDOWS\system32\config
2010-01-31 01:11:53 ----D---- C:\WINDOWS\system32\wbem
2010-01-31 01:11:53 ----D---- C:\WINDOWS\Registration
2010-01-29 02:41:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-01-29 01:56:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-01-25 08:35:07 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-25 08:34:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-24 04:35:39 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-23 18:39:57 ----D---- C:\Documents and Settings\Josh\Application Data\AdobeUM
2010-01-23 18:39:08 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-23 17:20:23 ----D---- C:\WINDOWS\system32\en-us
2010-01-23 17:19:54 ----D---- C:\WINDOWS\system32\spool
2010-01-23 17:17:38 ----D---- C:\WINDOWS\system32\mui
2010-01-23 17:17:38 ----D---- C:\Program Files\Internet Explorer
2010-01-23 15:41:50 ----SD---- C:\Documents and Settings\Josh\Application Data\Microsoft
2010-01-23 15:38:17 ----D---- C:\Program Files\Sandboxie
2010-01-23 15:18:07 ----D---- C:\WINDOWS\Debug
2010-01-23 14:28:07 ----A---- C:\WINDOWS\win.ini
2010-01-23 14:24:27 ----D---- C:\WINDOWS\twain_32
2010-01-23 14:06:29 ----D---- C:\Program Files\Common Files\InstallShield
2010-01-21 15:19:06 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-14 17:43:19 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-01-14 03:46:18 ----D---- C:\Program Files\Common Files\System
2010-01-14 03:46:14 ----D---- C:\WINDOWS\pchealth
2010-01-14 03:44:56 ----D---- C:\WINDOWS\system
2010-01-13 21:04:46 ----SD---- C:\WINDOWS\Tasks
2010-01-11 14:00:34 ----D---- C:\WINDOWS\Downloaded Installations

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-01-23 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-01-23 28424]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-01-23 360584]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 BCMWLNPF;Broadcom Netgroup Packet Filter; C:\WINDOWS\system32\drivers\bcmwlnpf.sys [2007-10-09 33664]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R2 UltraMonUtility;UltraMon Utility Driver; \??\C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys []
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2007-12-26 164400]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-10-09 1123328]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2008-03-29 125328]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-08-02 989952]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-08-02 211200]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-08-24 5776928]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-10-11 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424]
R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 UltraMonMirror;UltraMonMirror; C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys [2006-09-24 3584]
R3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-08-02 731136]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2007-09-17 265856]
S3 af7u2ujz;af7u2ujz; C:\WINDOWS\system32\drivers\af7u2ujz.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-01-23 906520]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-01-23 285392]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2008-06-19 1528608]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-02-02 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 rpcnet;Remote Procedure Call (RPC) Net; C:\WINDOWS\system32\rpcnet.exe [2010-01-31 56680]
R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2009-12-01 66560]
R2 STacSV;SigmaTel Audio Service; C:\WINDOWS\system32\STacSV.exe [2007-05-10 94208]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2007-10-09 24064]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-01-22 545576]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-01-23 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-02-01 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


~~~~~~~~~~~~~~~~~~~RSIT info.log~~~~~~~~~~~~~~~~~~~~~~~~
info.txt logfile of random's system information tool 1.06 2010-02-08 16:23:11

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
32 Bit HP CIO Components Installer-->MsiExec.exe /I{47ECCB1F-2811-49C0-B6A7-26778639ABA0}
Adobe Acrobat 7.1.0 Professional-->msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
AIM 7-->C:\Program Files\AIM\uninst.exe
Alt-Tab Task Switcher Powertoy for Windows XP-->MsiExec.exe /I{A7050037-F0EA-4BAB-BCD5-FC05507D6147}
AnswerWorks 5.0 English Runtime-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
Avidemux 2.5-->C:\Program Files\Avidemux 2.5\uninstall.exe
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Calculator Powertoy for Windows XP-->MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}
CambridgeSoft Activation Client-->MsiExec.exe /I{E773E0B9-6ABE-4F9E-816C-56B2DD8613B9}
CambridgeSoft ChemBioOffice Ultra 2010-->MsiExec.exe /I{D06EF6C2-62D8-4308-897E-B20FE81712B4}
CambridgeSoft ChemScript 12.0-->MsiExec.exe /X{E145D9BE-D521-4527-A85D-2B2D47725506}
Canon i960-->C:\WINDOWS\system32\CNMCP5c.exe "-PRINTERNAMECanon i960" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i960 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i960 Installer\Inst2\cnmi0409.dll"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Cisco Systems VPN Client 5.0.03.0560-->MsiExec.exe /X{A7091E1D-36A4-47F1-A739-173CC341414F}
ClearType Tuning Control Panel Applet-->MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}
CmdHere Powertoy For Windows XP-->MsiExec.exe /I{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\UIU32m.exe -U -Idel000f5.INF
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
CrossFire Commander 7.1 SR2-->"C:\Program Files\InstallShield Installation Information\{46471218-6964-4B04-A055-A701D29DF6C6}\setup.exe" -runfromtemp -l0x0009 -removeonly
Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
DriveImage XML (Private Edition)-->"C:\Program Files\Runtime Software\DriveImage XML\Uninstall.exe" "C:\Program Files\Runtime Software\DriveImage XML\install.log" -u
DVD Flick 1.3.0.7-->"C:\Program Files\DVD Flick\unins000.exe"
EndNote X1-->MsiExec.exe /I{87F7773C-EC9C-461A-AA7B-4AF8EF54DF49}
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
ISI ResearchSoft - Export Helper-->C:\PROGRA~1\COMMON~1\Risxtd\_UNINST.EXE
iTunes-->MsiExec.exe /I{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}
Java™ 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Laptop Integrated Webcam Driver (1.04.01.1011) -->C:\WINDOWS\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x0409
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
MathType 5-->"C:\Program Files\MathType\Setup.exe" -R
MDL Chime/Chime Pro for Internet Explorer-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Internet Explorer\Plugins\chime26.isu"
MestReNova LITE 5.2.5-4731-->C:\Program Files\Mestrelab Research S.L\MestReNova LITE\Uninstall.exe
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
OriginPro 8-->C:\Program Files\InstallShield Installation Information\{A912021A-FEDD-4DA3-8DB4-245EBDA84778}\setup.exe -runfromtemp -l0x0009 -removeonly
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
PE Builder 3.1.10a-->"C:\Program Files\pebuilder3110a\unins000.exe"
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
PuTTY version 0.60-->"C:\Program Files\PuTTY\unins000.exe"
Puzz-3D Orient Express-->C:\WINDOWS\unvise32.exe C:\DYADGames\Puzz3DOrientExpress\uninstal.log
Python 2.5 pywin32-210-->"C:\Python25\Removepywin32.exe" -u "C:\Python25\pywin32-wininst.log"
Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
Quicken 2010-->MsiExec.exe /X{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\Setup.exe" -l0x9 anything
Rosetta Stone Version 3-->MsiExec.exe /X{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}
Sandboxie 3.42-->"C:\WINDOWS\Installer\SandboxieInstall.exe" /remove
SciFinder Scholar 2007-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\SFSCHLR\Uninstall\SETUP.EXE" -l0x9
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)-->MsiExec.exe /X{64F3B15C-24C7-4B2B-9B72-65CCBBD7F06B}
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
STATISTICA CambridgeSoft Integration-->MsiExec.exe /I{A1E1083D-249D-483C-AD92-CDCFA230A4C7}
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
TextPad 4.7-->MsiExec.exe /X{B510A987-487E-4C66-9F4F-D386AC275715}
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
UltraMon-->MsiExec.exe /I{E67FF1A2-23C1-4102-84E9-42115F77AD32}
Unlocker 1.8.8-->C:\Program Files\Unlocker\uninst.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Windows (KB971513)-->"C:\WINDOWS\$NtUninstallKB971513$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinISO 5.3-->"C:\Program Files\WinISO\unins000.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinSCP 4.2.5-->"C:\Program Files\WinSCP\unins000.exe"
Wisdom-soft AutoScreenRecorder 3.1 Free-->MsiExec.exe /I{087D7A3A-9A2E-494B-A9B1-89EC337D0E4D}
Wisdom-soft ScreenHunter 5.1 Free-->MsiExec.exe /I{66F28964-CE41-459A-A4FF-A6BBD1374282}

======Hosts File======

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: MAC
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 4432
Source Name: Service Control Manager
Time Written: 20100125165611.000000-360
Event Type: error
User:

Computer Name: MAC
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 4429
Source Name: Service Control Manager
Time Written: 20100125165611.000000-360
Event Type: error
User:

Computer Name: MAC
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 4426
Source Name: Service Control Manager
Time Written: 20100125165611.000000-360
Event Type: error
User:

Computer Name: MAC
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 4423
Source Name: Service Control Manager
Time Written: 20100125165611.000000-360
Event Type: error
User:

Computer Name: MAC
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 4420
Source Name: Service Control Manager
Time Written: 20100125165611.000000-360
Event Type: error
User:

=====Application event log=====

Computer Name: MAC
Event Code: 1517
Message: Windows saved user MAC\Josh registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 427
Source Name: Userenv
Time Written: 20100119071301.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: MAC
Event Code: 1000
Message: Faulting application acrobat.exe, version 7.0.0.1333, faulting module checkers.api, version 7.0.5.172, fault address 0x000047be.

Record Number: 418
Source Name: Application Error
Time Written: 20100118030155.000000-360
Event Type: error
User:

Computer Name: MAC
Event Code: 1002
Message: Hanging application chrome.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 417
Source Name: Application Hang
Time Written: 20100118023043.000000-360
Event Type: error
User:

Computer Name: MAC
Event Code: 1517
Message: Windows saved user MAC\Josh registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 395
Source Name: Userenv
Time Written: 20100116042132.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: MAC
Event Code: 1517
Message: Windows saved user MAC\Josh registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 380
Source Name: Userenv
Time Written: 20100114175537.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\WinSCP\;C:\Program Files\Adobe\Acrobat 7.0\Acrobat;C:\Program Files\DAEMON Tools Lite;C:\Program Files\EnvMan;C:\Program Files\iTunes;C:\Program Files\Putty;C:\Program Files\TextPad 4;C:\Program Files\UltraMon;C:\Program Files\Unlocker;C:\Program Files\VideoLAN\VLC;C:\Program Files\Wisdom-soft ScreenHunter 5 Free;C:\Program Files\WinSCP;C:\Documents and Settings\Josh\Local Settings\Application Data\Google\Chrome;C:\Program Files\CrossFire Commander 7.1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f0d
"Programs"=C:\Program Files\AIM;C:\Program Files\ATMA V;C:\Program Files\Cisco Systems\VPN Client;C:\Program Files\CCleaner;C:\Program Files\CrossFire Commander 7.1;C:\Program Files\DAEMON Tools Lite;C:\Program Files\DVD Flick;C:\Program Files\Eclipse;C:\Program Files\EnvMan;C:\Documents and Settings\Josh\Local Settings\Application Data\Google\Chrome;C:\Program Files\iTunes;C:\Program Files\Lemmings;C:\Program Files\Malwarebytes' Anti-Malware;C:\Program Files\OriginLab\Origin8;C:\Program Files\Putty;C:\Program Files\Quicken;C:\Program Files\Rosetta Stone\Rosetta Stone Version 3;C:\Program Files\runewizard;C:\Program Files\Sandboxie;C:\Program Files\SFSCHLR;C:\Program Files\TextPad 4;C:\Program Files\UltraMon;C:\Program Files\Unlocker;C:\Program Files\uTorrent;C:\Program Files\VideoLAN\VLC;C:\Program Files\Wisdom-soft ScreenHunter 5 Free;C:\Program Files\WinSCP;C:\Program Files\WinRAR;C:\Program Files\VCD Gear
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"PYTHONPATH"=C:\Program Files\CambridgeSoft\ChemOffice2010\ChemScript 12\Lib

-----------------EOF-----------------



#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:42 AM

Posted 09 February 2010 - 10:55 AM

You should be able to delete the file on your G drive yourself, just make sure that you can see hidden files and folders, then navigate to
the file and delete it.

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, Aclick on View sACcan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Then post back with the Kaspersky report and let me know if you have any more problems.

unite.jpg


#7 macman104

macman104
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 12 February 2010 - 05:55 PM

Hi Sylar,

I ran the kaspersky scan, which is copied below this. I tried to find the UCHelp.exe file, but I could not. Could you provide a script that I could use to remove it? Are there any final check-type scans to do of the previous logs I've posted to make sure everything is clean?

Thanks for all the help.

Thursday, February 11, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, February 11, 2010 07:39:26
Records in database: 3472817
Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\
Scan statistics
Objects scanned 179825
Threats found 0
Infected objects found 0
Suspicious objects found 0
Scan duration 04:55:22

No threats found. Scanned area is clean.
Selected area has been scanned.

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:42 AM

Posted 12 February 2010 - 06:08 PM

Hi macman104,

The file is probably gone if you could not find it, did you find the recycler folder? Please let me know if you are having any other problems and
post a new DDS log.

Thanks

unite.jpg


#9 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:42 AM

Posted 16 February 2010 - 07:43 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg


#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:42 AM

Posted 17 February 2010 - 06:26 AM

Topic reopened at OP request.

unite.jpg


#11 macman104

macman104
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 17 February 2010 - 02:44 PM

Here are the new DDS Logs:

DDS.txt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

DDS (Ver_09-12-01.01) - NTFSx86
Run by Josh at 13:41:29.85 on Wed 02/17/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3062.2218 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Documents and Settings\Josh\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Josh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Josh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Josh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Josh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Josh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Josh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Josh\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Josh\Desktop\BleepingComputer\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = hxxp://search.dell.com/index.aspx
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\josh\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [UltraMon] "c:\program files\ultramon\UltraMon.exe" /auto
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\josh\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
uPolicies-explorer: NoSMHelp = 01000000
uPolicies-explorer: NoSMMyPictures = 01000000
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-23 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-23 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-23 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-1-23 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-1-23 285392]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2006-9-24 11776]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2009-12-1 119296]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [2006-9-24 3584]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

=============== Created Last 30 ================

2010-02-17 19:05:28 0 d-----w- c:\docume~1\josh\applic~1\AVG8
2010-02-14 22:10:37 0 d-----w- c:\program files\MSECache
2010-02-11 01:12:24 38 ----a-w- c:\windows\avisplitter.ini
2010-02-11 01:12:23 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-02-11 01:12:23 839680 ----a-w- c:\windows\system32\lameACM.acm
2010-02-11 01:12:23 414 ----a-w- c:\windows\system32\lame_acm.xml
2010-02-11 01:12:23 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-02-11 01:12:23 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-02-11 01:12:23 151552 ----a-w- c:\windows\system32\ac3acm.acm
2010-02-11 01:12:21 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-02-11 01:12:21 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
2010-02-11 01:12:20 0 d-----w- c:\program files\K-Lite Codec Pack
2010-02-10 22:21:56 0 d-----w- c:\program files\AirPort
2010-02-10 21:59:16 0 d-----w- c:\program files\Bonjour
2010-02-08 21:53:01 0 d-sha-r- C:\autorun.inf
2010-02-08 21:40:45 0 d-----w- c:\program files\iPod
2010-02-08 21:40:38 0 d-----w- c:\program files\iTunes
2010-02-08 21:25:03 0 d-----w- C:\_OTM
2010-02-07 17:44:04 0 d-----w- c:\program files\trend micro
2010-02-03 04:35:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-03 01:31:58 0 d-----w- c:\docume~1\josh\applic~1\DVD Flick
2010-02-01 11:10:34 6656 ----a-w- c:\windows\system32\CNMVS5c.DLL
2010-02-01 11:10:34 105984 ----a-w- c:\windows\system32\CNMLM5c.DLL
2010-02-01 11:10:33 86016 ----a-w- c:\windows\system32\CNMCP5c.exe
2010-02-01 11:10:31 0 d--h--w- C:\BJPrinter
2010-01-31 22:14:27 0 d-----w- c:\docume~1\josh\applic~1\EndNote
2010-01-31 10:12:59 86016 ----a-w- c:\windows\unvise32.exe
2010-01-31 10:12:49 0 d-----w- C:\DYADGames
2010-01-31 07:11:53 0 d-----w- c:\windows\system32\wbem\Repository
2010-01-26 23:13:54 0 d-----w- C:\DYADGames(2)
2010-01-26 22:43:01 0 d-----w- c:\program files\WinLemm
2010-01-24 20:32:30 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2010-01-24 10:36:22 7477 ----a-w- c:\windows\system32\novao5.ctm
2010-01-24 10:36:13 98304 ----a-w- c:\windows\system32\tsccvid.dll
2010-01-24 10:36:03 0 d-----w- c:\docume~1\alluse~1\applic~1\StatSoft
2010-01-24 10:35:07 0 d-----w- c:\program files\StatSoft
2010-01-24 10:34:28 327680 ----a-w- c:\windows\system32\pythoncom25.dll
2010-01-24 10:34:28 102400 ----a-w- c:\windows\system32\pywintypes25.dll
2010-01-24 10:33:59 0 d-----w- C:\Python25
2010-01-24 10:33:42 0 d-----w- c:\program files\Mestrelab Research S.L
2010-01-24 10:26:00 0 d-----w- c:\docume~1\alluse~1\applic~1\CambridgeSoft
2010-01-24 10:19:53 0 d-----w- c:\program files\CambridgeSoft
2010-01-24 10:18:24 0 d-----w- C:\CStemp
2010-01-23 23:42:50 0 d-----w- c:\program files\WinISO
2010-01-23 23:30:09 35190 ----a-w- c:\windows\scunin.dat
2010-01-23 23:30:08 967 ----a-w- c:\windows\ScUnin.pif
2010-01-23 23:30:08 94208 ----a-w- c:\windows\ScUnin.exe
2010-01-23 23:29:43 0 d-----w- c:\program files\Starcraft
2010-01-23 23:26:07 2829 ----a-w- c:\windows\War3Unin.pif
2010-01-23 23:26:07 17551 ----a-w- c:\windows\War3Unin.dat
2010-01-23 23:26:07 126976 ----a-w- c:\windows\War3Unin.exe
2010-01-23 23:20:29 0 d-----w- c:\windows\system32\XPSViewer
2010-01-23 23:19:53 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-01-23 23:19:53 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-01-23 23:19:35 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-01-23 23:19:35 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-01-23 23:19:35 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-01-23 23:19:35 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-01-23 23:19:35 117760 ------w- c:\windows\system32\prntvpt.dll
2010-01-23 23:19:34 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-01-23 23:19:34 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-01-23 23:06:14 0 d-----w- c:\program files\runewizard
2010-01-23 23:06:08 0 d-----w- c:\program files\ATMA V
2010-01-23 23:05:20 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-01-23 23:05:20 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-01-23 23:05:20 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-01-23 22:59:32 36736 ----a-w- c:\windows\DIIUnin.dat
2010-01-23 22:59:31 2829 ----a-w- c:\windows\DIIUnin.pif
2010-01-23 22:59:30 94208 ----a-w- c:\windows\DIIUnin.exe
2010-01-23 22:53:30 0 d-----w- c:\program files\Diablo II
2010-01-23 22:47:14 0 d-----w- c:\program files\common files\Thomson ResearchSoft
2010-01-23 22:43:33 0 d-----w- c:\program files\common files\Risxtd
2010-01-23 22:42:41 0 d-----w- c:\program files\EndNote X1
2010-01-23 22:40:13 0 d-----w- c:\program files\Wisdom-soft AutoScreenRecorder 3 Free
2010-01-23 22:37:18 0 d-----w- c:\docume~1\josh\applic~1\avidemux
2010-01-23 22:36:59 0 d-----w- c:\program files\Avidemux 2.5
2010-01-23 22:33:55 0 d-----w- c:\program files\VirtualDub-1.9.8
2010-01-23 22:29:24 36 ----a-w- c:\documents and settings\josh\.org.eclipse.epp.usagedata.recording.userId
2010-01-23 22:29:01 36 ----a-w- c:\documents and settings\josh\.com.yoxos.update.fingerprint
2010-01-23 22:25:54 0 d-----w- c:\documents and settings\josh\Java
2010-01-23 22:08:36 0 d-----w- c:\program files\Eclipse
2010-01-23 22:06:53 0 d-----w- c:\program files\VCD Gear
2010-01-23 21:51:28 0 d-----w- c:\program files\OriginLab
2010-01-23 21:44:15 0 d-----w- c:\program files\Lemmings
2010-01-23 21:11:02 0 d-----w- c:\program files\EnvMan
2010-01-23 21:07:54 266360 ----a-w- c:\windows\system32\TweakUI.exe
2010-01-23 21:07:54 160217 ----a-w- c:\windows\system32\PowerToysLicense.rtf
2010-01-23 21:07:06 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2010-01-23 21:07:05 609824 ----a-w- c:\windows\system32\comctl32.ocx
2010-01-23 21:07:05 36864 ----a-w- c:\windows\system32\trayicon_handler.ocx
2010-01-23 21:07:05 28672 ----a-w- c:\windows\system32\mousewheel.ocx
2010-01-23 21:07:05 164144 ----a-w- c:\windows\system32\comct232.ocx
2010-01-23 21:07:04 212240 ----a-w- c:\windows\system32\richtx32.ocx
2010-01-23 21:07:04 0 d-----w- c:\program files\DVD Flick
2010-01-23 21:04:11 0 d-----w- c:\windows\pss
2010-01-23 21:03:33 0 d-----w- c:\program files\CCleaner
2010-01-23 20:45:00 0 d-----w- c:\program files\common files\Macrovision Shared
2010-01-23 20:44:45 0 d-----w- c:\program files\Rosetta Stone
2010-01-23 20:44:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Rosetta Stone
2010-01-23 20:40:21 0 d--h--w- C:\$AVG
2010-01-23 20:40:12 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-23 20:40:11 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-23 20:40:06 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-23 20:40:03 0 d-----w- c:\windows\system32\drivers\Avg
2010-01-23 20:39:51 0 d-----w- c:\program files\AVG
2010-01-23 20:39:50 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-01-23 20:31:45 0 d-----w- c:\docume~1\josh\applic~1\TextPad
2010-01-23 20:31:40 0 d-----w- c:\program files\TextPad 4
2010-01-23 20:30:56 0 d-----w- c:\program files\Wisdom-soft ScreenHunter 5 Free
2010-01-23 20:28:27 0 d-----w- c:\docume~1\alluse~1\applic~1\WEBREG
2010-01-23 20:27:52 0 d-----w- c:\program files\Yahoo!
2010-01-23 20:24:28 118272 ----a-w- c:\windows\system32\hpz3l696.dll
2010-01-23 20:23:51 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2010-01-23 20:23:51 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2010-01-23 20:11:42 271704 ----a-w- c:\windows\system32\hpzids01.dll
2010-01-23 20:11:36 0 d-----w- c:\program files\common files\Hewlett-Packard
2010-01-23 20:11:18 0 d-----w- c:\program files\HP
2010-01-23 20:11:15 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-01-23 20:11:15 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-01-23 20:07:28 198 ----a-w- c:\documents and settings\josh\vgalusr1.vr
2010-01-23 20:07:20 271872 ----a-w- c:\windows\system32\Cxf0332b.dll
2010-01-23 20:07:20 260096 ----a-w- c:\windows\system32\Cxf0332a.dll
2010-01-23 20:07:20 25088 ----a-w- c:\windows\system32\Cxf0332c.dll
2010-01-23 20:07:19 863744 ----a-w- c:\windows\system32\Cw3245mt.dll
2010-01-23 20:07:14 118784 ----a-w- c:\windows\system32\SciFiSoft.dll
2010-01-23 20:06:57 0 d-----w- c:\program files\SFSCHLR
2010-01-23 20:05:50 0 d-----w- c:\program files\MathType
2010-01-23 20:00:24 0 d-----w- c:\program files\common files\Adobe Systems Shared
2010-01-23 13:03:37 0 d-----w- c:\program files\MSXML 4.0
2010-01-22 05:27:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-01-21 22:20:53 0 d-----w- c:\program files\common files\Config
2010-01-21 22:20:41 0 d-----w- c:\program files\common files\Inet
2010-01-21 22:16:56 0 d-----w- c:\program files\common files\AnswerWorks 5.0
2010-01-21 22:16:42 4199784 ----a-w- c:\windows\system32\cdintf400.dll
2010-01-21 22:16:24 0 d-----w- c:\program files\common files\Intuit
2010-01-21 22:16:16 0 d-----w- c:\program files\Quicken
2010-01-21 22:16:16 0 d-----w- c:\docume~1\josh\applic~1\Intuit
2010-01-21 22:16:08 120 ----a-w- c:\windows\QUICKEN.INI
2010-01-21 22:11:50 0 d-----w- c:\docume~1\alluse~1\applic~1\Intuit

==================== Find3M ====================

2010-02-17 04:18:53 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-02-17 04:18:50 56680 ----a-w- c:\windows\system32\rpcnet.dll
2010-01-31 21:16:34 56680 ----a-w- c:\windows\system32\rpcnet.exe
2010-01-31 21:14:57 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2010-01-14 22:04:01 36400 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-07 22:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 07:24:15 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-07 00:33:14 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2010-01-07 00:33:12 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-01-07 00:09:10 5 ----a-w- c:\windows\system32\drivers\DELL_INS_1525.MRK
2010-01-07 00:09:10 5 ----a-w- c:\windows\system32\drivers\1028_DELL_INS_1525.MRK
2010-01-06 23:52:04 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-05 10:00:29 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00:20 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-12 14:15:30 178176 ----a-w- c:\windows\system32\unrar.dll
2009-12-08 19:26:15 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:51 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll

============= FINISH: 13:41:47.65 ===============


Attach.txt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/6/2010 5:57:08 PM
System Uptime: 2/16/2010 10:18:02 PM (15 hours ago)

Motherboard: Dell Inc. | | 0U990C
Processor: Intel® Core™2 Duo CPU T5750 @ 2.00GHz | Microprocessor | 1995/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 85.182 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 233 GiB total, 119.221 GiB free.
F: is CDROM ()
G: is FIXED (NTFS) - 233 GiB total, 215.367 GiB free.
H: is FIXED (NTFS) - 466 GiB total, 37.265 GiB free.

==== Disabled Device Manager Items =============

Class GUID:
Description: Audio Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_01&VEN_1095&DEV_1392&SUBSYS_10280242&REV_1000\4&21C1B09&0&0101
Manufacturer:
Name: Audio Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_01&VEN_1095&DEV_1392&SUBSYS_10280242&REV_1000\4&21C1B09&0&0101
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

==== System Restore Points ===================

RP1: 1/31/2010 4:11:08 AM - System Checkpoint
RP2: 1/31/2010 4:15:25 AM - Avg8 Update
RP3: 2/1/2010 5:10:42 AM - Printer Driver Canon i960 Installed
RP4: 2/2/2010 6:08:30 AM - System Checkpoint
RP5: 2/2/2010 10:34:54 PM - Installed Java™ 6 Update 18
RP6: 2/3/2010 10:15:07 PM - Restore Operation
RP7: 2/5/2010 2:25:01 AM - System Checkpoint
RP8: 2/6/2010 5:33:51 AM - System Checkpoint
RP9: 2/7/2010 6:33:35 AM - System Checkpoint
RP10: 2/8/2010 6:35:45 AM - System Checkpoint
RP11: 2/8/2010 4:15:27 PM - Removed Java™ 6 Update 7
RP12: 2/10/2010 6:52:58 AM - System Checkpoint
RP13: 2/10/2010 3:58:52 PM - Removed Bonjour
RP14: 2/10/2010 3:59:15 PM - Installed Bonjour
RP15: 2/10/2010 4:21:53 PM - Installed AirPort
RP16: 2/10/2010 4:46:42 PM - Removed AirPort
RP17: 2/11/2010 9:09:10 AM - Software Distribution Service 3.0
RP18: 2/13/2010 5:50:03 AM - System Checkpoint
RP19: 2/14/2010 6:35:10 AM - System Checkpoint
RP20: 2/14/2010 4:10:47 PM - Installed Compatibility Pack for the 2007 Office system
RP21: 2/15/2010 2:14:08 PM - Software Distribution Service 3.0
RP22: 2/17/2010 2:21:56 AM - System Checkpoint

==== Installed Programs ======================

µTorrent
32 Bit HP CIO Components Installer
Adobe Acrobat 7.0 Professional
Adobe Acrobat 7.1.0 Professional
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AIM 7
Alt-Tab Task Switcher Powertoy for Windows XP
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG Free 9.0
Avidemux 2.5
Bonjour
Calculator Powertoy for Windows XP
CambridgeSoft Activation Client
CambridgeSoft ChemBioOffice Ultra 2010
CambridgeSoft ChemScript 12.0
Canon i960
CCleaner
Cisco Systems VPN Client 5.0.03.0560
ClearType Tuning Control Panel Applet
CmdHere Powertoy For Windows XP
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Connect
CrossFire Commander 7.1 SR2
Dell Resource CD
Dell Touchpad
Dell Wireless WLAN Card
Diablo II
Download Updater (AOL LLC)
DriveImage XML (Private Edition)
DVD Flick 1.3.0.7
EndNote X1
ERUNT 1.1j
Google Chrome
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
HP Update
HPSSupply
Intel® Graphics Media Accelerator Driver
ISI ResearchSoft - Export Helper
iTunes
Java Auto Updater
Java™ 6 Update 18
K-Lite Codec Pack 5.7.0 (Full)
kuler
Laptop Integrated Webcam Driver (1.04.01.1011)
Malwarebytes' Anti-Malware
Marvell Miniport Driver
MathType 5
MDL Chime/Chime Pro for Internet Explorer
MestReNova LITE 5.2.5-4731
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Move Media Player
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Origin8
OriginPro 8
PDF Settings CS4
PE Builder 3.1.10a
Photoshop Camera Raw
PuTTY version 0.60
Puzz-3D Orient Express
Python 2.5
Python 2.5 pywin32-210
Quicken 2010
QuickTime
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Rosetta Stone Version 3
Sandboxie 3.42
SciFinder Scholar 2007
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
Shop for HP Supplies
SigmaTel Audio
Skype™ 4.1
Starcraft
STATISTICA CambridgeSoft Integration
Suite Shared Configuration CS4
TextPad 4.7
Tweak UI
UltraMon
Unlocker 1.8.8
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 1.0.3
VobSub v2.23 (Remove Only)
Warcraft III
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinISO 5.3
WinRAR archiver
WinSCP 4.2.5
Wisdom-soft AutoScreenRecorder 3.1 Free
Wisdom-soft ScreenHunter 5.1 Free

==== Event Viewer Messages From Past Week ========

2/16/2010 3:05:25 PM, error: Dhcp [1002] - The IP address lease 134.84.111.61 for the Network Card with network address 002269A183CC has been denied by the DHCP server 128.101.101.217 (The DHCP Server sent a DHCPNACK message).
2/15/2010 2:17:43 PM, error: Dhcp [1002] - The IP address lease 10.20.42.247 for the Network Card with network address 002269A183CC has been denied by the DHCP server 128.101.101.217 (The DHCP Server sent a DHCPNACK message).
2/15/2010 2:11:39 PM, error: DCOM [10000] - Unable to start a DCOM Server: {28DD3979-0566-4ED3-9B14-1548B3187491}. The error: "%2" Happened while starting this command:
2/15/2010 2:11:34 PM, error: Dhcp [1002] - The IP address lease 10.0.1.3 for the Network Card with network address 002269A183CC has been denied by the DHCP server 128.101.101.221 (The DHCP Server sent a DHCPNACK message).
2/14/2010 3:10:50 PM, error: Dhcp [1002] - The IP address lease 10.0.1.3 for the Network Card with network address 002269A183CC has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
2/11/2010 9:05:44 AM, error: Dhcp [1002] - The IP address lease 10.0.1.3 for the Network Card with network address 002269A183CC has been denied by the DHCP server 128.101.101.217 (The DHCP Server sent a DHCPNACK message).
2/11/2010 10:28:09 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
2/11/2010 1:02:02 AM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 002269A183CC has been denied by the DHCP server 10.0.1.1 (The DHCP Server sent a DHCPNACK message).
2/10/2010 5:30:19 AM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume H:.
2/10/2010 4:46:54 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

==== End Of File ===========================


#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:42 AM

Posted 17 February 2010 - 03:51 PM

Your logs look ok I will assume you are having no more problems.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


Cleaning and creating restore points
  • Click Start, right click My Computer and select properties.
  • Select the System Restore tab then check the box "Turn off System Restore".
  • Click Apply then Ok, then restart your computer
  • Now follow these steps again, but instead of checking "Turn off System Restore" Uncheck it.
Now that you have cleaned out you restore points you need to set a new restore point
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Select "Create a restore point" then click Next.
  • Type a name under Restore point description then click Create.
Additional instructions can be found here if needed.

Note: This does not need to be done on a regular basis.


Congratulations! You now appear clean! thumbup.gif

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Keeping Windows updated
It is extremley important to keep windows upto date with the latest service pack and patches. This will prevent you
from getting the malware which uses vulnerabilities found in windows to exploit your computer. The easiest way to
do this this is by making sure that Automatic Updates are always enabled.

To do this Click on Start >> Control Panel >> Automatic updates and click Automatic (recommended) then Apply and Ok

Update your AntiVirus Software
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not
update your antivirus software then it will not be able to catch any of the new variants that may come out. If you
use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your
subscription runs out, you may not be able to update the programs virus definitions.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly
patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Install an AntiSpyware Program
A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.
Other recommended, and free, AntiSpyware programs are Spybot - Search and Destroy and Ad-Aware Personal.
Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.
Tutorials on using these programs can be found below:
Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you
from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware

Use MVPS hosts file
Using a custom host file like the MVPS HOSTS file can help to block ads, banners, 3rd party Cookies,
3rd party page counters, web bugs, and even most hijackers. It doesn't use up any extra system resources
and may even speed up the loading of web pages. You can download and find instructions below.

http://www.mvps.org/winhelp2002/hosts.htm

Update all these programs regularly
Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Happy surfing smile.gif
Syler

unite.jpg


#13 macman104

macman104
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 17 February 2010 - 04:35 PM

Thanks for the info and help sylar. Regarding the antispyware, spywareblaster, etc, I currently have AVG installed and I don't want to bog my computer with unnecessary programs. Since I imagine the post you provided is a general post for post-cleanup suggestions, are there any changes you might recommend considering that I have AVG and malwarebytes on my computer.

#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:42 AM

Posted 17 February 2010 - 04:44 PM

Your very welcome smile.gif

SpywareBlaster and the MVPS hosts file don't use up any system resources so I would add them. As for AntiSpyware it wouldn't harm to have
one installed along side AVG and MBAM, SuperAntiSpyware is probably the best one to choose if you don't want to bog down your system,
they are just general suggestions though so it's completely up to you which one you want to implement.

unite.jpg


#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:42 AM

Posted 18 February 2010 - 02:08 PM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users