Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijacker


  • This topic is locked This topic is locked
10 replies to this topic

#1 creeper75

creeper75

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 15 February 2010 - 09:42 PM

I need to know what to remove. Thank you in advance. Here is my log from hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:02 PM, on 2/15/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\YouTube Downloader\YouTubeDownloader.exe
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\HijackThis(2).exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://encarta.msn.com/teleport/activate/d...sp?pid=51957HP1
O3 - Toolbar: (no name) - {0bd6f992-62ad-47f7-aca6-299729be4e2b} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.10.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.tube8.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5ED6AA7D-D83D-46EC-9470-AAEC327C8C99}: NameServer = 83.149.115.157,4.2.2.1,192.168.2.1 192.168.254.254
O20 - AppInit_DLLs: c:\windows\system32\popujubi.dll c:\windows\system32\benituyo.dll c:\windows\system32\mikusedi.dll c:\windows\system32\yezenata.dll refeyeka.dll c:\windows\system32\seratewa.dll
O21 - SSODL: lokofezak - {a2768b68-bfcc-493d-9920-be745604fa07} - (no file)
O21 - SSODL: donimavib - {2dcb1e10-904b-436e-88af-e09d632c0937} - (no file)
O21 - SSODL: yuhidadil - {dde8f6a5-1401-4c46-bfcb-4cd6f89ed58a} - (no file)
O21 - SSODL: wifararuy - {fee23f34-946e-4af6-a8bf-095d2647d76c} - (no file)
O21 - SSODL: bifazugol - {74c875d5-2535-4166-9fed-80d962bc6ff2} - (no file)
O21 - SSODL: luredijom - {ca192e19-a8b7-48f7-8261-790613283481} - (no file)
O22 - SharedTaskScheduler: jugezatag - {a2768b68-bfcc-493d-9920-be745604fa07} - (no file)
O22 - SharedTaskScheduler: jugezatag - {2dcb1e10-904b-436e-88af-e09d632c0937} - (no file)
O22 - SharedTaskScheduler: kupuhivus - {dde8f6a5-1401-4c46-bfcb-4cd6f89ed58a} - (no file)
O22 - SharedTaskScheduler: gahurihor - {fee23f34-946e-4af6-a8bf-095d2647d76c} - (no file)
O22 - SharedTaskScheduler: gahurihor - {74c875d5-2535-4166-9fed-80d962bc6ff2} - (no file)
O22 - SharedTaskScheduler: kupuhivus - {ca192e19-a8b7-48f7-8261-790613283481} - (no file)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7632 bytes

Edited by boopme, 15 February 2010 - 10:36 PM.
Mod Edit: moved from XP to MR~~boopme


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:31 AM

Posted 19 February 2010 - 01:23 PM

Hello,

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


  1. Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  2. Disconnect from the Internet and close all running programs, as this process may crash your computer.
  3. Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  4. Double click on Gmer to run it.
  5. Allow the gmer.sys driver to load if asked.
  6. You may see a rootkit warning window, If you do, click No.
  7. Untick the following boxes on the right side of the Gmer screen.
    Sections
    IAT/EAT
    Files
    Show All
  8. Click on and wait for the scan to finish.
  9. If you see a rootkit warning window, click OK.
  10. Push and save the logfile to your desktop.
  11. Copy and Paste the contents of that file in your next post.



Then please post back here with the following:
  • log.txt
  • info.txt
  • Gmer log

Thanks

unite.jpg


#3 creeper75

creeper75
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 19 February 2010 - 04:10 PM

Hi. Thought I had the problem solved a couple times, but it keeps coming back. I installed and ran Malwarebytes, Spybot S&D, and SuperAntiSpyware and they cleaned up a lot, but the problem just keeps coming back. The 2 main problems I notice are 1) being redirected when I try to go to websites 2) when trying to watch some streaming vids it keeps telling me I need to update Flash Player, which is already updated. Here are the reports, but for RSIT it only brought up 1 log. I even tried it a second time and the same thing happened. Not sure what that is about. But here are the logs. Thank you.



Logfile of random's system information tool 1.06 (written by random/random)
Run by Compaq_Owner at 2010-02-19 16:01:23
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 1 GB (3%) free of 31 GB
Total RAM: 959 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:01:45 PM, on 2/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\System32\alg.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\RSIT(3).exe
C:\Program Files\Trend Micro\HijackThis\Compaq_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://encarta.msn.com/teleport/activate/d...sp?pid=51957HP1
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5ED6AA7D-D83D-46EC-9470-AAEC327C8C99}: NameServer = 83.149.115.157,4.2.2.1,192.168.2.1 192.168.254.254
O20 - AppInit_DLLs: c:\windows\system32\popujubi.dll c:\windows\system32\benituyo.dll c:\windows\system32\mikusedi.dll c:\windows\system32\yezenata.dll c:\windows\system32\
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 6777 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AdsGone.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
SpywareGuardDLBLOCK.CBrowserHelper - C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-02 192512]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-08-21 155648]
"KBD"=C:\HP\KBD\KBD.EXE [2003-02-11 61440]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2004-04-14 233472]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2004-07-20 57344]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2004-10-22 53248]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"PS2"=C:\WINDOWS\system32\ps2.exe [2003-09-12 98304]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-02-11 2756488]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2009-10-10 320832]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-11-22 1037192]
"IObit Security 360"=C:\Program Files\IObit\IObit Security 360\IS360tray.exe [2009-12-24 1280272]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BitComet"=C:\Program Files\BitComet\BitComet.exe [2010-01-21 2956536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2010-01-06 2335952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
C:\WINDOWS\ALCWZRD.EXE [2004-07-29 2551808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
C:\Program Files\BitComet\BitComet.exe [2010-01-21 2956536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\husugamej]
c:\windows\system32\mikusedi.dll,a []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\PROGRA~1\LimeWire\LimeWire.exe [2009-09-30 503808]

C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\popujubi.dll c:\windows\system32\benituyo.dll c:\windows\system32\mikusedi.dll c:\windows\system32\yezenata.dll c:\windows\system32\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-21 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=C:\Program Files\SpywareGuard\spywareguard.dll [2003-08-02 126976]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
minuzudi.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\WINDOWS\ALCXMNTR.EXE"="C:\WINDOWS\ALCXMNTR.EXE:*:Enabled:ALCXMNTR"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv"
"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"="C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE:*:Enabled:MDM"
"C:\Program Files\Common Files\Java\Java Update\jusched.exe"="C:\Program Files\Common Files\Java\Java Update\jusched.exe:*:Enabled:jusched"
"C:\WINDOWS\system32\wbem\wmiprvse.exe"="C:\WINDOWS\system32\wbem\wmiprvse.exe:*:Enabled:wmiprvse"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


======List of files/folders created in the last 1 months======

2010-02-19 15:29:18 ----D---- C:\rsit
2010-02-19 01:34:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-18 05:30:43 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2010-02-18 05:28:21 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-02-18 05:27:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2010-02-18 05:26:53 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2010-02-18 05:26:08 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2010-02-18 05:25:23 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2010-02-18 05:24:39 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2010-02-18 05:23:56 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2010-02-18 05:23:14 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2010-02-18 05:22:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2010-02-18 04:49:35 ----D---- C:\78dd80797e48a5275d
2010-02-18 04:01:43 ----DC---- C:\WINDOWS\$NtUninstallKB970430$
2010-02-18 04:01:28 ----DC---- C:\WINDOWS\$NtUninstallKB951978$
2010-02-18 04:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-02-18 01:10:04 ----D---- C:\Documents and Settings\All Users\Application Data\IObit
2010-02-18 01:07:53 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-18 01:07:13 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2010-02-18 00:58:10 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\WinPatrol
2010-02-18 00:56:07 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\CheckPoint
2010-02-18 00:55:29 ----D---- C:\Program Files\CheckPoint
2010-02-18 00:55:23 ----A---- C:\WINDOWS\system32\vsregexp.dll
2010-02-18 00:55:19 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2010-02-18 00:55:19 ----A---- C:\WINDOWS\system32\zlcomm.dll
2010-02-18 00:55:10 ----A---- C:\WINDOWS\system32\vswmi.dll
2010-02-18 00:55:07 ----A---- C:\WINDOWS\system32\zpeng25.dll
2010-02-18 00:55:06 ----D---- C:\WINDOWS\system32\ZoneLabs
2010-02-18 00:55:06 ----A---- C:\WINDOWS\system32\vsxml.dll
2010-02-18 00:55:06 ----A---- C:\WINDOWS\system32\vspubapi.dll
2010-02-18 00:55:06 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2010-02-18 00:55:02 ----D---- C:\Program Files\Zone Labs
2010-02-18 00:54:35 ----D---- C:\WINDOWS\Internet Logs
2010-02-18 00:54:33 ----A---- C:\WINDOWS\system32\vsutil.dll
2010-02-18 00:54:33 ----A---- C:\WINDOWS\system32\vsinit.dll
2010-02-18 00:54:33 ----A---- C:\WINDOWS\system32\vsdata.dll
2010-02-18 00:54:20 ----D---- C:\Program Files\BillP Studios
2010-02-18 00:03:25 ----A---- C:\WINDOWS\isRS-000.tmp
2010-02-17 23:31:43 ----HD---- C:\WINDOWS\msdownld.tmp
2010-02-17 22:49:32 ----D---- C:\Program Files\SpywareGuard
2010-02-17 22:38:26 ----D---- C:\Program Files\SpywareBlaster
2010-02-17 20:46:42 ----D---- C:\_OTM
2010-02-17 02:00:19 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-02-17 01:55:52 ----D---- C:\WINDOWS\Prefetch
2010-02-17 01:52:06 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-17 01:51:58 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-17 01:51:49 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-17 01:51:42 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-17 01:51:34 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-17 01:51:27 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-17 01:51:20 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-02-17 01:51:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-02-17 01:51:06 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-02-17 01:50:58 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-02-17 01:50:52 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-02-17 01:50:46 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-02-17 01:50:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-02-17 01:50:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-02-17 01:50:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-02-17 01:50:17 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-02-17 01:50:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-02-17 01:50:04 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-02-17 01:49:56 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-02-17 01:49:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-02-17 01:49:40 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-17 01:49:33 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-02-17 01:49:26 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-02-17 01:49:19 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-02-17 01:49:11 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-02-17 01:49:02 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-02-17 01:48:56 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-02-17 01:48:49 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-02-17 01:48:43 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-02-17 01:48:36 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-02-17 01:48:29 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-02-17 01:48:22 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-02-17 01:48:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-02-17 01:48:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-02-17 01:48:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-02-17 01:47:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-02-17 01:47:42 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-02-17 01:47:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2010-02-17 01:47:27 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-02-17 01:47:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-02-17 01:47:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-02-17 01:47:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-02-17 01:46:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-02-17 01:46:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-02-17 01:46:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-02-17 01:46:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-02-17 01:46:28 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-02-17 01:46:19 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-02-17 01:46:08 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-02-17 01:39:57 ----D---- C:\WINDOWS\system32\scripting
2010-02-17 01:39:57 ----D---- C:\WINDOWS\system32\en
2010-02-17 01:39:57 ----D---- C:\WINDOWS\l2schemas
2010-02-17 01:39:56 ----D---- C:\WINDOWS\system32\bits
2010-02-17 01:34:45 ----D---- C:\WINDOWS\network diagnostic
2010-02-17 01:29:21 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-02-17 01:29:17 ----D---- C:\WINDOWS\EHome
2010-02-16 20:46:24 ----D---- C:\Program Files\Trend Micro
2010-02-16 17:15:10 ----D---- C:\Program Files\DVD Shrink
2010-02-16 15:40:35 ----D---- C:\Program Files\MSXML 4.0
2010-02-16 15:40:21 ----D---- C:\WINDOWS\system32\PreInstall
2010-02-16 15:40:11 ----D---- C:\Program Files\NOS
2010-02-16 15:40:11 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-02-15 22:48:25 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-02-15 22:47:39 ----D---- C:\Program Files\Common Files\PC Tools
2010-02-15 16:36:01 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-15 16:35:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2010-02-15 16:35:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2010-02-15 16:35:38 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2010-02-15 16:35:29 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2010-02-15 16:34:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2010-02-15 16:34:47 ----HDC---- C:\WINDOWS\$NtUninstallKB960859_0$
2010-02-15 16:34:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971468_0$
2010-02-15 16:34:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-02-15 16:34:27 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-02-15 16:34:22 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2010-02-15 16:34:13 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2010-02-15 16:32:17 ----A---- C:\WINDOWS\system32\MRT.exe
2010-02-15 16:32:03 ----HDC---- C:\WINDOWS\$NtUninstallKB955759_0$
2010-02-15 16:31:56 ----HDC---- C:\WINDOWS\$NtUninstallKB974318_0$
2010-02-15 16:31:47 ----HDC---- C:\WINDOWS\$NtUninstallKB969059_0$
2010-02-15 16:31:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2010-02-15 16:31:32 ----HDC---- C:\WINDOWS\$NtUninstallKB978037_0$
2010-02-15 16:31:25 ----HDC---- C:\WINDOWS\$NtUninstallKB975713_0$
2010-02-15 16:31:17 ----HDC---- C:\WINDOWS\$NtUninstallKB971657_0$
2010-02-15 16:31:10 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2010-02-15 16:31:02 ----HDC---- C:\WINDOWS\$NtUninstallKB972270_0$
2010-02-15 16:30:50 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_0$
2010-02-15 16:30:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2010-02-15 16:30:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956844_0$
2010-02-15 16:30:10 ----HDC---- C:\WINDOWS\$NtUninstallKB961501_0$
2010-02-15 16:30:04 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-02-15 16:29:39 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2010-02-15 16:29:31 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2010-02-15 16:29:25 ----HDC---- C:\WINDOWS\$NtUninstallKB978251_0$
2010-02-15 16:29:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973869_0$
2010-02-15 16:29:11 ----HDC---- C:\WINDOWS\$NtUninstallKB975025_0$
2010-02-15 16:29:00 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2010-02-15 16:28:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2010-02-15 16:28:41 ----HDC---- C:\WINDOWS\$NtUninstallKB974571_0$
2010-02-15 16:28:33 ----HDC---- C:\WINDOWS\$NtUninstallKB975560_0$
2010-02-15 16:28:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973507_0$
2010-02-15 16:28:17 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2010-02-15 16:27:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_0$
2010-02-15 16:27:49 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2010-02-15 16:27:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2010-02-15 16:27:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973354_0$
2010-02-15 16:27:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-02-15 16:27:14 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2010-02-15 16:27:07 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2010-02-15 16:27:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2010-02-15 16:26:38 ----HDC---- C:\WINDOWS\$NtUninstallKB974392_0$
2010-02-15 16:26:31 ----HDC---- C:\WINDOWS\$NtUninstallKB977914_0$
2010-02-15 16:26:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2010-02-15 16:26:05 ----HDC---- C:\WINDOWS\$NtUninstallKB970238_0$
2010-02-15 16:25:52 ----HDC---- C:\WINDOWS\$NtUninstallKB971486_0$
2010-02-15 16:25:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978706_0$
2010-02-15 16:25:03 ----D---- C:\WINDOWS\ServicePackFiles
2010-02-15 16:24:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2010-02-15 16:24:31 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2010-02-15 16:24:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973815_0$
2010-02-15 16:24:15 ----D---- C:\WINDOWS\ie8updates
2010-02-15 16:24:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2010-02-15 16:23:58 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2010-02-15 16:23:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2010-02-15 16:22:54 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2010-02-15 16:22:46 ----HDC---- C:\WINDOWS\$NtUninstallKB975467_0$
2010-02-15 16:22:31 ----HDC---- C:\WINDOWS\$NtUninstallKB968389_0$
2010-02-15 16:22:14 ----HDC---- C:\WINDOWS\$NtUninstallKB969947_0$
2010-02-15 15:10:00 ----D---- C:\Program Files\YouTube Downloader
2010-02-15 14:56:59 ----D---- C:\Program Files\AdsGone
2010-02-15 01:02:38 ----N---- C:\WINDOWS\system32\tzchange.exe
2010-02-15 00:50:10 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2010-02-15 00:50:08 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2010-02-15 00:46:04 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2010-02-15 00:04:04 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2010-02-13 02:35:55 ----A---- C:\WINDOWS\unvise32.exe
2010-02-13 02:35:54 ----D---- C:\Program Files\uninstallerpro
2010-02-13 00:07:50 ----D---- C:\Documents and Settings\All Users\Application Data\vsosdk
2010-02-12 18:23:50 ----A---- C:\Documents and Settings\Compaq_Owner\Application Data\inst.exe
2010-02-12 18:23:38 ----A---- C:\WINDOWS\system32\sipr3260.dll
2010-02-12 18:23:38 ----A---- C:\WINDOWS\system32\drv43260.dll
2010-02-12 18:23:38 ----A---- C:\WINDOWS\system32\drv33260.dll
2010-02-12 18:23:38 ----A---- C:\WINDOWS\system32\drv23260.dll
2010-02-12 18:23:38 ----A---- C:\WINDOWS\system32\cook3260.dll
2010-02-12 18:23:34 ----A---- C:\WINDOWS\system32\vp7vfw.dll
2010-02-12 18:23:33 ----A---- C:\WINDOWS\system32\wvc1dmod.dll
2010-02-12 18:19:49 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2010-02-11 21:32:28 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-11 21:14:20 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\AdobeUM
2010-02-11 20:55:19 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\SuperAdBlocker.com
2010-02-11 20:55:03 ----D---- C:\Program Files\SuperAdBlocker.com
2010-02-11 15:21:04 ----D---- C:\e33f5e9afc5cdd16328d9cda
2010-02-11 15:13:14 ----D---- C:\Program Files\Nero
2010-02-11 15:10:54 ----D---- C:\Program Files\Microsoft Plus! Digital Media Edition
2010-02-11 06:44:06 ----A---- C:\WINDOWS\system32\msvcr71.dll
2010-02-11 02:20:32 ----D---- C:\Program Files\MSBuild
2010-02-11 02:16:12 ----D---- C:\WINDOWS\system32\XPSViewer
2010-02-11 02:15:05 ----D---- C:\Program Files\Reference Assemblies
2010-02-11 02:14:32 ----N---- C:\WINDOWS\system32\spmsg2.dll
2010-02-11 02:09:02 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2010-02-10 23:59:23 ----DC---- C:\WINDOWS\$NtUninstallKB926239$
2010-02-10 23:59:09 ----DC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2010-02-10 23:58:31 ----D---- C:\Program Files\Windows Media Connect 2
2010-02-10 23:58:14 ----DC---- C:\WINDOWS\$NtUninstallwmp11$
2010-02-10 23:57:22 ----DC---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-02-10 23:56:49 ----DC---- C:\WINDOWS\$NtUninstallWudf01000$
2010-02-10 23:56:04 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2010-02-10 22:34:04 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-10 22:15:20 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-02-10 18:53:20 ----D---- C:\Program Files\DivX
2010-02-05 11:37:47 ----SHD---- C:\Config.Msi
2010-02-05 11:10:00 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Nero
2010-02-05 10:41:34 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2010-02-05 10:41:33 ----D---- C:\Program Files\Common Files\Nero
2010-02-05 10:40:12 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2010-02-05 10:31:32 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2010-02-05 01:15:56 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Ahead
2010-02-04 22:45:31 ----A---- C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_4796.exe
2010-02-04 21:58:33 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2010-02-03 23:16:23 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-02-03 23:06:39 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
2010-02-02 21:34:47 ----D---- C:\WINDOWS\Sun
2010-02-02 19:16:55 ----D---- C:\Program Files\Common Files\Scanner
2010-02-01 17:37:15 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire
2010-02-01 17:36:51 ----D---- C:\Program Files\LimeWire
2010-02-01 15:04:01 ----HDC---- C:\WINDOWS\ie8
2010-02-01 14:28:32 ----D---- C:\WINDOWS\pss
2010-02-01 13:38:46 ----HD---- C:\Program Files\Uninstall Information
2010-02-01 13:36:57 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-02-01 13:23:24 ----D---- C:\WINDOWS\WBEM
2010-02-01 13:23:23 ----D---- C:\WINDOWS\system32\en-US
2010-02-01 13:21:39 ----HDC---- C:\WINDOWS\ie7
2010-02-01 13:21:22 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2010-02-01 13:21:08 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2010-02-01 13:21:07 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2010-02-01 13:20:37 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2010-02-01 13:20:37 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-01 13:20:34 ----A---- C:\WINDOWS\system32\xmllite.dll
2010-02-01 13:17:03 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-02-01 03:20:22 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\FrostWire
2010-02-01 01:40:42 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-31 23:32:31 ----A---- C:\WINDOWS\system32\pncrt.dll
2010-01-31 23:32:09 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2010-01-31 18:50:10 ----A---- C:\WINDOWS\system32\TwnLib20.dll
2010-01-31 18:50:08 ----A---- C:\WINDOWS\system32\NeroCheck.exe
2010-01-31 18:50:06 ----D---- C:\Program Files\Common Files\Ahead
2010-01-31 18:50:06 ----D---- C:\Program Files\Ahead
2010-01-31 14:27:50 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-01-31 14:27:14 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-31 14:27:14 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-31 14:27:14 ----A---- C:\WINDOWS\system32\java.exe
2010-01-31 14:27:14 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-01-30 22:08:19 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\vlc
2010-01-30 20:45:03 ----D---- C:\Program Files\VideoLAN
2010-01-30 20:44:19 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\WeatherBug
2010-01-30 20:43:59 ----D---- C:\Documents and Settings\All Users\Application Data\EmailNotifier
2010-01-30 20:43:52 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\myfreezetoolbar
2010-01-30 20:33:47 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Yahoo!
2010-01-30 18:31:47 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2010-01-30 18:29:08 ----D---- C:\Program Files\Yahoo!
2010-01-30 17:33:48 ----D---- C:\Program Files\IObit
2010-01-30 17:15:36 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-01-30 17:15:30 ----D---- C:\Program Files\Alwil Software
2010-01-30 17:15:30 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-01-30 16:51:06 ----D---- C:\Program Files\WinRAR
2010-01-30 16:12:59 ----D---- C:\Program Files\Common Files\Adobe
2010-01-30 14:39:43 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Adobe
2010-01-30 14:35:41 ----D---- C:\Downloads
2010-01-30 14:35:40 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\BitComet
2010-01-30 14:35:10 ----D---- C:\Program Files\BitComet
2010-01-30 14:17:09 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla
2010-01-30 14:16:57 ----D---- C:\Program Files\Mozilla Firefox
2010-01-29 22:44:29 ----A---- C:\WINDOWS\RTacDbg.txt

======List of files/folders modified in the last 1 months======

2010-02-19 15:54:53 ----D---- C:\WINDOWS\Temp
2010-02-19 15:53:07 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-19 15:40:43 ----D---- C:\WINDOWS
2010-02-18 18:59:11 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Vso
2010-02-18 16:58:44 ----RD---- C:\Program Files
2010-02-18 08:23:33 ----D---- C:\WINDOWS\Microsoft.NET
2010-02-18 08:23:08 ----RSD---- C:\WINDOWS\assembly
2010-02-18 08:21:44 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-18 08:20:52 ----SHD---- C:\WINDOWS\Installer
2010-02-18 06:50:05 ----SHD---- C:\System Volume Information
2010-02-18 06:50:05 ----D---- C:\WINDOWS\system32\Restore
2010-02-18 06:44:49 ----D---- C:\WINDOWS\system32
2010-02-18 05:52:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-18 05:30:55 ----HD---- C:\WINDOWS\inf
2010-02-18 05:25:32 ----D---- C:\WINDOWS\WinSxS
2010-02-18 05:15:14 ----D---- C:\Program Files\Common Files
2010-02-18 04:52:39 ----RSD---- C:\WINDOWS\Fonts
2010-02-18 04:46:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-18 04:43:06 ----D---- C:\Program Files\Internet Explorer
2010-02-18 04:42:43 ----D---- C:\WINDOWS\system32\drivers
2010-02-18 04:42:43 ----D---- C:\WINDOWS\pchealth
2010-02-18 04:32:15 ----D---- C:\WINDOWS\system32\config
2010-02-18 04:31:13 ----D---- C:\WINDOWS\system32\wbem
2010-02-18 04:31:11 ----D---- C:\WINDOWS\Registration
2010-02-18 02:22:51 ----A---- C:\WINDOWS\win.ini
2010-02-18 02:22:51 ----A---- C:\WINDOWS\system.ini
2010-02-18 00:16:54 ----RASH---- C:\boot.ini
2010-02-17 12:21:49 ----D---- C:\WINDOWS\SoftwareDistribution
2010-02-17 12:13:15 ----D---- C:\WINDOWS\security
2010-02-17 11:56:12 ----D---- C:\WINDOWS\Debug
2010-02-17 01:53:54 ----D---- C:\WINDOWS\AppPatch
2010-02-17 01:53:53 ----D---- C:\WINDOWS\system32\Setup
2010-02-17 01:50:12 ----D---- C:\Program Files\Outlook Express
2010-02-17 01:46:21 ----D---- C:\Program Files\Messenger
2010-02-17 01:40:11 ----D---- C:\WINDOWS\ime
2010-02-17 01:40:11 ----D---- C:\WINDOWS\Help
2010-02-17 01:39:58 ----D---- C:\WINDOWS\system32\usmt
2010-02-17 01:39:56 ----D---- C:\WINDOWS\PeerNet
2010-02-17 01:39:56 ----D---- C:\Program Files\Movie Maker
2010-02-17 01:36:47 ----D---- C:\WINDOWS\system32\npp
2010-02-17 01:36:46 ----D---- C:\WINDOWS\msagent
2010-02-17 01:36:45 ----D---- C:\WINDOWS\srchasst
2010-02-17 01:36:45 ----D---- C:\Program Files\NetMeeting
2010-02-17 01:36:44 ----D---- C:\WINDOWS\system32\Com
2010-02-17 01:36:41 ----D---- C:\Program Files\Windows NT
2010-02-17 01:36:41 ----D---- C:\Program Files\Windows Media Player
2010-02-17 01:36:37 ----D---- C:\Program Files\Common Files\System
2010-02-17 01:36:17 ----D---- C:\WINDOWS\system32\oobe
2010-02-17 01:36:15 ----D---- C:\WINDOWS\system
2010-02-17 01:33:33 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-02-16 17:01:03 ----SD---- C:\WINDOWS\Tasks
2010-02-15 00:19:08 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-02-13 15:18:30 ----D---- C:\Program Files\Common Files\Real
2010-02-13 15:18:29 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Real
2010-02-12 18:23:38 ----D---- C:\Program Files\vso
2010-02-12 18:15:38 ----D---- C:\WINDOWS\msapps
2010-02-11 15:11:24 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-02-11 15:10:53 ----D---- C:\WINDOWS\system32\LogFiles
2010-02-11 15:04:37 ----D---- C:\WINDOWS\system32\spool
2010-02-11 15:03:46 ----D---- C:\WINDOWS\system32\URTTemp
2010-02-11 06:44:06 ----A---- C:\WINDOWS\system32\msvcp71.dll
2010-02-05 10:40:13 ----D---- C:\WINDOWS\system32\DirectX
2010-02-04 21:57:34 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\WinRAR
2010-02-04 21:47:20 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\RipIt4Me
2010-02-02 22:20:32 ----D---- C:\WINDOWS\addins
2010-02-02 01:34:37 ----A---- C:\Documents and Settings\Compaq_Owner\Application Data\FixVTS.ini
2010-02-01 15:19:37 ----D---- C:\WINDOWS\Media
2010-01-31 14:27:40 ----D---- C:\Program Files\Common Files\Java
2010-01-31 14:26:53 ----D---- C:\Program Files\Java
2010-01-30 21:02:09 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\IObit
2010-01-30 14:15:42 ----SD---- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft
2010-01-30 13:57:42 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-02-11 28880]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-02-11 162512]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-02-11 46672]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2004-09-24 12928]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-11-22 486280]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-01-29 21035]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-02-11 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-02-11 100432]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-02-11 23376]
R3 BELKIN;Belkin Wireless G USB Network Adapter; C:\WINDOWS\system32\DRIVERS\BLKWGU.sys [2007-06-01 238848]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-02-12 47360]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2002-07-30 23808]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2004-12-07 172672]
S1 SABKUTIL;SABKUTIL; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys []
S2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\system32\DRIVERS\EAPPkt.sys []
S3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2003-11-12 41984]
S3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-21 737874]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2004-07-29 2216128]
S3 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys []
S3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2004-09-30 229888]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R2 IS360service;IS360service; C:\Program Files\IObit\IObit Security 360\IS360srv.exe [2009-12-24 311568]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-31 153376]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-01-07 236368]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-11-22 2384240]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 getPlusHelper;getPlus® Helper; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-19 15:48:56
Windows 5.1.2600 Service Pack 3
Running: 8ebc95sw.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\ufldapog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF5C13C5A]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xF5E11630]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xF5E0AD80]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF5C13B16]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xF5E11E40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xF5E11FB0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xF5E0BC60]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xF5C140CA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF5C13FF4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF5C136EC]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xF5E31080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xF5E312B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xF5E0B750]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF5C13BF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF5C1362C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF5C13690]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF5C13D10]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xF5C14198]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xF5E31A40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xF5E11180]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF5C13CD0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xF5E0C080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xF5E328E0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF5C13E50]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xF5C204FE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xF5C20322]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xF5C2045C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/ALWIL Software)
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- EOF - GMER 1.0.15 ----


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:31 AM

Posted 19 February 2010 - 05:10 PM

Hi creeper75,

The other Rsit log will be at c:\rsit\info.txt please post it in your next reply.

Peer-to-Peer Programs Warning
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case BitComet). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s). However, please refrain from using them until your computer has been declared clean.



Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Then please post back here with the following logs:
  • MBAM log
  • New Rsit log.txt
  • info.txt

Thanks

unite.jpg


#5 creeper75

creeper75
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 19 February 2010 - 08:04 PM

Ok, got all the logfiles now. Here they are:

info.txt logfile of random's system information tool 1.06 2010-02-19 15:30:52

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
-->VTUninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Timer'
Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"
Advertising Center-->MsiExec.exe /X{B2EC4A38-B545-4A00-8214-13FE0E915E6D}
Agere Systems PCI Soft Modem-->agrsmdel
avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup
BitComet 1.18-->C:\Program Files\BitComet\uninst.exe
ConvertXtoDVD 4.0.9.322-->"C:\Program Files\VSO\ConvertX\4\unins000.exe"
DivxToDVD 0.5.2b-->"C:\Program Files\vso\DivxToDVD\unins000.exe"
DolbyFiles-->MsiExec.exe /X{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
Help and Support Additions-->C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
IObit Security 360-->"C:\Program Files\IObit\IObit Security 360\unins000.exe"
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
KBD-->C:\HP\KBD\KBD.EXE uninstalled
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire 5.3.6-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 2.5 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Menu Templates - Starter Kit-->MsiExec.exe /X{B78120A0-CF84-4366-A393-4D0A59BC546C}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Movie Templates - Starter Kit-->MsiExec.exe /X{E498385E-1C51-459A-B45F-1721E37AA1A0}
Mozilla Firefox (3.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero BurnRights-->MsiExec.exe /X{7829DB6F-A066-4E40-8912-CB07887C20BB}
Nero ControlCenter-->MsiExec.exe /X{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}
Nero CoverDesigner-->MsiExec.exe /X{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}
Nero DiscSpeed-->MsiExec.exe /X{869200DB-287A-4DC0-B02B-2B6787FBCD4C}
Nero DriveSpeed-->MsiExec.exe /X{33CF58F5-48D8-4575-83D6-96F574E4D83A}
Nero InfoTool-->MsiExec.exe /X{FBCDFD61-7DCF-4E71-9226-873BA0053139}
Nero Installer-->MsiExec.exe /X{E8A80433-302B-4FF1-815D-FCC8EAC482FF}
Nero PhotoSnap-->MsiExec.exe /X{9E82B934-9A25-445B-B8DF-8012808074AC}
Nero Recode-->MsiExec.exe /X{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}
Nero Rescue Agent-->MsiExec.exe /X{368BA326-73AD-4351-84ED-3C0A7A52CC53}
Nero ShowTime-->MsiExec.exe /X{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}
Nero StartSmart-->MsiExec.exe /X{7748AC8C-18E3-43BB-959B-088FAEA16FB2}
Nero Vision-->MsiExec.exe /X{43E39830-1826-415D-8BAE-86845787B54B}
Nero WaveEditor-->MsiExec.exe /X{A209525B-3377-43F4-B886-32F6B6E7356F}
NeroBurningROM-->MsiExec.exe /X{D025A639-B9C9-417D-8531-208859000AF8}
NeroExpress-->MsiExec.exe /X{595A3116-40BB-4E0F-A2E8-D7951DA56270}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
S3 S3Display-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'
S3 S3Gamma2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'
S3 S3Info2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'
S3 S3Overlay-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SoundTrax-->MsiExec.exe /X{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2-->"C:\Program Files\SpywareGuard\unins000.exe"
Uninstaller Pro-->C:\WINDOWS\unvise32.exe C:\Program Files\uninstallerpro\uninstal.log
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA/S3G Display Driver-->VTsetvga.exe -s -rRundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\system32\hg201hp.inf
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VLC media player 0.9.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPatrol 2009-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Anti-Spy-->C:\PROGRA~1\Yahoo!\Common\unypsr.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
YouTube Downloader 2.5.3-->"C:\Program Files\YouTube Downloader\uninstall.exe"
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

=====HijackThis Backups=====

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2010-02-16]
O15 - Trusted Zone: http://www.tube8.com [2010-02-16]
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML [2010-02-16]
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-16]
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-16]
O2 - BHO: (no name) - {CC3C8D60-29D6-4880-B9D8-443C4CBA2BEC} - (no file) [2010-02-16]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2010-02-16]
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.10.dll [2010-02-16]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop [2010-02-16]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [2010-02-16]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop [2010-02-16]
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.10.dll/206 (file missing) [2010-02-17]
O21 - SSODL: lokofezak - {a2768b68-bfcc-493d-9920-be745604fa07} - (no file) [2010-02-17]
O22 - SharedTaskScheduler: jugezatag - {a2768b68-bfcc-493d-9920-be745604fa07} - (no file) [2010-02-17]
O21 - SSODL: luredijom - {ca192e19-a8b7-48f7-8261-790613283481} - (no file) [2010-02-17]
O21 - SSODL: yuhidadil - {dde8f6a5-1401-4c46-bfcb-4cd6f89ed58a} - (no file) [2010-02-17]
O21 - SSODL: donimavib - {2dcb1e10-904b-436e-88af-e09d632c0937} - (no file) [2010-02-17]
O21 - SSODL: bifazugol - {74c875d5-2535-4166-9fed-80d962bc6ff2} - (no file) [2010-02-17]
O21 - SSODL: wifararuy - {fee23f34-946e-4af6-a8bf-095d2647d76c} - (no file) [2010-02-17]
O22 - SharedTaskScheduler: jugezatag - {2dcb1e10-904b-436e-88af-e09d632c0937} - (no file) [2010-02-17]
O22 - SharedTaskScheduler: gahurihor - {74c875d5-2535-4166-9fed-80d962bc6ff2} - (no file) [2010-02-17]
O22 - SharedTaskScheduler: kupuhivus - {dde8f6a5-1401-4c46-bfcb-4cd6f89ed58a} - (no file) [2010-02-17]
O22 - SharedTaskScheduler: kupuhivus - {ca192e19-a8b7-48f7-8261-790613283481} - (no file) [2010-02-17]
O22 - SharedTaskScheduler: gahurihor - {fee23f34-946e-4af6-a8bf-095d2647d76c} - (no file) [2010-02-17]
O21 - SSODL: lokofezak - {a2768b68-bfcc-493d-9920-be745604fa07} - (no file) [2010-02-18]
O21 - SSODL: donimavib - {2dcb1e10-904b-436e-88af-e09d632c0937} - (no file) [2010-02-18]
O22 - SharedTaskScheduler: kupuhivus - {dde8f6a5-1401-4c46-bfcb-4cd6f89ed58a} - (no file) [2010-02-18]
O21 - SSODL: yuhidadil - {dde8f6a5-1401-4c46-bfcb-4cd6f89ed58a} - (no file) [2010-02-18]
O22 - SharedTaskScheduler: jugezatag - {a2768b68-bfcc-493d-9920-be745604fa07} - (no file) [2010-02-18]
O22 - SharedTaskScheduler: jugezatag - {2dcb1e10-904b-436e-88af-e09d632c0937} - (no file) [2010-02-18]
O21 - SSODL: wifararuy - {fee23f34-946e-4af6-a8bf-095d2647d76c} - (no file) [2010-02-18]
O21 - SSODL: luredijom - {ca192e19-a8b7-48f7-8261-790613283481} - (no file) [2010-02-18]
O21 - SSODL: bifazugol - {74c875d5-2535-4166-9fed-80d962bc6ff2} - (no file) [2010-02-18]
O22 - SharedTaskScheduler: gahurihor - {fee23f34-946e-4af6-a8bf-095d2647d76c} - (no file) [2010-02-18]
O22 - SharedTaskScheduler: kupuhivus - {ca192e19-a8b7-48f7-8261-790613283481} - (no file) [2010-02-18]
O22 - SharedTaskScheduler: gahurihor - {74c875d5-2535-4166-9fed-80d962bc6ff2} - (no file) [2010-02-18]
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE [2010-02-18]
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.10.dll/206 (file missing) [2010-02-18]
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2010-02-18]
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.10.dll/206 (file missing) [2010-02-18]

======Hosts File======

127.0.0.1 actionsplash.com
127.0.0.1 ads.x10.com
127.0.0.1 images.x10.com
127.0.0.1 adserv.internetfuel.com
127.0.0.1 popme.163.com
127.0.0.1 servedby.advertising.com
127.0.0.1 specialoffers.aol.com
127.0.0.1 whenushop.whenu.com
127.0.0.1 www.popupnation.com
127.0.0.1 www.popuptraffic.com

======Security center information======

AV: avast! Antivirus
FW: ZoneAlarm Firewall

======System event log======

Computer Name: DIABLO
Event Code: 7000
Message: The Realtek EAPPkt Protocol service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 8701
Source Name: Service Control Manager
Time Written: 20100215184458.000000-300
Event Type: error
User:

Computer Name: DIABLO
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
SABKUTIL

Record Number: 8675
Source Name: Service Control Manager
Time Written: 20100215182835.000000-300
Event Type: error
User:

Computer Name: DIABLO
Event Code: 7000
Message: The Realtek EAPPkt Protocol service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 8674
Source Name: Service Control Manager
Time Written: 20100215182833.000000-300
Event Type: error
User:

Computer Name: DIABLO
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
SABKUTIL

Record Number: 8648
Source Name: Service Control Manager
Time Written: 20100215174509.000000-300
Event Type: error
User:

Computer Name: DIABLO
Event Code: 7000
Message: The Realtek EAPPkt Protocol service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 8647
Source Name: Service Control Manager
Time Written: 20100215174507.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: CREEPER
Event Code: 1000
Message: Faulting application awc.exe, version 3.1.2.606, faulting module kernel32.dll, version 5.1.2600.2180, fault address 0x0001eb33.

Record Number: 89
Source Name: Application Error
Time Written: 20100106015357.000000-300
Event Type: error
User:

Computer Name: CREEPER
Event Code: 1517
Message: Windows saved user CREEPER\Compaq_Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 80
Source Name: Userenv
Time Written: 20100106033229.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: CREEPER
Event Code: 1517
Message: Windows saved user CREEPER\Compaq_Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 50
Source Name: Userenv
Time Written: 20100106032748.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: CREEPER
Event Code: 1015
Message: Failed to connect to server. Error: 0x800401F0

Record Number: 44
Source Name: MsiInstaller
Time Written: 20100106032628.000000-300
Event Type: warning
User: DIABLO\Compaq_Owner

Computer Name: CREEPER
Event Code: 1517
Message: Windows saved user CREEPER\Compaq_Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 19
Source Name: Userenv
Time Written: 20100106031533.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: DIABLO
Event Code: 515
Message: A trusted logon process has registered with the Local Security Authority.
This logon process will be trusted to submit logon requests.




Logon Process Name: Winlogon

Record Number: 3802
Source Name: Security
Time Written: 20100215153958.000000-300
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: DIABLO
Event Code: 515
Message: A trusted logon process has registered with the Local Security Authority.
This logon process will be trusted to submit logon requests.




Logon Process Name: KSecDD

Record Number: 3801
Source Name: Security
Time Written: 20100215153958.000000-300
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: DIABLO
Event Code: 514
Message: An authentication package has been loaded by the Local Security Authority.
This authentication package will be used to authenticate logon attempts.


Authentication Package Name: C:\WINDOWS\system32\msv1_0.dll : MICROSOFT_AUTHENTICATION_PACKAGE_V1_0

Record Number: 3800
Source Name: Security
Time Written: 20100215153958.000000-300
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: DIABLO
Event Code: 514
Message: An authentication package has been loaded by the Local Security Authority.
This authentication package will be used to authenticate logon attempts.


Authentication Package Name: C:\WINDOWS\system32\wdigest.dll : WDigest

Record Number: 3799
Source Name: Security
Time Written: 20100215153958.000000-300
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: DIABLO
Event Code: 514
Message: An authentication package has been loaded by the Local Security Authority.
This authentication package will be used to authenticate logon attempts.


Authentication Package Name: C:\WINDOWS\system32\schannel.dll : Schannel

Record Number: 3798
Source Name: Security
Time Written: 20100215153958.000000-300
Event Type: audit success
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"tvdumpflags"=8

-----------------EOF-----------------


Malwarebytes' Anti-Malware 1.44
Database version: 3764
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/19/2010 7:44:52 PM
mbam-log-2010-02-19 (19-44-52).txt

Scan type: Quick Scan
Objects scanned: 110735
Time elapsed: 11 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5ed6aa7d-d83d-46ec-9470-aaec327c8c99}\NameServer (Trojan.DNSChanger) -> Data: 83.149.115.157,4.2.2.1,192.168.2.1 192.168.254.254 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of random's system information tool 1.06 (written by random/random)
Run by Compaq_Owner at 2010-02-19 19:54:49
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 1 GB (4%) free of 31 GB
Total RAM: 959 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:55:22 PM, on 2/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\System32\alg.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\RSIT(4).exe
C:\Program Files\Trend Micro\HijackThis\Compaq_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://encarta.msn.com/teleport/activate/d...sp?pid=51957HP1
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: c:\windows\system32\popujubi.dll c:\windows\system32\benituyo.dll c:\windows\system32\mikusedi.dll c:\windows\system32\yezenata.dll c:\windows\system32\
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 6604 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AdsGone.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
SpywareGuardDLBLOCK.CBrowserHelper - C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-02 192512]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-08-21 155648]
"KBD"=C:\HP\KBD\KBD.EXE [2003-02-11 61440]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2004-04-14 233472]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2004-07-20 57344]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2004-10-22 53248]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"PS2"=C:\WINDOWS\system32\ps2.exe [2003-09-12 98304]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-02-11 2756488]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2009-10-10 320832]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-11-22 1037192]
"IObit Security 360"=C:\Program Files\IObit\IObit Security 360\IS360tray.exe [2009-12-24 1280272]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BitComet"=C:\Program Files\BitComet\BitComet.exe [2010-01-21 2956536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2010-01-06 2335952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
C:\WINDOWS\ALCWZRD.EXE [2004-07-29 2551808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
C:\Program Files\BitComet\BitComet.exe [2010-01-21 2956536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\husugamej]
c:\windows\system32\mikusedi.dll,a []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\PROGRA~1\LimeWire\LimeWire.exe [2009-09-30 503808]

C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\popujubi.dll c:\windows\system32\benituyo.dll c:\windows\system32\mikusedi.dll c:\windows\system32\yezenata.dll c:\windows\system32\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-21 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=C:\Program Files\SpywareGuard\spywareguard.dll [2003-08-02 126976]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
minuzudi.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\WINDOWS\ALCXMNTR.EXE"="C:\WINDOWS\ALCXMNTR.EXE:*:Enabled:ALCXMNTR"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\spoolsv.exe"="C:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv"
"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"="C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE:*:Enabled:MDM"
"C:\Program Files\Common Files\Java\Java Update\jusched.exe"="C:\Program Files\Common Files\Java\Java Update\jusched.exe:*:Enabled:jusched"
"C:\WINDOWS\system32\wbem\wmiprvse.exe"="C:\WINDOWS\system32\wbem\wmiprvse.exe:*:Enabled:wmiprvse"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


======List of files/folders created in the last 1 months======

2010-02-19 15:29:18 ----D---- C:\rsit
2010-02-19 01:34:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-18 05:30:43 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2010-02-18 05:28:21 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-02-18 05:27:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2010-02-18 05:26:53 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2010-02-18 05:26:08 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2010-02-18 05:25:23 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2010-02-18 05:24:39 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2010-02-18 05:23:56 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2010-02-18 05:23:14 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2010-02-18 05:22:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2010-02-18 04:49:35 ----D---- C:\78dd80797e48a5275d
2010-02-18 04:01:43 ----DC---- C:\WINDOWS\$NtUninstallKB970430$
2010-02-18 04:01:28 ----DC---- C:\WINDOWS\$NtUninstallKB951978$
2010-02-18 04:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-02-18 01:10:04 ----D---- C:\Documents and Settings\All Users\Application Data\IObit
2010-02-18 01:07:53 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-18 01:07:13 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2010-02-18 00:58:10 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\WinPatrol
2010-02-18 00:56:07 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\CheckPoint
2010-02-18 00:55:29 ----D---- C:\Program Files\CheckPoint
2010-02-18 00:55:23 ----A---- C:\WINDOWS\system32\vsregexp.dll
2010-02-18 00:55:19 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2010-02-18 00:55:19 ----A---- C:\WINDOWS\system32\zlcomm.dll
2010-02-18 00:55:10 ----A---- C:\WINDOWS\system32\vswmi.dll
2010-02-18 00:55:07 ----A---- C:\WINDOWS\system32\zpeng25.dll
2010-02-18 00:55:06 ----D---- C:\WINDOWS\system32\ZoneLabs
2010-02-18 00:55:06 ----A---- C:\WINDOWS\system32\vsxml.dll
2010-02-18 00:55:06 ----A---- C:\WINDOWS\system32\vspubapi.dll
2010-02-18 00:55:06 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2010-02-18 00:55:02 ----D---- C:\Program Files\Zone Labs
2010-02-18 00:54:35 ----D---- C:\WINDOWS\Internet Logs
2010-02-18 00:54:33 ----A---- C:\WINDOWS\system32\vsutil.dll
2010-02-18 00:54:33 ----A---- C:\WINDOWS\system32\vsinit.dll
2010-02-18 00:54:33 ----A---- C:\WINDOWS\system32\vsdata.dll
2010-02-18 00:54:20 ----D---- C:\Program Files\BillP Studios
2010-02-18 00:03:25 ----A---- C:\WINDOWS\isRS-000.tmp
2010-02-17 23:31:43 ----HD---- C:\WINDOWS\msdownld.tmp
2010-02-17 22:49:32 ----D---- C:\Program Files\SpywareGuard
2010-02-17 22:38:26 ----D---- C:\Program Files\SpywareBlaster
2010-02-17 20:46:42 ----D---- C:\_OTM
2010-02-17 02:00:19 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-02-17 01:55:52 ----D---- C:\WINDOWS\Prefetch
2010-02-17 01:52:06 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-17 01:51:58 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-17 01:51:49 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-17 01:51:42 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-17 01:51:34 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-17 01:51:27 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-17 01:51:20 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-02-17 01:51:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-02-17 01:51:06 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-02-17 01:50:58 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-02-17 01:50:52 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-02-17 01:50:46 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-02-17 01:50:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-02-17 01:50:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-02-17 01:50:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-02-17 01:50:17 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-02-17 01:50:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-02-17 01:50:04 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-02-17 01:49:56 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-02-17 01:49:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-02-17 01:49:40 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-17 01:49:33 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-02-17 01:49:26 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-02-17 01:49:19 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-02-17 01:49:11 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-02-17 01:49:02 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-02-17 01:48:56 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-02-17 01:48:49 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-02-17 01:48:43 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-02-17 01:48:36 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-02-17 01:48:29 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-02-17 01:48:22 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-02-17 01:48:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-02-17 01:48:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-02-17 01:48:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-02-17 01:47:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-02-17 01:47:42 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-02-17 01:47:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2010-02-17 01:47:27 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-02-17 01:47:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-02-17 01:47:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-02-17 01:47:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-02-17 01:46:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-02-17 01:46:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-02-17 01:46:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-02-17 01:46:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-02-17 01:46:28 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-02-17 01:46:19 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-02-17 01:46:08 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-02-17 01:39:57 ----D---- C:\WINDOWS\system32\scripting
2010-02-17 01:39:57 ----D---- C:\WINDOWS\system32\en
2010-02-17 01:39:57 ----D---- C:\WINDOWS\l2schemas
2010-02-17 01:39:56 ----D---- C:\WINDOWS\system32\bits
2010-02-17 01:34:45 ----D---- C:\WINDOWS\network diagnostic
2010-02-17 01:29:21 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-02-17 01:29:17 ----D---- C:\WINDOWS\EHome
2010-02-16 20:46:24 ----D---- C:\Program Files\Trend Micro
2010-02-16 17:15:10 ----D---- C:\Program Files\DVD Shrink
2010-02-16 15:40:35 ----D---- C:\Program Files\MSXML 4.0
2010-02-16 15:40:21 ----D---- C:\WINDOWS\system32\PreInstall
2010-02-16 15:40:11 ----D---- C:\Program Files\NOS
2010-02-16 15:40:11 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-02-15 22:48:25 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-02-15 22:47:39 ----D---- C:\Program Files\Common Files\PC Tools
2010-02-15 16:36:01 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-15 16:35:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2010-02-15 16:35:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2010-02-15 16:35:38 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2010-02-15 16:35:29 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2010-02-15 16:34:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2010-02-15 16:34:47 ----HDC---- C:\WINDOWS\$NtUninstallKB960859_0$
2010-02-15 16:34:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971468_0$
2010-02-15 16:34:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-02-15 16:34:27 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-02-15 16:34:22 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2010-02-15 16:34:13 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2010-02-15 16:32:17 ----A---- C:\WINDOWS\system32\MRT.exe
2010-02-15 16:32:03 ----HDC---- C:\WINDOWS\$NtUninstallKB955759_0$
2010-02-15 16:31:56 ----HDC---- C:\WINDOWS\$NtUninstallKB974318_0$
2010-02-15 16:31:47 ----HDC---- C:\WINDOWS\$NtUninstallKB969059_0$
2010-02-15 16:31:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2010-02-15 16:31:32 ----HDC---- C:\WINDOWS\$NtUninstallKB978037_0$
2010-02-15 16:31:25 ----HDC---- C:\WINDOWS\$NtUninstallKB975713_0$
2010-02-15 16:31:17 ----HDC---- C:\WINDOWS\$NtUninstallKB971657_0$
2010-02-15 16:31:10 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2010-02-15 16:31:02 ----HDC---- C:\WINDOWS\$NtUninstallKB972270_0$
2010-02-15 16:30:50 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_0$
2010-02-15 16:30:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2010-02-15 16:30:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956844_0$
2010-02-15 16:30:10 ----HDC---- C:\WINDOWS\$NtUninstallKB961501_0$
2010-02-15 16:30:04 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-02-15 16:29:39 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2010-02-15 16:29:31 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2010-02-15 16:29:25 ----HDC---- C:\WINDOWS\$NtUninstallKB978251_0$
2010-02-15 16:29:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973869_0$
2010-02-15 16:29:11 ----HDC---- C:\WINDOWS\$NtUninstallKB975025_0$
2010-02-15 16:29:00 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2010-02-15 16:28:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2010-02-15 16:28:41 ----HDC---- C:\WINDOWS\$NtUninstallKB974571_0$
2010-02-15 16:28:33 ----HDC---- C:\WINDOWS\$NtUninstallKB975560_0$
2010-02-15 16:28:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973507_0$
2010-02-15 16:28:17 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2010-02-15 16:27:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_0$
2010-02-15 16:27:49 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2010-02-15 16:27:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2010-02-15 16:27:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973354_0$
2010-02-15 16:27:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-02-15 16:27:14 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2010-02-15 16:27:07 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2010-02-15 16:27:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2010-02-15 16:26:38 ----HDC---- C:\WINDOWS\$NtUninstallKB974392_0$
2010-02-15 16:26:31 ----HDC---- C:\WINDOWS\$NtUninstallKB977914_0$
2010-02-15 16:26:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2010-02-15 16:26:05 ----HDC---- C:\WINDOWS\$NtUninstallKB970238_0$
2010-02-15 16:25:52 ----HDC---- C:\WINDOWS\$NtUninstallKB971486_0$
2010-02-15 16:25:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978706_0$
2010-02-15 16:25:03 ----D---- C:\WINDOWS\ServicePackFiles
2010-02-15 16:24:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2010-02-15 16:24:31 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2010-02-15 16:24:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973815_0$
2010-02-15 16:24:15 ----D---- C:\WINDOWS\ie8updates
2010-02-15 16:24:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2010-02-15 16:23:58 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2010-02-15 16:23:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2010-02-15 16:22:54 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2010-02-15 16:22:46 ----HDC---- C:\WINDOWS\$NtUninstallKB975467_0$
2010-02-15 16:22:31 ----HDC---- C:\WINDOWS\$NtUninstallKB968389_0$
2010-02-15 16:22:14 ----HDC---- C:\WINDOWS\$NtUninstallKB969947_0$
2010-02-15 15:10:00 ----D---- C:\Program Files\YouTube Downloader
2010-02-15 14:56:59 ----D---- C:\Program Files\AdsGone
2010-02-15 01:02:38 ----N---- C:\WINDOWS\system32\tzchange.exe
2010-02-15 00:50:10 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2010-02-15 00:50:08 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2010-02-15 00:46:04 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2010-02-15 00:04:04 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2010-02-13 02:35:55 ----A---- C:\WINDOWS\unvise32.exe
2010-02-13 02:35:54 ----D---- C:\Program Files\uninstallerpro
2010-02-13 00:07:50 ----D---- C:\Documents and Settings\All Users\Application Data\vsosdk
2010-02-12 18:23:50 ----A---- C:\Documents and Settings\Compaq_Owner\Application Data\inst.exe
2010-02-12 18:23:38 ----A---- C:\WINDOWS\system32\sipr3260.dll
2010-02-12 18:23:38 ----A---- C:\WINDOWS\system32\drv43260.dll
2010-02-12 18:23:38 ----A---- C:\WINDOWS\system32\drv33260.dll
2010-02-12 18:23:38 ----A---- C:\WINDOWS\system32\drv23260.dll
2010-02-12 18:23:38 ----A---- C:\WINDOWS\system32\cook3260.dll
2010-02-12 18:23:34 ----A---- C:\WINDOWS\system32\vp7vfw.dll
2010-02-12 18:23:33 ----A---- C:\WINDOWS\system32\wvc1dmod.dll
2010-02-12 18:19:49 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2010-02-11 21:32:28 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-11 21:14:20 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\AdobeUM
2010-02-11 20:55:19 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\SuperAdBlocker.com
2010-02-11 20:55:03 ----D---- C:\Program Files\SuperAdBlocker.com
2010-02-11 15:21:04 ----D---- C:\e33f5e9afc5cdd16328d9cda
2010-02-11 15:13:14 ----D---- C:\Program Files\Nero
2010-02-11 15:10:54 ----D---- C:\Program Files\Microsoft Plus! Digital Media Edition
2010-02-11 06:44:06 ----A---- C:\WINDOWS\system32\msvcr71.dll
2010-02-11 02:20:32 ----D---- C:\Program Files\MSBuild
2010-02-11 02:16:12 ----D---- C:\WINDOWS\system32\XPSViewer
2010-02-11 02:15:05 ----D---- C:\Program Files\Reference Assemblies
2010-02-11 02:14:32 ----N---- C:\WINDOWS\system32\spmsg2.dll
2010-02-11 02:09:02 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2010-02-10 23:59:23 ----DC---- C:\WINDOWS\$NtUninstallKB926239$
2010-02-10 23:59:09 ----DC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2010-02-10 23:58:31 ----D---- C:\Program Files\Windows Media Connect 2
2010-02-10 23:58:14 ----DC---- C:\WINDOWS\$NtUninstallwmp11$
2010-02-10 23:57:22 ----DC---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-02-10 23:56:49 ----DC---- C:\WINDOWS\$NtUninstallWudf01000$
2010-02-10 23:56:04 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2010-02-10 22:34:04 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-10 22:15:20 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-02-10 18:53:20 ----D---- C:\Program Files\DivX
2010-02-05 11:37:47 ----SHD---- C:\Config.Msi
2010-02-05 11:10:00 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Nero
2010-02-05 10:41:34 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2010-02-05 10:41:33 ----D---- C:\Program Files\Common Files\Nero
2010-02-05 10:40:12 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2010-02-05 10:31:32 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2010-02-05 01:15:56 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Ahead
2010-02-04 22:45:31 ----A---- C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_4796.exe
2010-02-04 21:58:33 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2010-02-03 23:16:23 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-02-03 23:06:39 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
2010-02-02 21:34:47 ----D---- C:\WINDOWS\Sun
2010-02-02 19:16:55 ----D---- C:\Program Files\Common Files\Scanner
2010-02-01 17:37:15 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire
2010-02-01 17:36:51 ----D---- C:\Program Files\LimeWire
2010-02-01 15:04:01 ----HDC---- C:\WINDOWS\ie8
2010-02-01 14:28:32 ----D---- C:\WINDOWS\pss
2010-02-01 13:38:46 ----HD---- C:\Program Files\Uninstall Information
2010-02-01 13:36:57 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-02-01 13:23:24 ----D---- C:\WINDOWS\WBEM
2010-02-01 13:23:23 ----D---- C:\WINDOWS\system32\en-US
2010-02-01 13:21:39 ----HDC---- C:\WINDOWS\ie7
2010-02-01 13:21:22 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2010-02-01 13:21:08 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2010-02-01 13:21:07 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2010-02-01 13:20:37 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2010-02-01 13:20:37 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-01 13:20:34 ----A---- C:\WINDOWS\system32\xmllite.dll
2010-02-01 13:17:03 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-02-01 03:20:22 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\FrostWire
2010-02-01 01:40:42 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-31 23:32:31 ----A---- C:\WINDOWS\system32\pncrt.dll
2010-01-31 23:32:09 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2010-01-31 18:50:10 ----A---- C:\WINDOWS\system32\TwnLib20.dll
2010-01-31 18:50:08 ----A---- C:\WINDOWS\system32\NeroCheck.exe
2010-01-31 18:50:06 ----D---- C:\Program Files\Common Files\Ahead
2010-01-31 18:50:06 ----D---- C:\Program Files\Ahead
2010-01-31 14:27:50 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-01-31 14:27:14 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-31 14:27:14 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-31 14:27:14 ----A---- C:\WINDOWS\system32\java.exe
2010-01-31 14:27:14 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-01-30 22:08:19 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\vlc
2010-01-30 20:45:03 ----D---- C:\Program Files\VideoLAN
2010-01-30 20:44:19 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\WeatherBug
2010-01-30 20:43:59 ----D---- C:\Documents and Settings\All Users\Application Data\EmailNotifier
2010-01-30 20:43:52 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\myfreezetoolbar
2010-01-30 20:33:47 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Yahoo!
2010-01-30 18:31:47 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2010-01-30 18:29:08 ----D---- C:\Program Files\Yahoo!
2010-01-30 17:33:48 ----D---- C:\Program Files\IObit
2010-01-30 17:15:36 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-01-30 17:15:30 ----D---- C:\Program Files\Alwil Software
2010-01-30 17:15:30 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-01-30 16:51:06 ----D---- C:\Program Files\WinRAR
2010-01-30 16:12:59 ----D---- C:\Program Files\Common Files\Adobe
2010-01-30 14:39:43 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Adobe
2010-01-30 14:35:41 ----D---- C:\Downloads
2010-01-30 14:35:40 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\BitComet
2010-01-30 14:35:10 ----D---- C:\Program Files\BitComet
2010-01-30 14:17:09 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla
2010-01-30 14:16:57 ----D---- C:\Program Files\Mozilla Firefox
2010-01-29 22:44:29 ----A---- C:\WINDOWS\RTacDbg.txt

======List of files/folders modified in the last 1 months======

2010-02-19 19:52:15 ----D---- C:\WINDOWS\Temp
2010-02-19 19:51:18 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-19 15:40:43 ----D---- C:\WINDOWS
2010-02-18 18:59:11 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Vso
2010-02-18 16:58:44 ----RD---- C:\Program Files
2010-02-18 08:23:33 ----D---- C:\WINDOWS\Microsoft.NET
2010-02-18 08:23:08 ----RSD---- C:\WINDOWS\assembly
2010-02-18 08:21:44 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-18 08:20:52 ----SHD---- C:\WINDOWS\Installer
2010-02-18 06:50:05 ----SHD---- C:\System Volume Information
2010-02-18 06:50:05 ----D---- C:\WINDOWS\system32\Restore
2010-02-18 06:44:49 ----D---- C:\WINDOWS\system32
2010-02-18 05:52:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-18 05:30:55 ----HD---- C:\WINDOWS\inf
2010-02-18 05:25:32 ----D---- C:\WINDOWS\WinSxS
2010-02-18 05:15:14 ----D---- C:\Program Files\Common Files
2010-02-18 04:52:39 ----RSD---- C:\WINDOWS\Fonts
2010-02-18 04:46:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-18 04:43:06 ----D---- C:\Program Files\Internet Explorer
2010-02-18 04:42:43 ----D---- C:\WINDOWS\system32\drivers
2010-02-18 04:42:43 ----D---- C:\WINDOWS\pchealth
2010-02-18 04:32:15 ----D---- C:\WINDOWS\system32\config
2010-02-18 04:31:13 ----D---- C:\WINDOWS\system32\wbem
2010-02-18 04:31:11 ----D---- C:\WINDOWS\Registration
2010-02-18 02:22:51 ----A---- C:\WINDOWS\win.ini
2010-02-18 02:22:51 ----A---- C:\WINDOWS\system.ini
2010-02-18 00:16:54 ----RASH---- C:\boot.ini
2010-02-17 12:21:49 ----D---- C:\WINDOWS\SoftwareDistribution
2010-02-17 12:13:15 ----D---- C:\WINDOWS\security
2010-02-17 11:56:12 ----D---- C:\WINDOWS\Debug
2010-02-17 01:53:54 ----D---- C:\WINDOWS\AppPatch
2010-02-17 01:53:53 ----D---- C:\WINDOWS\system32\Setup
2010-02-17 01:50:12 ----D---- C:\Program Files\Outlook Express
2010-02-17 01:46:21 ----D---- C:\Program Files\Messenger
2010-02-17 01:40:11 ----D---- C:\WINDOWS\ime
2010-02-17 01:40:11 ----D---- C:\WINDOWS\Help
2010-02-17 01:39:58 ----D---- C:\WINDOWS\system32\usmt
2010-02-17 01:39:56 ----D---- C:\WINDOWS\PeerNet
2010-02-17 01:39:56 ----D---- C:\Program Files\Movie Maker
2010-02-17 01:36:47 ----D---- C:\WINDOWS\system32\npp
2010-02-17 01:36:46 ----D---- C:\WINDOWS\msagent
2010-02-17 01:36:45 ----D---- C:\WINDOWS\srchasst
2010-02-17 01:36:45 ----D---- C:\Program Files\NetMeeting
2010-02-17 01:36:44 ----D---- C:\WINDOWS\system32\Com
2010-02-17 01:36:41 ----D---- C:\Program Files\Windows NT
2010-02-17 01:36:41 ----D---- C:\Program Files\Windows Media Player
2010-02-17 01:36:37 ----D---- C:\Program Files\Common Files\System
2010-02-17 01:36:17 ----D---- C:\WINDOWS\system32\oobe
2010-02-17 01:36:15 ----D---- C:\WINDOWS\system
2010-02-17 01:33:33 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-02-16 17:01:03 ----SD---- C:\WINDOWS\Tasks
2010-02-15 00:19:08 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-02-13 15:18:30 ----D---- C:\Program Files\Common Files\Real
2010-02-13 15:18:29 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Real
2010-02-12 18:23:38 ----D---- C:\Program Files\vso
2010-02-12 18:15:38 ----D---- C:\WINDOWS\msapps
2010-02-11 15:11:24 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-02-11 15:10:53 ----D---- C:\WINDOWS\system32\LogFiles
2010-02-11 15:04:37 ----D---- C:\WINDOWS\system32\spool
2010-02-11 15:03:46 ----D---- C:\WINDOWS\system32\URTTemp
2010-02-11 06:44:06 ----A---- C:\WINDOWS\system32\msvcp71.dll
2010-02-05 10:40:13 ----D---- C:\WINDOWS\system32\DirectX
2010-02-04 21:57:34 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\WinRAR
2010-02-04 21:47:20 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\RipIt4Me
2010-02-02 22:20:32 ----D---- C:\WINDOWS\addins
2010-02-02 01:34:37 ----A---- C:\Documents and Settings\Compaq_Owner\Application Data\FixVTS.ini
2010-02-01 15:19:37 ----D---- C:\WINDOWS\Media
2010-01-31 14:27:40 ----D---- C:\Program Files\Common Files\Java
2010-01-31 14:26:53 ----D---- C:\Program Files\Java
2010-01-30 21:02:09 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\IObit
2010-01-30 14:15:42 ----SD---- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft
2010-01-30 13:57:42 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-02-11 28880]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-02-11 162512]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-02-11 46672]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2004-09-24 12928]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-11-22 486280]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-01-29 21035]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-02-11 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-02-11 100432]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-02-11 23376]
R3 BELKIN;Belkin Wireless G USB Network Adapter; C:\WINDOWS\system32\DRIVERS\BLKWGU.sys [2007-06-01 238848]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-02-12 47360]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2002-07-30 23808]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2004-12-07 172672]
S1 SABKUTIL;SABKUTIL; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys []
S2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\system32\DRIVERS\EAPPkt.sys []
S3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2003-11-12 41984]
S3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-21 737874]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2004-07-29 2216128]
S3 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys []
S3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2004-09-30 229888]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R2 IS360service;IS360service; C:\Program Files\IObit\IObit Security 360\IS360srv.exe [2009-12-24 311568]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-31 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-11-22 2384240]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-01-07 236368]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 getPlusHelper;getPlus® Helper; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------


#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:31 AM

Posted 19 February 2010 - 08:22 PM

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.


We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the icon on your desktop.
  • Paste the following code under the area. Do not include the word "Code".
    CODE
    :Reg
    [HKCU\Software\Microsoft\Internet Explorer\Main]
    "Search Bar"=""
    [HKCU\Software\Microsoft\Internet Explorer\Main]
    "Search Page"=""
    [HKCU\Software\Microsoft\Internet Explorer\SearchURL]
    "(Default)"=""
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\husugamej]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"=""
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\WINDOWS\ALCXMNTR.EXE"=-
    "C:\WINDOWS\system32\logonui.exe"=-
    "C:\WINDOWS\system32\winlogon.exe"=-
    "C:\WINDOWS\system32\spoolsv.exe"=-
    "C:\WINDOWS\system32\wbem\wmiprvse.exe"=-
    "C:\WINDOWS\system32\lsass.exe"=-
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    :Commands
    [Purity]
    [EmptyTemp]
  • Push the large button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



You have an older version of Java installed which can still be used to exploit your computer, so please go to add/remove programs and
uninstall the following.

Java 2 Runtime Environment, SE v1.4.2_03



You still have some leftovers from an incomplete uninstallation of Norton security products on your computer.
To remove the leftovers please download and run the Norton Removal Tool.

Note: The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003 products and Norton 360 from your computer.
If you use ACT! or WinFAX, back up those databases before you proceed.




Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the button.
  • Check
  • Click the button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push


Then in your next reply, please let me know if you are having any more problems and post back here with the following logs:
  • OTM results
  • ESET report
  • New Rsit log.txt

Thanks

unite.jpg


#7 creeper75

creeper75
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 20 February 2010 - 04:34 AM

So far everything seems to be working properly. No redirects anymore. Here is the OTM Log. There were no infections after running ESET and no report was given for me to copy or save. The new Rsit log is listed as well. Thank you.

All processes killed
========== REGISTRY ==========
HKCU\Software\Microsoft\Internet Explorer\Main\\"Search Bar"|"" /E : value set successfully!
HKCU\Software\Microsoft\Internet Explorer\Main\\"Search Page"|"" /E : value set successfully!
HKCU\Software\Microsoft\Internet Explorer\SearchURL\\"(Default)"|"" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\husugamej\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\ALCXMNTR.EXE deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\logonui.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\winlogon.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\spoolsv.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\wbem\wmiprvse.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\lsass.exe deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Compaq_Owner
->Temp folder emptied: 1790159 bytes
->Temporary Internet Files folder emptied: 5517630 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 59537764 bytes
->Google Chrome cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 1065624 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 989880 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 685056 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16791175 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 82.00 mb


OTM by OldTimer - Version 3.1.9.0 log created on 02192010_205841

Files moved on Reboot...
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\~DFBE34.tmp moved successfully.
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\ZLT07dbe.TMP not found!

Registry entries deleted on Reboot...


Logfile of random's system information tool 1.06 (written by random/random)
Run by Compaq_Owner at 2010-02-20 04:20:03
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 1 GB (5%) free of 31 GB
Total RAM: 959 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:20:31 AM, on 2/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\RSIT(5).exe
C:\Program Files\Trend Micro\HijackThis\Compaq_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://encarta.msn.com/teleport/activate/d...sp?pid=51957HP1
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_18.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 6856 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AdsGone.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
SpywareGuardDLBLOCK.CBrowserHelper - C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-02 192512]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-08-21 155648]
"KBD"=C:\HP\KBD\KBD.EXE [2003-02-11 61440]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2004-04-14 233472]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2004-07-20 57344]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2004-10-22 53248]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"PS2"=C:\WINDOWS\system32\ps2.exe [2003-09-12 98304]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-02-11 2756488]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2009-10-10 320832]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-11-22 1037192]
"IObit Security 360"=C:\Program Files\IObit\IObit Security 360\IS360tray.exe [2009-12-24 1280272]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BitComet"=C:\Program Files\BitComet\BitComet.exe [2010-01-21 2956536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2010-01-06 2335952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
C:\WINDOWS\ALCWZRD.EXE [2004-07-29 2551808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
C:\Program Files\BitComet\BitComet.exe [2010-01-21 2956536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\PROGRA~1\LimeWire\LimeWire.exe [2009-09-30 503808]

C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-21 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=C:\Program Files\SpywareGuard\spywareguard.dll [2003-08-02 126976]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet.exe"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"="C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE:*:Enabled:MDM"
"C:\Program Files\Common Files\Java\Java Update\jusched.exe"="C:\Program Files\Common Files\Java\Java Update\jusched.exe:*:Enabled:jusched"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-02-19 22:04:58 ----D---- C:\Program Files\ESET
2010-02-19 20:55:45 ----D---- C:\WINDOWS\ERDNT
2010-02-19 20:54:16 ----D---- C:\Program Files\ERUNT
2010-02-19 15:29:18 ----D---- C:\rsit
2010-02-19 01:34:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-18 05:30:43 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2010-02-18 05:28:21 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-02-18 05:27:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2010-02-18 05:26:53 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2010-02-18 05:26:08 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2010-02-18 05:25:23 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2010-02-18 05:24:39 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2010-02-18 05:23:56 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2010-02-18 05:23:14 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2010-02-18 05:22:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2010-02-18 04:49:35 ----D---- C:\78dd80797e48a5275d
2010-02-18 04:01:43 ----DC---- C:\WINDOWS\$NtUninstallKB970430$
2010-02-18 04:01:28 ----DC---- C:\WINDOWS\$NtUninstallKB951978$
2010-02-18 04:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-02-18 01:10:04 ----D---- C:\Documents and Settings\All Users\Application Data\IObit
2010-02-18 01:07:53 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-18 01:07:13 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.com
2010-02-18 00:58:10 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\WinPatrol
2010-02-18 00:56:07 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\CheckPoint
2010-02-18 00:55:29 ----D---- C:\Program Files\CheckPoint
2010-02-18 00:55:23 ----A---- C:\WINDOWS\system32\vsregexp.dll
2010-02-18 00:55:19 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2010-02-18 00:55:19 ----A---- C:\WINDOWS\system32\zlcomm.dll
2010-02-18 00:55:10 ----A---- C:\WINDOWS\system32\vswmi.dll
2010-02-18 00:55:07 ----A---- C:\WINDOWS\system32\zpeng25.dll
2010-02-18 00:55:06 ----D---- C:\WINDOWS\system32\ZoneLabs
2010-02-18 00:55:06 ----A---- C:\WINDOWS\system32\vsxml.dll
2010-02-18 00:55:06 ----A---- C:\WINDOWS\system32\vspubapi.dll
2010-02-18 00:55:06 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2010-02-18 00:55:02 ----D---- C:\Program Files\Zone Labs
2010-02-18 00:54:35 ----D---- C:\WINDOWS\Internet Logs
2010-02-18 00:54:33 ----A---- C:\WINDOWS\system32\vsutil.dll
2010-02-18 00:54:33 ----A---- C:\WINDOWS\system32\vsinit.dll
2010-02-18 00:54:33 ----A---- C:\WINDOWS\system32\vsdata.dll
2010-02-18 00:54:20 ----D---- C:\Program Files\BillP Studios
2010-02-17 22:49:32 ----D---- C:\Program Files\SpywareGuard
2010-02-17 22:38:26 ----D---- C:\Program Files\SpywareBlaster
2010-02-17 20:46:42 ----D---- C:\_OTM
2010-02-17 02:00:19 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-02-17 01:55:52 ----D---- C:\WINDOWS\Prefetch
2010-02-17 01:52:06 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-17 01:51:58 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-17 01:51:49 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-17 01:51:42 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-17 01:51:34 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-17 01:51:27 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-17 01:51:20 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-02-17 01:51:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-02-17 01:51:06 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-02-17 01:50:58 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-02-17 01:50:52 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-02-17 01:50:46 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-02-17 01:50:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-02-17 01:50:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-02-17 01:50:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-02-17 01:50:17 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-02-17 01:50:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-02-17 01:50:04 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-02-17 01:49:56 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-02-17 01:49:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-02-17 01:49:40 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-17 01:49:33 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-02-17 01:49:26 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-02-17 01:49:19 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-02-17 01:49:11 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-02-17 01:49:02 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-02-17 01:48:56 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-02-17 01:48:49 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-02-17 01:48:43 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-02-17 01:48:36 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-02-17 01:48:29 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-02-17 01:48:22 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-02-17 01:48:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-02-17 01:48:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-02-17 01:48:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-02-17 01:47:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-02-17 01:47:42 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-02-17 01:47:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2010-02-17 01:47:27 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-02-17 01:47:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-02-17 01:47:13 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-02-17 01:47:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-02-17 01:46:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-02-17 01:46:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-02-17 01:46:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-02-17 01:46:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-02-17 01:46:28 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-02-17 01:46:19 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-02-17 01:46:08 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-02-17 01:39:57 ----D---- C:\WINDOWS\system32\scripting
2010-02-17 01:39:57 ----D---- C:\WINDOWS\system32\en
2010-02-17 01:39:57 ----D---- C:\WINDOWS\l2schemas
2010-02-17 01:39:56 ----D---- C:\WINDOWS\system32\bits
2010-02-17 01:34:45 ----D---- C:\WINDOWS\network diagnostic
2010-02-17 01:29:21 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-02-17 01:29:17 ----D---- C:\WINDOWS\EHome
2010-02-16 20:46:24 ----D---- C:\Program Files\Trend Micro
2010-02-16 17:15:10 ----D---- C:\Program Files\DVD Shrink
2010-02-16 15:40:35 ----D---- C:\Program Files\MSXML 4.0
2010-02-16 15:40:21 ----D---- C:\WINDOWS\system32\PreInstall
2010-02-16 15:40:11 ----D---- C:\Program Files\NOS
2010-02-16 15:40:11 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-02-15 22:48:25 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-02-15 22:47:39 ----D---- C:\Program Files\Common Files\PC Tools
2010-02-15 16:36:01 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-15 16:35:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2010-02-15 16:35:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2010-02-15 16:35:38 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2010-02-15 16:35:29 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2010-02-15 16:34:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2010-02-15 16:34:47 ----HDC---- C:\WINDOWS\$NtUninstallKB960859_0$
2010-02-15 16:34:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971468_0$
2010-02-15 16:34:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-02-15 16:34:27 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-02-15 16:34:22 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2010-02-15 16:34:13 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2010-02-15 16:32:17 ----A---- C:\WINDOWS\system32\MRT.exe
2010-02-15 16:32:03 ----HDC---- C:\WINDOWS\$NtUninstallKB955759_0$
2010-02-15 16:31:56 ----HDC---- C:\WINDOWS\$NtUninstallKB974318_0$
2010-02-15 16:31:47 ----HDC---- C:\WINDOWS\$NtUninstallKB969059_0$
2010-02-15 16:31:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2010-02-15 16:31:32 ----HDC---- C:\WINDOWS\$NtUninstallKB978037_0$
2010-02-15 16:31:25 ----HDC---- C:\WINDOWS\$NtUninstallKB975713_0$
2010-02-15 16:31:17 ----HDC---- C:\WINDOWS\$NtUninstallKB971657_0$
2010-02-15 16:31:10 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2010-02-15 16:31:02 ----HDC---- C:\WINDOWS\$NtUninstallKB972270_0$
2010-02-15 16:30:50 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_0$
2010-02-15 16:30:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2010-02-15 16:30:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956844_0$
2010-02-15 16:30:10 ----HDC---- C:\WINDOWS\$NtUninstallKB961501_0$
2010-02-15 16:30:04 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-02-15 16:29:39 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2010-02-15 16:29:31 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2010-02-15 16:29:25 ----HDC---- C:\WINDOWS\$NtUninstallKB978251_0$
2010-02-15 16:29:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973869_0$
2010-02-15 16:29:11 ----HDC---- C:\WINDOWS\$NtUninstallKB975025_0$
2010-02-15 16:29:00 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2010-02-15 16:28:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2010-02-15 16:28:41 ----HDC---- C:\WINDOWS\$NtUninstallKB974571_0$
2010-02-15 16:28:33 ----HDC---- C:\WINDOWS\$NtUninstallKB975560_0$
2010-02-15 16:28:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973507_0$
2010-02-15 16:28:17 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2010-02-15 16:27:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_0$
2010-02-15 16:27:49 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2010-02-15 16:27:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2010-02-15 16:27:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973354_0$
2010-02-15 16:27:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-02-15 16:27:14 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2010-02-15 16:27:07 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2010-02-15 16:27:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2010-02-15 16:26:38 ----HDC---- C:\WINDOWS\$NtUninstallKB974392_0$
2010-02-15 16:26:31 ----HDC---- C:\WINDOWS\$NtUninstallKB977914_0$
2010-02-15 16:26:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2010-02-15 16:26:05 ----HDC---- C:\WINDOWS\$NtUninstallKB970238_0$
2010-02-15 16:25:52 ----HDC---- C:\WINDOWS\$NtUninstallKB971486_0$
2010-02-15 16:25:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978706_0$
2010-02-15 16:25:03 ----D---- C:\WINDOWS\ServicePackFiles
2010-02-15 16:24:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2010-02-15 16:24:31 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2010-02-15 16:24:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973815_0$
2010-02-15 16:24:15 ----D---- C:\WINDOWS\ie8updates
2010-02-15 16:24:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2010-02-15 16:23:58 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2010-02-15 16:23:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2010-02-15 16:22:54 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2010-02-15 16:22:46 ----HDC---- C:\WINDOWS\$NtUninstallKB975467_0$
2010-02-15 16:22:31 ----HDC---- C:\WINDOWS\$NtUninstallKB968389_0$
2010-02-15 16:22:14 ----HDC---- C:\WINDOWS\$NtUninstallKB969947_0$
2010-02-15 15:10:00 ----D---- C:\Program Files\YouTube Downloader
2010-02-15 14:56:59 ----D---- C:\Program Files\AdsGone
2010-02-15 01:02:38 ----N---- C:\WINDOWS\system32\tzchange.exe
2010-02-15 00:50:10 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2010-02-15 00:50:08 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2010-02-15 00:46:04 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2010-02-15 00:04:04 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2010-02-13 02:35:55 ----A---- C:\WINDOWS\unvise32.exe
2010-02-13 02:35:54 ----D---- C:\Program Files\uninstallerpro
2010-02-13 00:07:50 ----D---- C:\Documents and Settings\All Users\Application Data\vsosdk
2010-02-12 18:23:50 ----A---- C:\Documents and Settings\Compaq_Owner\Application Data\inst.exe
2010-02-12 18:23:38 ----A---- C:\WINDOWS\system32\sipr3260.dll
2010-02-12 18:23:38 ----A---- C:\WINDOWS\system32\drv43260.dll
2010-02-12 18:23:38 ----A---- C:\WINDOWS\system32\drv33260.dll
2010-02-12 18:23:38 ----A---- C:\WINDOWS\system32\drv23260.dll
2010-02-12 18:23:38 ----A---- C:\WINDOWS\system32\cook3260.dll
2010-02-12 18:23:34 ----A---- C:\WINDOWS\system32\vp7vfw.dll
2010-02-12 18:23:33 ----A---- C:\WINDOWS\system32\wvc1dmod.dll
2010-02-12 18:19:49 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2010-02-11 21:32:28 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-11 21:14:20 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\AdobeUM
2010-02-11 20:55:19 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\SuperAdBlocker.com
2010-02-11 20:55:03 ----D---- C:\Program Files\SuperAdBlocker.com
2010-02-11 15:21:04 ----D---- C:\e33f5e9afc5cdd16328d9cda
2010-02-11 15:13:14 ----D---- C:\Program Files\Nero
2010-02-11 15:10:54 ----D---- C:\Program Files\Microsoft Plus! Digital Media Edition
2010-02-11 06:44:06 ----A---- C:\WINDOWS\system32\msvcr71.dll
2010-02-11 02:20:32 ----D---- C:\Program Files\MSBuild
2010-02-11 02:16:12 ----D---- C:\WINDOWS\system32\XPSViewer
2010-02-11 02:15:05 ----D---- C:\Program Files\Reference Assemblies
2010-02-11 02:14:32 ----N---- C:\WINDOWS\system32\spmsg2.dll
2010-02-11 02:09:02 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2010-02-10 23:59:23 ----DC---- C:\WINDOWS\$NtUninstallKB926239$
2010-02-10 23:59:09 ----DC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2010-02-10 23:58:31 ----D---- C:\Program Files\Windows Media Connect 2
2010-02-10 23:58:14 ----DC---- C:\WINDOWS\$NtUninstallwmp11$
2010-02-10 23:57:22 ----DC---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-02-10 23:56:49 ----DC---- C:\WINDOWS\$NtUninstallWudf01000$
2010-02-10 23:56:04 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2010-02-10 22:34:04 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-10 22:15:20 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-02-10 18:53:20 ----D---- C:\Program Files\DivX
2010-02-05 11:37:47 ----SHD---- C:\Config.Msi
2010-02-05 11:10:00 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Nero
2010-02-05 10:41:34 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2010-02-05 10:41:33 ----D---- C:\Program Files\Common Files\Nero
2010-02-05 10:40:12 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2010-02-05 10:31:32 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2010-02-05 01:15:56 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Ahead
2010-02-04 22:45:31 ----A---- C:\WINDOWS\Burn4Free_Toolbar_Uninstaller_4796.exe
2010-02-04 21:58:33 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2010-02-03 23:16:23 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-02-03 23:06:39 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
2010-02-02 21:34:47 ----D---- C:\WINDOWS\Sun
2010-02-02 19:16:55 ----D---- C:\Program Files\Common Files\Scanner
2010-02-01 17:37:15 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire
2010-02-01 17:36:51 ----D---- C:\Program Files\LimeWire
2010-02-01 15:04:01 ----HDC---- C:\WINDOWS\ie8
2010-02-01 14:28:32 ----D---- C:\WINDOWS\pss
2010-02-01 13:38:46 ----HD---- C:\Program Files\Uninstall Information
2010-02-01 13:36:57 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-02-01 13:23:24 ----D---- C:\WINDOWS\WBEM
2010-02-01 13:23:23 ----D---- C:\WINDOWS\system32\en-US
2010-02-01 13:21:39 ----HDC---- C:\WINDOWS\ie7
2010-02-01 13:21:22 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2010-02-01 13:21:08 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2010-02-01 13:21:07 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2010-02-01 13:20:37 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2010-02-01 13:20:37 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-01 13:20:34 ----A---- C:\WINDOWS\system32\xmllite.dll
2010-02-01 13:17:03 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-02-01 03:20:22 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\FrostWire
2010-02-01 01:40:42 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-31 23:32:31 ----A---- C:\WINDOWS\system32\pncrt.dll
2010-01-31 23:32:09 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2010-01-31 18:50:10 ----A---- C:\WINDOWS\system32\TwnLib20.dll
2010-01-31 18:50:08 ----A---- C:\WINDOWS\system32\NeroCheck.exe
2010-01-31 18:50:06 ----D---- C:\Program Files\Common Files\Ahead
2010-01-31 18:50:06 ----D---- C:\Program Files\Ahead
2010-01-31 14:27:50 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-01-31 14:27:14 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-31 14:27:14 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-31 14:27:14 ----A---- C:\WINDOWS\system32\java.exe
2010-01-31 14:27:14 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-01-30 22:08:19 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\vlc
2010-01-30 20:45:03 ----D---- C:\Program Files\VideoLAN
2010-01-30 20:44:19 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\WeatherBug
2010-01-30 20:43:59 ----D---- C:\Documents and Settings\All Users\Application Data\EmailNotifier
2010-01-30 20:43:52 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\myfreezetoolbar
2010-01-30 20:33:47 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Yahoo!
2010-01-30 18:31:47 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2010-01-30 18:29:08 ----D---- C:\Program Files\Yahoo!
2010-01-30 17:33:48 ----D---- C:\Program Files\IObit
2010-01-30 17:15:36 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-01-30 17:15:30 ----D---- C:\Program Files\Alwil Software
2010-01-30 17:15:30 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-01-30 16:51:06 ----D---- C:\Program Files\WinRAR
2010-01-30 16:12:59 ----D---- C:\Program Files\Common Files\Adobe
2010-01-30 14:39:43 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Adobe
2010-01-30 14:35:41 ----D---- C:\Downloads
2010-01-30 14:35:40 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\BitComet
2010-01-30 14:35:10 ----D---- C:\Program Files\BitComet
2010-01-30 14:17:09 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla
2010-01-30 14:16:57 ----D---- C:\Program Files\Mozilla Firefox
2010-01-29 22:44:29 ----A---- C:\WINDOWS\RTacDbg.txt

======List of files/folders modified in the last 1 months======

2010-02-20 01:26:45 ----D---- C:\WINDOWS\Temp
2010-02-19 22:04:58 ----RD---- C:\Program Files
2010-02-19 21:18:02 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-19 21:17:50 ----D---- C:\Program Files\Symantec
2010-02-19 21:15:23 ----SHD---- C:\WINDOWS\Installer
2010-02-19 21:15:13 ----SD---- C:\WINDOWS\Tasks
2010-02-19 21:10:24 ----D---- C:\Program Files\Java
2010-02-19 21:10:24 ----D---- C:\Program Files\Common Files\Java
2010-02-19 21:10:05 ----D---- C:\WINDOWS\system32
2010-02-19 20:58:48 ----D---- C:\WINDOWS
2010-02-18 18:59:11 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Vso
2010-02-18 08:23:33 ----D---- C:\WINDOWS\Microsoft.NET
2010-02-18 08:23:08 ----RSD---- C:\WINDOWS\assembly
2010-02-18 08:21:44 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-18 06:50:05 ----SHD---- C:\System Volume Information
2010-02-18 06:50:05 ----D---- C:\WINDOWS\system32\Restore
2010-02-18 05:52:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-18 05:30:55 ----HD---- C:\WINDOWS\inf
2010-02-18 05:25:32 ----D---- C:\WINDOWS\WinSxS
2010-02-18 05:15:14 ----D---- C:\Program Files\Common Files
2010-02-18 04:52:39 ----RSD---- C:\WINDOWS\Fonts
2010-02-18 04:46:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-18 04:43:06 ----D---- C:\Program Files\Internet Explorer
2010-02-18 04:42:43 ----D---- C:\WINDOWS\system32\drivers
2010-02-18 04:42:43 ----D---- C:\WINDOWS\pchealth
2010-02-18 04:32:15 ----D---- C:\WINDOWS\system32\config
2010-02-18 04:31:13 ----D---- C:\WINDOWS\system32\wbem
2010-02-18 04:31:11 ----D---- C:\WINDOWS\Registration
2010-02-18 02:22:51 ----A---- C:\WINDOWS\win.ini
2010-02-18 02:22:51 ----A---- C:\WINDOWS\system.ini
2010-02-18 00:16:54 ----RASH---- C:\boot.ini
2010-02-17 12:21:49 ----D---- C:\WINDOWS\SoftwareDistribution
2010-02-17 12:13:15 ----D---- C:\WINDOWS\security
2010-02-17 11:56:12 ----D---- C:\WINDOWS\Debug
2010-02-17 01:53:54 ----D---- C:\WINDOWS\AppPatch
2010-02-17 01:53:53 ----D---- C:\WINDOWS\system32\Setup
2010-02-17 01:50:12 ----D---- C:\Program Files\Outlook Express
2010-02-17 01:46:21 ----D---- C:\Program Files\Messenger
2010-02-17 01:40:11 ----D---- C:\WINDOWS\ime
2010-02-17 01:40:11 ----D---- C:\WINDOWS\Help
2010-02-17 01:39:58 ----D---- C:\WINDOWS\system32\usmt
2010-02-17 01:39:56 ----D---- C:\WINDOWS\PeerNet
2010-02-17 01:39:56 ----D---- C:\Program Files\Movie Maker
2010-02-17 01:36:47 ----D---- C:\WINDOWS\system32\npp
2010-02-17 01:36:46 ----D---- C:\WINDOWS\msagent
2010-02-17 01:36:45 ----D---- C:\WINDOWS\srchasst
2010-02-17 01:36:45 ----D---- C:\Program Files\NetMeeting
2010-02-17 01:36:44 ----D---- C:\WINDOWS\system32\Com
2010-02-17 01:36:41 ----D---- C:\Program Files\Windows NT
2010-02-17 01:36:41 ----D---- C:\Program Files\Windows Media Player
2010-02-17 01:36:37 ----D---- C:\Program Files\Common Files\System
2010-02-17 01:36:17 ----D---- C:\WINDOWS\system32\oobe
2010-02-17 01:36:15 ----D---- C:\WINDOWS\system
2010-02-17 01:33:33 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-02-15 00:19:08 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-02-13 15:18:30 ----D---- C:\Program Files\Common Files\Real
2010-02-13 15:18:29 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\Real
2010-02-12 18:23:38 ----D---- C:\Program Files\vso
2010-02-12 18:15:38 ----D---- C:\WINDOWS\msapps
2010-02-11 15:11:24 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-02-11 15:10:53 ----D---- C:\WINDOWS\system32\LogFiles
2010-02-11 15:04:37 ----D---- C:\WINDOWS\system32\spool
2010-02-11 15:03:46 ----D---- C:\WINDOWS\system32\URTTemp
2010-02-11 06:44:06 ----A---- C:\WINDOWS\system32\msvcp71.dll
2010-02-05 10:40:13 ----D---- C:\WINDOWS\system32\DirectX
2010-02-04 21:57:34 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\WinRAR
2010-02-04 21:47:20 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\RipIt4Me
2010-02-02 22:20:32 ----D---- C:\WINDOWS\addins
2010-02-02 01:34:37 ----A---- C:\Documents and Settings\Compaq_Owner\Application Data\FixVTS.ini
2010-02-01 15:19:37 ----D---- C:\WINDOWS\Media
2010-01-30 21:02:09 ----D---- C:\Documents and Settings\Compaq_Owner\Application Data\IObit
2010-01-30 14:15:42 ----SD---- C:\Documents and Settings\Compaq_Owner\Application Data\Microsoft
2010-01-30 13:57:42 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-02-11 28880]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-02-11 162512]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-02-11 46672]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2004-09-24 12928]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-11-22 486280]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-01-29 21035]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-02-11 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-02-11 100432]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-02-11 23376]
R3 BELKIN;Belkin Wireless G USB Network Adapter; C:\WINDOWS\system32\DRIVERS\BLKWGU.sys [2007-06-01 238848]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-02-12 47360]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2002-07-30 23808]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2004-12-07 172672]
S1 SABKUTIL;SABKUTIL; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys []
S2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\system32\DRIVERS\EAPPkt.sys []
S3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2003-11-12 41984]
S3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-21 737874]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2004-07-29 2216128]
S3 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys []
S3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2004-09-30 229888]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R2 IS360service;IS360service; C:\Program Files\IObit\IObit Security 360\IS360srv.exe [2009-12-24 311568]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-31 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-11-22 2384240]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-01-07 236368]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 getPlusHelper;getPlus® Helper; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------


#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:31 AM

Posted 20 February 2010 - 12:36 PM

Your logs look fine to me now.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


Cleaning and creating restore points
  • Click Start, right click My Computer and select properties.
  • Select the System Restore tab then check the box "Turn off System Restore".
  • Click Apply then Ok, then restart your computer
  • Now follow these steps again, but instead of checking "Turn off System Restore" Uncheck it.
Now that you have cleaned out you restore points you need to set a new restore point
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Select "Create a restore point" then click Next.
  • Type a name under Restore point description then click Create.
Additional instructions can be found here if needed.

Note: This does not need to be done on a regular basis.


Congratulations! You now appear clean! thumbup.gif

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Keeping Windows updated
It is extremley important to keep windows upto date with the latest service pack and patches. This will prevent you
from getting the malware which uses vulnerabilities found in windows to exploit your computer. The easiest way to
do this this is by making sure that Automatic Updates are always enabled.

To do this Click on Start >> Control Panel >> Automatic updates and click Automatic (recommended) then Apply and Ok

Update your AntiVirus Software
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not
update your antivirus software then it will not be able to catch any of the new variants that may come out. If you
use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your
subscription runs out, you may not be able to update the programs virus definitions.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly
patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Use MVPS hosts file
Using a custom host file like the MVPS HOSTS file can help to block ads, banners, 3rd party Cookies,
3rd party page counters, web bugs, and even most hijackers. It doesn't use up any extra system resources
and may even speed up the loading of web pages. You can download and find instructions below.

http://www.mvps.org/winhelp2002/hosts.htm

Update all these programs regularly
Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Happy surfing smile.gif
Syler

unite.jpg


#9 creeper75

creeper75
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:31 PM

Posted 20 February 2010 - 03:33 PM

thumbup.gif Thank you very much Syler! Everything seems to be working great. One question though... was wondering if I needed to install the latest Java Runtime Environment that we uninstalled earlier? Thank you.



#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:31 AM

Posted 21 February 2010 - 03:07 PM

You're very welcome smile.gif

You have the latest version of Java so theirs no need to install any others.

unite.jpg


#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:31 AM

Posted 24 February 2010 - 10:54 AM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users