Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

PSW.OnlineGames.BCUF [RESOLVED]

Started by Neilld , Oct 15 2008 02:31 PM

  • This topic is locked This topic is locked

#1
Neilld
Posted 15 October 2008 - 02:31 PM

Neilld

    Member

  • Member
  • PipPip
  • 12 posts
Hi there

I've recently picked up a Trojan after clicking on a nasty link in a forum...sigh

Every 30 seconds or so my AVG resident shield alert pops up and informs me I have a "Threat detected!"
File name: C:\WINDOWS\svchost.exe
Threat name: Trojan horse PSW.OnlineGames.BCUF

Anyway...I've looked at a few of the other forum posts with similar problems and thought I'd post my own logs to get advice just in case my issue is different from the others.

I've done a full Malwarebytes' Anti-Malware scan as well as a HijackThis scan. The Malware one finds a trojan every time and says it's removed but it ends up right back in there next time I do a scan

Hope to hear from you soon :)

Neill

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:17:52 a.m., on 16/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\TCAUDIAG.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [MS-Help] RUNDLL32.EXE C:\WINDOWS\system32\MreadfeB.dll,Install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySQL4 - Unknown owner - C:\mysql\bin\mysqld-nt (file missing)
O23 - Service: O&O Defrag (OODefrag) - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 7355 bytes


Malwarebytes' Anti-Malware log

Malwarebytes' Anti-Malware 1.28
Database version: 1274
Windows 5.1.2600 Service Pack 3

16/10/2008 9:16:42 a.m.
mbam-log-2008-10-16 (09-16-42).txt

Scan type: Quick Scan
Objects scanned: 70044
Time elapsed: 5 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
  • 0

Advertisements

#2
Jimmy2012
Posted 18 October 2008 - 11:02 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello Neilld, and welcome to Geeks to go. :)
Sorry about the delay, everyone here has been very busy.

Lets get a fresh look at your computer.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


You will need to use more then one reply for the logs to fit.
  • 0

#3
Neilld
Posted 19 October 2008 - 01:42 AM

Neilld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi Jimmy

Thanks for the reply...Hopefully we can get this problem sorted as quickly as possible :)

Here's the Log.txt file

Logfile of random's system information tool 1.04 (written by random/random)
Run by Neill at 2008-10-19 20:39:42
Microsoft Windows XP Professional Service Pack 3
System drive C: has 22 GB (19%) free of 114 GB
Total RAM: 1023 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:40:03 p.m., on 19/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\TCAUDIAG.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Neill\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Neill.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MS-Help] RUNDLL32.EXE C:\WINDOWS\system32\MreadfeB.dll,Install
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySQL4 - Unknown owner - C:\mysql\bin\mysqld-nt (file missing)
O23 - Service: O&O Defrag (OODefrag) - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 7256 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-10-15 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-12 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-15 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5366673-E8CA-11D3-9CD9-0090271D075B}]
IeCatch2 Class - C:\PROGRA~1\FlashGet\jccatch.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-12 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-10-12 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet Bar - C:\PROGRA~1\FlashGet\fgiebar.dll [2005-06-07 86016]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-15 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"=C:\Program Files\LogMeIn\LogMeInSystray.exe [2005-12-15 295664]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-03-15 180269]
"OPSE reminder"=C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe [2003-07-07 729088]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-12 136600]
"TCASUTIEXE"=TCAUDIAG.exe -on []
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-10-15 1234712]
"MS-Help"=C:\WINDOWS\system32\MreadfeB.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-09-03 1576176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-01-20 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2005-12-15 10472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BA0A0B68-6F3C-51D2-B901-E381E036D21A}"=C:\WINDOWS\system32\KcrnaDrv.dll []
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Games\Dawn of War\w40k.exe"="C:\Games\Dawn of War\w40k.exe:*:Enabled:W40K"
"C:\Games\Wolfenstein - Enemy Territory\ET.exe"="C:\Games\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"C:\Games\Mohaa\MOHAA.exe"="C:\Games\Mohaa\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"C:\Games\Worms\WWP.EXE"="C:\Games\Worms\WWP.EXE:*:Enabled:Worms World Party"
"C:\Games\Warcraft III\Warcraft III.exe"="C:\Games\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Games\Warcraft III\war3.exe"="C:\Games\Warcraft III\war3.exe:*:Enabled:Warcraft III"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Games\TmSunriseDemoMag\TmSunriseDemoMag.exe"="C:\Games\TmSunriseDemoMag\TmSunriseDemoMag.exe:*:Enabled:TmSunriseDemoMag"
"C:\Games\Doomsday\Bin\Doomsday.exe"="C:\Games\Doomsday\Bin\Doomsday.exe:*:Enabled:Doomsday"
"C:\Games\Legacy\Legacy.exe"="C:\Games\Legacy\Legacy.exe:*:Enabled:Legacy"
"C:\Program Files (x86)\rmDC++0.403D\StrongDC.exe"="C:\Program Files (x86)\rmDC++0.403D\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Games\TOTALA\totala.exe"="C:\Games\TOTALA\totala.exe:*:Enabled:Total Annihilation"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Games\Dawn of War\W40kWA.exe"="C:\Games\Dawn of War\W40kWA.exe:*:Enabled:W40kWA"
"C:\Program Files (x86)\Skype\Phone\Skype.exe"="C:\Program Files (x86)\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Games\Command & Conquer Generals Zero Hour\game.dat"="C:\Games\Command & Conquer Generals Zero Hour\game.dat:*:Enabled:game"
"C:\Program Files (x86)\rmDC++0.403D\CZDCPlusPlus.exe"="C:\Program Files (x86)\rmDC++0.403D\CZDCPlusPlus.exe:*:Enabled:CZDC++"
"C:\Program Files\Java\jdk1.5.0_05\bin\java.exe"="C:\Program Files\Java\jdk1.5.0_05\bin\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\Program Files (x86)\Xfire\Xfire.exe"="C:\Program Files (x86)\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\Games\UT2004\System\UT2004.exe"="C:\Games\UT2004\System\UT2004.exe:*:Enabled:UT2004"
"C:\Program Files\Apache Group\Apache\Apache.exe"="C:\Program Files\Apache Group\Apache\Apache.exe:*:Enabled:Apache"
"C:\Games\TrackMania Nations ESWC\TmNationsESWC.exe"="C:\Games\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Games\Dawn of War\Dawn of War - Dark Crusade\DarkCrusade.exe"="C:\Games\Dawn of War\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\World of Warcraft\WoW-2.3.0.7561-to-2.4.0.8089-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.3.0.7561-to-2.4.0.8089-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 2 months======

2008-10-19 20:39:42 ----D---- C:\rsit
2008-10-19 16:46:02 ----D---- C:\Program Files\DOSBox-0.72
2008-10-19 16:36:22 ----D---- C:\Program Files\D-Fend Reloaded
2008-10-17 00:32:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-16 13:27:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 13:25:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 13:23:08 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 12:52:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 12:50:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-16 12:24:14 ----HDC---- C:\WINDOWS\$NtUninstallKB953155$
2008-10-16 12:22:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-16 09:40:57 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Blizzard
2008-10-15 13:31:09 ----D---- C:\Program Files\Trend Micro
2008-10-15 13:28:26 ----D---- C:\Documents and Settings\Neill\Application Data\Help
2008-10-15 13:07:47 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan
2008-10-15 13:07:38 ----D---- C:\Program Files\Security Task Manager
2008-10-15 12:54:05 ----HD---- C:\$AVG8.VAULT$
2008-10-15 12:22:01 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-10-15 12:21:57 ----D---- C:\Documents and Settings\Neill\Application Data\AVGTOOLBAR
2008-10-15 12:21:48 ----D---- C:\Program Files\AVG
2008-10-15 12:17:53 ----SHD---- C:\RECYCLER
2008-10-15 12:17:14 ----A---- C:\ComboFix.txt
2008-10-15 12:03:38 ----D---- C:\ComboFix
2008-10-15 09:40:25 ----D---- C:\Program Files\Kaspersky Anti-Virus
2008-10-15 08:56:03 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-10-15 08:55:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-15 08:55:50 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-15 08:55:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-15 08:55:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-15 08:55:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-15 08:55:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-10-15 08:55:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-15 08:55:13 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-15 08:55:08 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-15 08:55:01 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-10-15 08:54:55 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-15 08:54:49 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-15 08:49:42 ----D---- C:\WINDOWS\system32\en-us
2008-10-15 08:49:41 ----D---- C:\WINDOWS\system32\scripting
2008-10-15 08:49:40 ----D---- C:\WINDOWS\l2schemas
2008-10-15 08:49:39 ----D---- C:\WINDOWS\system32\en
2008-10-15 08:49:39 ----D---- C:\WINDOWS\system32\bits
2008-10-15 08:45:51 ----D---- C:\WINDOWS\network diagnostic
2008-10-13 14:21:49 ----D---- C:\Program Files\World of Warcraft
2008-10-13 11:23:57 ----RA---- C:\WINDOWS\system32\UpdDrv2K.exe
2008-10-13 11:23:57 ----RA---- C:\WINDOWS\system32\UN3CDiag.exe
2008-10-13 11:23:57 ----RA---- C:\WINDOWS\system32\sk98nt4.ini
2008-10-13 11:23:57 ----RA---- C:\WINDOWS\system32\InstInfo.ini
2008-10-13 11:23:03 ----A---- C:\WINDOWS\system32\TDInst2K.exe
2008-10-13 11:23:03 ----A---- C:\WINDOWS\system32\tcauprot.dll
2008-10-13 11:23:03 ----A---- C:\WINDOWS\system32\tcaum998.dll
2008-10-13 11:23:03 ----A---- C:\WINDOWS\system32\tcaudvar.txt
2008-10-13 11:23:03 ----A---- C:\WINDOWS\system32\TCAUDIAG.EXE
2008-10-13 11:23:03 ----A---- C:\WINDOWS\system32\TCAMHWAC.DLL
2008-10-13 11:23:03 ----A---- C:\WINDOWS\system32\ROBOEX32.DLL
2008-10-13 11:23:03 ----A---- C:\WINDOWS\system32\INETWH32.dll
2008-10-13 11:22:59 ----D---- C:\3com
2008-10-13 10:59:47 ----D---- C:\Program Files\PC Drivers HeadQuarters
2008-10-13 10:59:47 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters
2008-10-13 10:18:57 ----D---- C:\WINDOWS\Performance
2008-10-13 10:18:46 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Corporation
2008-10-13 10:18:16 ----D---- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-10-13 00:25:24 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\SiteAdvisor
2008-10-13 00:06:21 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
2008-10-12 23:26:23 ----A---- C:\log2.txt
2008-10-12 23:26:23 ----A---- C:\log1.txt
2008-10-12 22:43:37 ----D---- C:\Documents and Settings\Neill\Application Data\True Sword
2008-10-12 22:43:31 ----D---- C:\Program Files\True Sword 5
2008-10-12 15:38:46 ----A---- C:\WINDOWS\1.ini
2008-10-12 15:14:28 ----A---- C:\WINDOWS\system32\locate.com
2008-10-12 15:13:09 ----D---- C:\MGtools
2008-10-12 14:54:45 ----A---- C:\Boot.bak
2008-10-12 14:54:38 ----D---- C:\cmdcons
2008-10-12 14:53:13 ----A---- C:\WINDOWS\zip.exe
2008-10-12 14:53:13 ----A---- C:\WINDOWS\VFIND.exe
2008-10-12 14:53:13 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-10-12 14:53:13 ----A---- C:\WINDOWS\SWSC.exe
2008-10-12 14:53:13 ----A---- C:\WINDOWS\SWREG.exe
2008-10-12 14:53:13 ----A---- C:\WINDOWS\sed.exe
2008-10-12 14:53:13 ----A---- C:\WINDOWS\NIRCMD.exe
2008-10-12 14:53:13 ----A---- C:\WINDOWS\grep.exe
2008-10-12 14:53:13 ----A---- C:\WINDOWS\fdsv.exe
2008-10-12 14:51:59 ----D---- C:\WINDOWS\ERDNT
2008-10-12 14:51:59 ----D---- C:\Qoobox
2008-10-12 14:26:17 ----D---- C:\Documents and Settings\Neill\Application Data\Malwarebytes
2008-10-12 14:26:13 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-12 14:26:13 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-10-12 13:54:49 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-12 13:54:49 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-10-12 12:13:09 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-10-12 12:13:04 ----D---- C:\Program Files\SUPERAntiSpyware
2008-10-12 12:13:04 ----D---- C:\Documents and Settings\Neill\Application Data\SUPERAntiSpyware.com
2008-10-12 12:06:42 ----A---- C:\MGtools.exe
2008-10-12 11:50:11 ----D---- C:\Program Files\CCleaner
2008-10-12 11:44:59 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-12 11:44:59 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-12 11:44:59 ----A---- C:\WINDOWS\system32\java.exe
2008-10-12 11:44:59 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-10-12 11:16:46 ----A---- C:\Program Files\unst0_0.exe
2008-10-12 11:16:44 ----A---- C:\Program Files\Program Files.ini
2008-10-12 11:02:30 ----D---- C:\Program Files\Uninstall Plus v4.1
2008-10-06 10:51:23 ----A---- C:\WINDOWS\system32\system130917.exe
2008-10-06 04:37:03 ----D---- C:\Program Files\Common Files\plugin
2008-09-17 09:27:39 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\K7 Computing
2008-09-10 16:32:55 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-09-05 09:17:31 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-09-04 09:09:21 ----N---- C:\WINDOWS\system32\pxsfs.dll
2008-09-04 09:09:21 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-08-26 22:33:45 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-08-26 22:33:34 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-08-26 22:33:25 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-08-26 22:33:21 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-26 22:33:21 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-08-26 22:33:06 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-08-26 22:33:06 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-08-26 22:32:37 ----N---- C:\WINDOWS\system32\setupn.exe
2008-08-26 22:32:30 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-08-26 22:32:27 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-08-26 22:32:26 ----N---- C:\WINDOWS\system32\qutil.dll
2008-08-26 22:32:23 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-08-26 22:32:23 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-08-26 22:32:22 ----N---- C:\WINDOWS\system32\qagent.dll
2008-08-26 22:32:20 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-26 22:32:14 ----N---- C:\WINDOWS\system32\onex.dll
2008-08-26 22:31:52 ----N---- C:\WINDOWS\system32\napstat.exe
2008-08-26 22:31:52 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-08-26 22:31:52 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-08-26 22:31:43 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-08-26 22:31:43 ----N---- C:\WINDOWS\system32\mssha.dll
2008-08-26 22:31:07 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-08-26 22:31:07 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-26 22:31:07 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-08-26 22:31:07 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-26 22:30:39 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-08-26 22:30:30 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-08-26 22:30:30 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-08-26 22:30:30 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-08-26 22:30:30 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-08-26 22:30:30 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-08-26 22:29:28 ----A---- C:\WINDOWS\005782_.tmp
2008-08-26 22:29:26 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-08-26 22:29:26 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-08-26 22:29:26 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-08-26 22:29:26 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-08-26 22:29:26 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-08-26 22:29:26 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-08-26 22:29:26 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-08-26 22:29:26 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-08-26 22:29:22 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-08-26 22:29:22 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-08-26 22:29:22 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-08-26 22:29:22 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-08-26 22:29:22 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-08-26 22:29:22 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-08-26 22:29:22 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-08-26 22:29:19 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-08-26 22:29:19 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-08-26 22:29:19 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-08-26 22:29:16 ----N---- C:\WINDOWS\system32\credssp.dll
2008-08-26 22:29:10 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-08-26 22:29:09 ----N---- C:\WINDOWS\system32\azroles.dll
2008-08-26 22:28:59 ----N---- C:\WINDOWS\system32\aaclient.dll

======List of files/folders modified in the last 2 months======

2008-10-19 20:40:03 ----D---- C:\WINDOWS\Temp
2008-10-19 20:39:59 ----D---- C:\WINDOWS\Prefetch
2008-10-19 20:31:51 ----D---- C:\Program Files\Mozilla Firefox
2008-10-19 17:09:05 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-19 17:07:18 ----D---- C:\WINDOWS
2008-10-19 16:46:02 ----D---- C:\Program Files
2008-10-19 16:20:13 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-19 14:52:10 ----N---- C:\WINDOWS\SchedLgU.Txt
2008-10-18 14:37:07 ----D---- C:\WINDOWS\system32
2008-10-18 08:58:47 ----D---- C:\Documents and Settings\Neill\Application Data\OpenOffice.org2
2008-10-17 00:32:11 ----HD---- C:\WINDOWS\inf
2008-10-17 00:32:08 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-16 22:52:51 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-16 14:58:47 ----D---- C:\WINDOWS\Debug
2008-10-16 13:27:07 ----D---- C:\WINDOWS\system32\drivers
2008-10-15 13:55:34 ----SHD---- C:\WINDOWS\Installer
2008-10-15 13:55:33 ----D---- C:\WINDOWS\system32\appmgmt
2008-10-15 13:55:33 ----D---- C:\Documents and Settings
2008-10-15 12:21:48 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-10-15 12:10:49 ----N---- C:\WINDOWS\system.ini
2008-10-15 12:06:11 ----D---- C:\WINDOWS\AppPatch
2008-10-15 12:06:11 ----D---- C:\Program Files\Common Files
2008-10-15 09:31:56 ----SD---- C:\Documents and Settings\Neill\Application Data\Microsoft
2008-10-15 09:01:28 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-15 08:58:59 ----D---- C:\WINDOWS\system32\Setup
2008-10-15 08:58:58 ----D---- C:\WINDOWS\system32\wbem
2008-10-15 08:58:58 ----D---- C:\Program Files\Internet Explorer
2008-10-15 08:58:57 ----RSD---- C:\WINDOWS\Fonts
2008-10-15 08:56:06 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-15 08:54:57 ----D---- C:\Program Files\Messenger
2008-10-15 08:54:31 ----D---- C:\WINDOWS\security
2008-10-15 08:50:07 ----D---- C:\WINDOWS\WinSxS
2008-10-15 08:50:01 ----D---- C:\Program Files\Windows Media Player
2008-10-15 08:49:50 ----D---- C:\WINDOWS\ime
2008-10-15 08:49:50 ----D---- C:\WINDOWS\Help
2008-10-15 08:49:42 ----D---- C:\WINDOWS\system32\usmt
2008-10-15 08:49:39 ----D---- C:\WINDOWS\peernet
2008-10-15 08:49:39 ----D---- C:\Program Files\Movie Maker
2008-10-15 08:47:14 ----D---- C:\WINDOWS\system32\Restore
2008-10-15 08:47:14 ----D---- C:\WINDOWS\system32\npp
2008-10-15 08:47:13 ----D---- C:\WINDOWS\mui
2008-10-15 08:47:13 ----D---- C:\WINDOWS\msagent
2008-10-15 08:47:12 ----D---- C:\WINDOWS\srchasst
2008-10-15 08:47:11 ----D---- C:\Program Files\NetMeeting
2008-10-15 08:47:10 ----D---- C:\WINDOWS\system32\Com
2008-10-15 08:47:08 ----D---- C:\Program Files\Windows NT
2008-10-15 08:47:08 ----D---- C:\Program Files\Outlook Express
2008-10-15 08:47:06 ----D---- C:\Program Files\Common Files\System
2008-10-15 08:46:55 ----D---- C:\WINDOWS\system32\oobe
2008-10-15 08:46:54 ----D---- C:\WINDOWS\system
2008-10-15 08:44:44 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-15 08:44:32 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-15 08:41:42 ----D---- C:\WINDOWS\EHome
2008-10-14 22:43:02 ----D---- C:\WINDOWS\Minidump
2008-10-14 10:19:17 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-13 21:09:12 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-10-13 11:00:41 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-13 11:00:37 ----RSD---- C:\WINDOWS\assembly
2008-10-13 02:24:47 ----AC---- C:\WINDOWS\NeroDigital.ini
2008-10-13 01:04:47 ----SD---- C:\WINDOWS\Tasks
2008-10-12 15:38:02 ----D---- C:\Documents and Settings\Neill\Application Data\Mozilla
2008-10-12 15:24:25 ----D---- C:\Program Files\Mozilla Thunderbird
2008-10-12 15:24:22 ----AC---- C:\WINDOWS\WININIT.INI
2008-10-12 14:58:13 ----D---- C:\WINDOWS\system32\config
2008-10-12 14:56:07 ----D---- C:\Program Files\LogMeIn
2008-10-12 14:54:45 ----RASH---- C:\boot.ini
2008-10-12 14:24:09 ----D---- C:\WINDOWS\wt
2008-10-12 12:12:40 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-12 11:44:37 ----D---- C:\Program Files\Java
2008-10-12 11:15:09 ----D---- C:\Inetpub
2008-10-12 11:14:09 ----D---- C:\WTK23
2008-10-12 11:14:09 ----D---- C:\WTK22
2008-10-12 11:14:09 ----D---- C:\Temp
2008-10-12 11:14:09 ----D---- C:\Program Files\Winamp
2008-10-12 11:14:09 ----D---- C:\Program Files\SQLyog
2008-10-12 11:14:09 ----D---- C:\Program Files\MUSHclient
2008-10-12 11:14:09 ----D---- C:\Program Files\IsoBuster
2008-10-12 11:14:09 ----D---- C:\Program Files\GameSpy Arcade
2008-10-12 11:14:09 ----D---- C:\PHP
2008-10-12 11:14:09 ----D---- C:\MinGW
2008-10-12 11:14:08 ----D---- C:\cygwin
2008-10-08 08:19:40 ----AC---- C:\WINDOWS\system32\MRT.exe
2008-09-22 09:40:44 ----D---- C:\Games
2008-09-22 09:39:16 ----D---- C:\Program Files\Common Files\InstallShield
2008-09-19 19:43:17 ----D---- C:\Program Files\D-Tools
2008-09-17 19:00:38 ----D---- C:\Program Files\FlashGet
2008-09-05 13:39:30 ----C---- C:\WINDOWS\win.ini
2008-09-04 10:37:39 ----D---- C:\Documents and Settings\Neill\Application Data\Apple Computer
2008-09-04 09:11:11 ----D---- C:\WINDOWS\RegisteredPackages
2008-08-28 20:46:02 ----A---- C:\WINDOWS\system32\win32spl.dll
2008-08-28 20:46:02 ----A---- C:\WINDOWS\system32\msw3prt.dll
2008-08-20 18:30:53 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-08-20 18:30:52 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-08-20 18:30:51 ----A---- C:\WINDOWS\system32\wininet.dll
2008-08-20 18:30:51 ----A---- C:\WINDOWS\system32\shdocvw.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-10-15 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-10-15 26824]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2003-10-11 52128]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-30 12032]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-10-15 76040]
R2 enodpl;enodpl; C:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\RaInfo.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2002-08-30 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2002-08-30 55936]
R2 tandpl;tandpl; C:\WINDOWS\System32\drivers\tandpl.sys [2003-04-19 4736]
R2 tcaicchg;tcaicchg; \??\C:\WINDOWS\system32\tcaicchg.sys []
R2 TCAITDI;TCAITDI Protocol; C:\WINDOWS\system32\DRIVERS\TCAITDI.sys [2001-09-04 19534]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2005-01-20 965632]
R3 EL2000;3Com 3C2000x EtherLink XL Adapter; C:\WINDOWS\System32\DRIVERS\EL2K_XP.sys [2003-06-03 147328]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM; C:\WINDOWS\system32\drivers\Envy24HF.sys [2004-11-26 577664]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-01-29 16168]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 LMImirr;LMImirr; C:\WINDOWS\system32\DRIVERS\LMImirr.sys [2005-12-15 7400]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-08-30 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Winachcf;Winachcf; C:\WINDOWS\system32\DRIVERS\winachcf.sys [2001-08-15 737975]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-18 3712]
S3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-18 283904]
S3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-18 6912]
S3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
S3 ipw_mdfl;Wireless Broadband Modem Filter; C:\WINDOWS\system32\DRIVERS\ipw_mdfl.sys []
S3 ipw_mdm;Wireless Broadband Modem (WDM); C:\WINDOWS\system32\DRIVERS\ipw_mdm.sys []
S3 krdpdre;krdpdre; \??\C:\DOCUME~1\Neill\LOCALS~1\Temp\krdpdre.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys []
S3 P2k;Motorola USB Device; C:\WINDOWS\system32\DRIVERS\P2k.sys [2005-07-20 36480]
S3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-18 36480]
S3 sony_ssm.sys;sony_ssm.sys; \??\C:\DOCUME~1\Neill\LOCALS~1\Temp\sony_ssm.sys []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-14 26112]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apache;Apache; C:\Program Files\Apache Group\Apache\Apache.exe [2005-10-18 20545]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-15 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-15 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-12 147456]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-03-19 335872]
R2 MySQL4;MySQL4; C:\mysql\bin\mysqld-nt --defaults-file=C:\mysql\my.ini MySQL4 []
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2007-12-20 122880]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-01-19 516096]
S2 OODefrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2002-01-18 263168]
S2 systemdown;Remote Access; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 wowsystemcode;Remote TCP/IPv6; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
S3 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2005-10-14 28768528]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2004-10-29 86016]
S3 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2005-10-14 87768]
S3 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-01-20 344064]
S4 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\RaMaint.exe []
S4 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\LogMeIn.exe [2005-12-15 1610480]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2005-10-14 239320]

-----------------EOF-----------------
  • 0

#4
Neilld
Posted 19 October 2008 - 01:44 AM

Neilld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
And here's the info.txt file

Hope they mean something to you :)

info.txt logfile of random's system information tool 1.04 2008-10-19 20:40:08

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Audio Deck\Uninst.isu"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3Com NIC Diagnostics-->un3cdiag.exe /remove
7-Zip 4.23-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Age of Mythology-->"C:\Program Files\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /addremove
Apache HTTP Server 1.3.34-->MsiExec.exe /I{5D29A4EF-A57F-4F47-89F8-4EB3C5302A53}
Apple Mobile Device Support-->MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{F08DAD55-0EB9-46FD-B083-6AC2B3B816B7}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Brothers In Arms EiB Demo-->C:\Games\BrothersInArmsEiB\System\Setup.exe uninstall "BrothersInArmsEiBDemo"
Canon MP Navigator 2.0-->"C:\Program Files\Canon\MP Navigator 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 2.0\uninst.ini
Canon MP450-->"C:\WINDOWS\system32\CanonMP Uninstaller Information\{CF23AFD7-3078-4134-8823-EBF6D1FE6FAD}\DelDrv.exe" /U:{CF23AFD7-3078-4134-8823-EBF6D1FE6FAD} /L0x0009
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDisplay 1.8-->"C:\Program Files\CDisplay\unins000.exe"
ChartDirector for .NET-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{230E2548-A4CE-4A0B-932D-69F96562F170}\Setup.exe" UNINSTALL
Command & Conquer Generals-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
Command and ConquerTM Generals Zero Hour-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}
ConTEXT-->"C:\Program Files\ConTEXT\unins000.exe"
DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
Dawn of War - Dark Crusade-->C:\Program Files\InstallShield Installation Information\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}\setup.exe -runfromtemp -l0x0009 -removeonly
Dawn Of War - Winter Assault-->MsiExec.exe /X{DD8408E9-9421-484F-979D-DB6361E3E828}
DawnOfWar-->C:\Games\Dawn of War\unst0_0.exe "C:\Games\Dawn of War\.ini"
Dev-C++ 5 beta 9 release (4.9.9.2)-->"C:\Dev-Cpp\uninstall.exe"
D-Fend Reloaded 0.3.2 (deinstall)-->"C:\Program Files\D-Fend Reloaded\Uninstall.exe"
Direct Show Ogg Vorbis Filter (remove only)-->"C:\WINDOWS\system32\OggDSuninst.exe"
Driver Detective-->C:\Program Files\InstallShield Installation Information\{621C02EA-AAFF-4026-A903-165D59529A16}\setup.exe -runfromtemp -l0x0409
DVD Solution-->"C:\Program Files\Uninstall_CDS.exe"
Earth 2160 Demo-->C:\Games\EARTH2~1\E2160_Uninst.exe /U C:\Games\EARTH2~1\install.log
Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Ethereal 0.10.12-->"C:\Program Files\Ethereal\uninstall.exe"
ExplorerXP (remove only)-->C:\Program Files\ExplorerXP\Uninst.exe
FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe"
FlashGet(JetCar)-->C:\PROGRA~1\FlashGet\UNWISE.EXE C:\PROGRA~1\FlashGet\INSTALL.LOG
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
GSpot Codec Information Appliance-->C:\Program Files\GSpot\Uninstall.exe
Haali Media Splitter-->"C:\Program Files\Matroska Pack\haali\uninstall.exe"
HijackThis 2.0.2-->"C:\MGTools\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
iPod for Windows 2005-06-26-->C:\Program Files\unst0_0.exe "C:\Program Files\.ini"
IsoBuster 1.8-->"C:\Program Files\IsoBuster\Uninst\unins000.exe"
iTunes-->MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
J2ME Wireless Toolkit 2.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5FE8184-DB90-4642-826C-096C6369B3DA}\Setup.exe" -l0x9 -uninst
J2SE Development Kit 5.0 Update 5-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150050}
Java 2 Runtime Environment, SE v1.5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Java 2 SDK, SE v1.5.0-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150000}
Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
KeyCAD 2.0-->C:\PROGRA~1\KeyCAD\UNWISE.EXE C:\PROGRA~1\KeyCAD\INSTALL.LOG
LEGO Star Wars-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{E914A24F-2412-4374-B420-86D21D6D444A} /l1033
LogMeIn-->MsiExec.exe /I{DD3912D6-F9FF-4042-A062-65354D6D9024}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Matroska Pack-->C:\Program Files\Matroska Pack\uninstall.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework SDK (English) 1.1-->MsiExec.exe /X{EB9BD1D5-8DFB-48C4-927B-10BB47CA59B3}
Microsoft MSDN 2005 Express Edition - ENU-->C:\Program Files\Microsoft Visual Studio 8\Microsoft MSDN 2005 Express Edition - ENU\install.exe
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{BF251EAF-8697-4E89-BF09-C998F97BBC40}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{1CBE3804-20DF-48DA-B048-895C206E80A5}
Microsoft Visual Basic 2005 Express Edition - ENU-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Basic 2005 Express Edition - ENU\setup.exe
Microsoft Visual Basic 2005 Express Edition - ENU-->MsiExec.exe /X{577AD794-8B34-40B4-9E7A-BE4CFFE396E6}
Microsoft Visual C# 2005 Express Edition - ENU-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual C# 2005 Express Edition - ENU\setup.exe
Microsoft Visual C# 2005 Express Edition - ENU-->MsiExec.exe /X{7E7D7935-B0C8-4032-80BA-2CDC9E43C3B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ Toolkit 2003-->MsiExec.exe /X{362882AE-E40A-4435-B214-6420634C401F}
Microsoft Visual Web Developer 2005 Express Edition - ENU-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Web Developer 2005 Express Edition - ENU\setup.exe
Microsoft Visual Web Developer 2005 Express Edition - ENU-->MsiExec.exe /X{221125DC-6A40-4900-B844-591F5E1195B0}
Microsoft WSE 3.0-->MsiExec.exe /I{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}
MOBILedit! 1.99-->RunDll32 C:\PROGRA~1\MOBILE~1\Setup\Setup.dll,RemoveOnly
Mono for Windows 1.0.6-->"C:\Program Files\Mono-1.0.6\unins000.exe"
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0-->MsiExec.exe /I{428102E6-8A39-48B9-8389-847F5A44A600}
MSXML 4.0-->MsiExec.exe /I{54BB0384-1C33-488F-A95B-877E480D3EDC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
MySQL Connector/ODBC 3.51-->MsiExec.exe /I{0CB3C535-1171-4A20-B549-E2CB5DEB9723}
MySQL Server 5.0-->MsiExec.exe /I{E31DF034-7CB9-4CBF-B707-A98EC2CE63F4}
O&O Defrag Server Edition-->MsiExec.exe /I{53480560-1C6A-43A7-A672-6462A374326D}
OmniPage SE 2.0-->MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
OpenOffice.org 2.0-->MsiExec.exe /I{76BB7B2D-748F-4AE9-89C3-78C051833EA1}
OpenSong 0.9.9-->C:\Program Files\OpenSong\uninst.exe
Peter's Date Package-->MsiExec.exe /I{F14D7EA6-8597-4BA3-80D3-1C9735B50303}
Phaser 3115-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12043CB1-AF6A-4781-8134-3A46757F8A67}\Setup.exe"
PHP 4.4.2-->C:\WINDOWS\system32\UNWISE.EXE C:\WINDOWS\system32\INSTALL.LOG
PHP 5.1.2-->C:\WINDOWS\system32\UNWISE.EXE C:\WINDOWS\system32\INSTALL.LOG
PHP DESIGNER 2006 - BETA 4.0.5-->"C:\Program Files\PHP DESIGNER 2006 - BETA\unins000.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
PuTTY version 0.58-->"C:\Program Files\PuTTY\unins000.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Ruby 1.8.2-15 (uninstall)-->"c:\ruby\uninst.exe"
Security Task Manager 1.7g-->C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Security Task Manager"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
SharpDevelop 1.0.3a-->C:\Program Files\SharpDevelop\uninst.exe
Skype 1.4-->"C:\Program Files\Skype\Phone\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SQLyog 5.02-->C:\Program Files\SQLyog\uninst.exe
Starpeace 1-->"C:\Games\Starpeace\unins000.exe"
Sun Java Wireless Toolkit 2.3 Beta-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EA207A3-DDB6-40D7-AB85-EC9C63691959}\Setup.exe" -l0x9 -uninst
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
The GIMP 2.0.0-1-->"C:\Program Files\GIMP-2.0\unins000.exe"
TmSunriseDemoMag 1.4.5-->C:\Games\TmSunriseDemoMag\unins000.exe
TrackMania Nations ESWC 0.1.7.5-->"C:\Games\TrackMania Nations ESWC\unins000.exe"
TrackMania Sunrise Extreme 1.5.0-->"C:\Games\TrackMania Sunrise Extreme\unins000.exe"
TypingMaster 2002-->"C:\Program Files\TypingMaster\IsStub32.exe" -f"C:\Program Files\TypingMaster\DeIsL1.isu" -c"C:\Program Files\TypingMaster\_ISREG32.DLL"
UnInstall Envy24 Family Audio Device Driver-->RunDll32.exe UnEnvyNT.dll,UninstallAudio C:\WINDOWS\IsUninst.exe -y-f"C:\PROGRA~1\AUDIOD~1/Uninst.isu"
Uninstall Plus v4.1-->"C:\Program Files\Uninstall Plus v4.1\unins000.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vietcong 2 - online demo-->C:\Games\Vietcong2-online-demo\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Winbolic Link (remove only)-->"C:\Program Files\Winbolic Link\uninstall.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Vista Upgrade Advisor-->MsiExec.exe /I{C6AA3FB7-804F-4808-AD91-B62D6ED9B788}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPcap 3.1 beta4-->"C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinSCP 3.7.6-->"C:\Program Files\WinSCP3\unins000.exe"
WordNet 2.1-->MsiExec.exe /I{58582B88-0260-4C80-9A89-8CA0923AFD26}
WordWeb-->C:\temp\WordWeb\uninst.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
XviD MPEG-4 Codec-->"C:\Program Files\XviD\UninstXviD.exe"
XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus Free

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\ruby\bin;C:\Program Files\ATI Technologies\ATI.ACE;C:\Program Files\Java\jdk1.5.0\bin;C:\Install\Dev\gcc40-20040925\thisiscool-gcc\gcc-4.0\bin;C:\Program Files\Microsoft SQL Server\90\Tools\binn;c:\mysql\bin
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.RB;.RBW
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0c00
"RUBYOPT"=rubygems
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%

-----------------EOF-----------------
  • 0

#5
Jimmy2012
Posted 19 October 2008 - 04:09 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello Neilld,

STEP 1
  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:

    • C:\WINDOWS\system32\system130917.exe
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

And please scan this file as well.
C:\WINDOWS\system32\MreadfeB.dll

STEP 2
  • Please start Malwarebytes' Anti-Malware and update it.
  • To update please do this, click Update and then click Check for Updates.
  • It will now install any updates it finds.
  • Once it is done updating please click Scanner and then click "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
~~~~~~~~~~~
In your next reply please have these logs.
Both of the VirScan logs
The Malwarebytes log
And a fresh HijackThis log
  • 0

#6
Neilld
Posted 19 October 2008 - 05:07 PM

Neilld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hey Jimmy

Thanks for the speedy reply

Here's the file from virscan on the system130917.exe that you wanted to look at

VirSCAN.org Scanned Report :
Scanned time : 2008/10/20 11:50:49 (NZDT)
Scanner results: 49% Scanner(19/39) found malware!
File Name : system130917.exe
File Size : 244190 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 70ab7f2902c082507c099ec4a394b61c
SHA1 : 3e61e301253c944d353a16465a651ce755403209
Online report : http://virscan.org/r...0bb8702b28.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.16 2008.10.17 2008-10-17 1.44 -
AhnLab V3 2008.10.19.00 2008.10.19 2008-10-19 0.94 Win-Trojan/MalPacked.Gen
AntiVir 7.9.0.5 7.0.7.60 2008-10-19 2.37 TR/Crypt.NSPM.Gen
Antiy 2.0.18 20081016.1488960 2008-10-16 0.12 -
Arcavir 1.0.5 200810191010 2008-10-19 1.22 -
Authentium 5.1.1 200810150216 2008-10-15 7.36 W32/Heuristic-210!Eldorado (Heuristic)
AVAST! 3.0.1 081015-0 2008-10-15 0.71 Win32:Oliga [Trj]
AVG 7.5.52.442 270.8.1/1733 2008-10-19 2.26 -
BitDefender 7.60825.1925581 7.21357 2008-10-20 3.27 Trojan.Crypt.Delf.D
CA (VET) 9.0.0.143 31.6.6154 2008-10-17 5.04 -
ClamAV 0.94 8445 2008-10-19 0.05 -
Comodo 2.11 2.0.0.681 2008-10-19 0.44 Backdoor.Win32.Delf.avc
CP Secure 1.1.0.715 2008.10.20 2008-10-20 6.30 -
Dr.Web 4.44.0.9170 2008.10.19 2008-10-19 3.36 -
ewido 4.0.0.2 2008.10.19 2008-10-19 3.04 -
F-Prot 4.4.4.56 20081019 2008-10-19 6.67 Possible W32/Heuristic-210!Eldorado (not disinfectable)
F-Secure 5.51.6100 2008.10.19.08 2008-10-19 3.57 -
Fortinet 2.81-3.113 9.653 2008-10-19 1.29 Suspicious
GData 19.1058/19.65 20081016 2008-10-16 2.65 Win32:Oliga [Trj] [Engine:B]
ViRobot 20081016 2008.10.16 2008-10-16 0.41 -
Ikarus T3.1.01.44 2008.10.19.71679 2008-10-19 3.65 Virus.Win32.Gaobot.2437
JiangMin 11.0.706 2008.10.19 2008-10-19 1.44 -
Kaspersky 5.5.10 2008.10.19 2008-10-19 0.05 -
KingSoft 2008.9.8.18 2008.10.19.20 2008-10-19 0.65 -
McAfee 5.3.00 5408 2008-10-17 3.63 -
Microsoft 1.4005 2008.10.19 2008-10-19 6.96 VirTool:Win32/Obfuscator.A(Suspicious)
mks_vir 2.01 2008.10.18 2008-10-18 2.69 -
Norman 5.93.01 5.93.00 2008-10-17 5.21 W32/Suspicious_N.gen
Panda 9.05.01 2008.10.19 2008-10-19 2.23 Generic Trojan
Trend Micro 8.700-1004 5.606.58 2008-10-19 0.05 Mal_MLWR-5
Quick Heal 9.50 2008.10.18 2008-10-18 1.86 Win32.Packed.NSAnti.r
Rising 20.0 20.66.62.00 2008-10-19 0.95 Backdoor.Win32.Undef.bmi
Sophos 2.79.0 4.34 2008-10-20 1.89 Mal/EncPk-F
Sunbelt 3.1.1732.1 2323 2008-10-17 3.08 -
Symantec 1.3.0.24 20081019.003 2008-10-19 0.06 -
nProtect 2008-10-17.00 2255828 2008-10-17 4.29 Trojan.Crypt.Delf.D
The Hacker 6.3.1.0 v00119 2008-10-18 0.46 -
VBA32 3.12.8.7 20081019.1214 2008-10-19 2.67 Backdoor.XiaoBird.67 (paranoid heuristics) (suspicious)
VirusBuster 4.5.11.10 10.90.7/651757 2008-10-19 0.92 -


Unfortunately I have already removed the MreadfeB.dll file from my comp. I had downloaded Security Task Manager (freeware) and it mentioned that the MreadfeB.dll file was an extreme risk so I removed it. It keeps trying to load it when I start the computer up tho so I don't know what that means.

Here's the Malwarebyte's log

Malwarebytes' Anti-Malware 1.29
Database version: 1290
Windows 5.1.2600 Service Pack 3

20/10/2008 12:00:28 p.m.
mbam-log-2008-10-20 (12-00-28).txt

Scan type: Quick Scan
Objects scanned: 71173
Time elapsed: 4 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


And here's a new HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:06:51 p.m., on 20/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\TCAUDIAG.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MS-Help] RUNDLL32.EXE C:\WINDOWS\system32\MreadfeB.dll,Install
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySQL4 - Unknown owner - C:\mysql\bin\mysqld-nt (file missing)
O23 - Service: O&O Defrag (OODefrag) - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 7547 bytes


Thanks again for your help

Neill
  • 0

#7
Jimmy2012
Posted 19 October 2008 - 10:04 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello Neilld,

I had downloaded Security Task Manager (freeware) and it mentioned that the MreadfeB.dll file was an extreme risk so I removed it.

It does not look like it was able to remove it, it is still showing up in your logs. We will try to take care of it this post. :)


STEP 1
Please click Start>Control Panel>Add or Remove Programs. And remove the following programs.(if present)
Java 2 Runtime Environment
Java 2 SDK



Please reopen HijackThis and click on Do a system scan only. And put a check next to the following line.

O4 - HKLM\..\Run: [MS-Help] RUNDLL32.EXE C:\WINDOWS\system32\MreadfeB.dll,Install

Once you have the check in that line please make sure all open windows are closed (keep HijackThis open) and click Fix checked on HijackThis. A box will open up asking if you want to fix the selected item, please click Yes. After you have fixed that line you can close HijackThis.



Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
explorer.exe

:Files
C:\WINDOWS\system32\system130917.exe
C:\WINDOWS\system32\MreadfeB.dll

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

STEP 2
Please rescan with RSIT and post the logs that open back in your next reply.

~~~~~~~~~~~~~~
In your next reply please have these logs. You will need to use more then one reply for the logs to fit.
  • The OTMoveIt3 log
  • And the RSIT logs

Edited by Jimmy2012, 19 October 2008 - 10:05 PM.

  • 0

#8
Neilld
Posted 20 October 2008 - 01:42 AM

Neilld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Alrighty....

Here's the OTMoveIt3 log

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\WINDOWS\system32\system130917.exe moved successfully.
File/Folder C:\WINDOWS\system32\MreadfeB.dll not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Neill\LOCALS~1\Temp\etilqs_ARtjhZcEnSQLqo00zuz1 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\ib10 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib11 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib7 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib8 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib9 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_8c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Neill\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6yvctxw.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Neill\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6yvctxw.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Neill\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6yvctxw.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Neill\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6yvctxw.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Neill\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6yvctxw.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Neill\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6yvctxw.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10202008_203108

Files moved on Reboot...
File C:\DOCUME~1\Neill\LOCALS~1\Temp\etilqs_ARtjhZcEnSQLqo00zuz1 not found!
File C:\WINDOWS\temp\ib10 not found!
File C:\WINDOWS\temp\ib11 not found!
File C:\WINDOWS\temp\ib7 not found!
File C:\WINDOWS\temp\ib8 not found!
File C:\WINDOWS\temp\ib9 not found!
File C:\WINDOWS\temp\Perflib_Perfdata_8c.dat not found!
C:\Documents and Settings\Neill\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6yvctxw.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Neill\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6yvctxw.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Neill\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6yvctxw.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Neill\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6yvctxw.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Neill\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6yvctxw.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Neill\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6yvctxw.default\XUL.mfl moved successfully.

And here's the log.txt file from RSIT

Logfile of random's system information tool 1.04 (written by random/random)
Run by Neill at 2008-10-20 20:40:03
Microsoft Windows XP Professional Service Pack 3
System drive C: has 22 GB (20%) free of 114 GB
Total RAM: 1023 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:40:12 p.m., on 20/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apache Group\Apache\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\WINDOWS\system32\TCAUDIAG.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Neill\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Neill.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_10.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySQL4 - Unknown owner - C:\mysql\bin\mysqld-nt (file missing)
O23 - Service: O&O Defrag (OODefrag) - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 7426 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-10-15 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-12 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-15 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5366673-E8CA-11D3-9CD9-0090271D075B}]
IeCatch2 Class - C:\PROGRA~1\FlashGet\jccatch.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-12 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-10-12 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet Bar - C:\PROGRA~1\FlashGet\fgiebar.dll [2005-06-07 86016]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-15 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"=C:\Program Files\LogMeIn\LogMeInSystray.exe [2005-12-15 295664]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-03-15 180269]
"OPSE reminder"=C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe [2003-07-07 729088]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"TCASUTIEXE"=TCAUDIAG.exe -on []
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-10-15 1234712]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-12 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-09-03 1576176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-01-20 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2005-12-15 10472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BA0A0B68-6F3C-51D2-B901-E381E036D21A}"=C:\WINDOWS\system32\KcrnaDrv.dll []
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Games\Dawn of War\w40k.exe"="C:\Games\Dawn of War\w40k.exe:*:Enabled:W40K"
"C:\Games\Wolfenstein - Enemy Territory\ET.exe"="C:\Games\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"C:\Games\Mohaa\MOHAA.exe"="C:\Games\Mohaa\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"C:\Games\Worms\WWP.EXE"="C:\Games\Worms\WWP.EXE:*:Enabled:Worms World Party"
"C:\Games\Warcraft III\Warcraft III.exe"="C:\Games\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Games\Warcraft III\war3.exe"="C:\Games\Warcraft III\war3.exe:*:Enabled:Warcraft III"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Games\TmSunriseDemoMag\TmSunriseDemoMag.exe"="C:\Games\TmSunriseDemoMag\TmSunriseDemoMag.exe:*:Enabled:TmSunriseDemoMag"
"C:\Games\Doomsday\Bin\Doomsday.exe"="C:\Games\Doomsday\Bin\Doomsday.exe:*:Enabled:Doomsday"
"C:\Games\Legacy\Legacy.exe"="C:\Games\Legacy\Legacy.exe:*:Enabled:Legacy"
"C:\Program Files (x86)\rmDC++0.403D\StrongDC.exe"="C:\Program Files (x86)\rmDC++0.403D\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Games\TOTALA\totala.exe"="C:\Games\TOTALA\totala.exe:*:Enabled:Total Annihilation"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Games\Dawn of War\W40kWA.exe"="C:\Games\Dawn of War\W40kWA.exe:*:Enabled:W40kWA"
"C:\Program Files (x86)\Skype\Phone\Skype.exe"="C:\Program Files (x86)\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Games\Command & Conquer Generals Zero Hour\game.dat"="C:\Games\Command & Conquer Generals Zero Hour\game.dat:*:Enabled:game"
"C:\Program Files (x86)\rmDC++0.403D\CZDCPlusPlus.exe"="C:\Program Files (x86)\rmDC++0.403D\CZDCPlusPlus.exe:*:Enabled:CZDC++"
"C:\Program Files\Java\jdk1.5.0_05\bin\java.exe"="C:\Program Files\Java\jdk1.5.0_05\bin\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\Program Files (x86)\Xfire\Xfire.exe"="C:\Program Files (x86)\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\Games\UT2004\System\UT2004.exe"="C:\Games\UT2004\System\UT2004.exe:*:Enabled:UT2004"
"C:\Program Files\Apache Group\Apache\Apache.exe"="C:\Program Files\Apache Group\Apache\Apache.exe:*:Enabled:Apache"
"C:\Games\TrackMania Nations ESWC\TmNationsESWC.exe"="C:\Games\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Games\Dawn of War\Dawn of War - Dark Crusade\DarkCrusade.exe"="C:\Games\Dawn of War\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\World of Warcraft\WoW-2.3.0.7561-to-2.4.0.8089-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.3.0.7561-to-2.4.0.8089-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 2 months======

2008-10-20 20:31:08 ----D---- C:\_OTMoveIt
2008-10-20 00:20:57 ----D---- C:\Program Files\Oberon Media
2008-10-20 00:20:57 ----D---- C:\Program Files\MSN Games
2008-10-19 20:39:42 ----D---- C:\rsit
2008-10-19 16:46:02 ----D---- C:\Program Files\DOSBox-0.72
2008-10-17 00:32:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-16 13:27:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 13:25:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 13:23:08 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 12:52:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 12:50:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-16 12:24:14 ----HDC---- C:\WINDOWS\$NtUninstallKB953155$
2008-10-16 12:22:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-16 09:40:57 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Blizzard
2008-10-15 13:31:09 ----D---- C:\Program Files\Trend Micro
2008-10-15 13:28:26 ----D---- C:\Documents and Settings\Neill\Application Data\Help
2008-10-15 13:07:47 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan
2008-10-15 13:07:38 ----D---- C:\Program Files\Security Task Manager
2008-10-15 12:54:05 ----HD---- C:\$AVG8.VAULT$
2008-10-15 12:22:01 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-10-15 12:21:57 ----D---- C:\Documents and Settings\Neill\Application Data\AVGTOOLBAR
2008-10-15 12:21:48 ----D---- C:\Program Files\AVG
2008-10-15 12:17:53 ----SHD---- C:\RECYCLER
2008-10-15 12:17:14 ----A---- C:\ComboFix.txt
2008-10-15 12:03:38 ----D---- C:\ComboFix
2008-10-15 09:40:25 ----D---- C:\Program Files\Kaspersky Anti-Virus
2008-10-15 08:56:03 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-10-15 08:55:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-15 08:55:50 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-15 08:55:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-15 08:55:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-15 08:55:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-15 08:55:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-10-15 08:55:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-15 08:55:13 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-15 08:55:08 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-15 08:55:01 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-10-15 08:54:55 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-15 08:54:49 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-15 08:49:42 ----D---- C:\WINDOWS\system32\en-us
2008-10-15 08:49:41 ----D---- C:\WINDOWS\system32\scripting
2008-10-15 08:49:40 ----D---- C:\WINDOWS\l2schemas
2008-10-15 08:49:39 ----D---- C:\WINDOWS\system32\en
2008-10-15 08:49:39 ----D---- C:\WINDOWS\system32\bits
2008-10-15 08:45:51 ----D---- C:\WINDOWS\network diagnostic
2008-10-13 14:21:49 ----D---- C:\Program Files\World of Warcraft
2008-10-13 11:23:57 ----RA---- C:\WINDOWS\system32\UpdDrv2K.exe
2008-10-13 11:23:57 ----RA---- C:\WINDOWS\system32\UN3CDiag.exe
2008-10-13 11:23:57 ----RA---- C:\WINDOWS\system32\sk98nt4.ini
2008-10-13 11:23:57 ----RA---- C:\WINDOWS\system32\InstInfo.ini
2008-10-13 11:23:03 ----A---- C:\WINDOWS\system32\TDInst2K.exe
2008-10-13 11:23:03 ----A---- C:\WINDOWS\system32\tcauprot.dll
2008-10-13 11:23:03 ----A---- C:\WINDOWS\system32\tcaum998.dll
2008-10-13 11:23:03 ----A---- C:\WINDOWS\system32\tcaudvar.txt
2008-10-13 11:23:03 ----A---- C:\WINDOWS\system32\TCAUDIAG.EXE
2008-10-13 11:23:03 ----A---- C:\WINDOWS\system32\TCAMHWAC.DLL
2008-10-13 11:23:03 ----A---- C:\WINDOWS\system32\ROBOEX32.DLL
2008-10-13 11:23:03 ----A---- C:\WINDOWS\system32\INETWH32.dll
2008-10-13 11:22:59 ----D---- C:\3com
2008-10-13 10:59:47 ----D---- C:\Program Files\PC Drivers HeadQuarters
2008-10-13 10:59:47 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters
2008-10-13 10:18:57 ----D---- C:\WINDOWS\Performance
2008-10-13 10:18:46 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Corporation
2008-10-13 10:18:16 ----D---- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-10-13 00:25:24 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\SiteAdvisor
2008-10-13 00:06:21 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
2008-10-12 23:26:23 ----A---- C:\log2.txt
2008-10-12 23:26:23 ----A---- C:\log1.txt
2008-10-12 22:43:37 ----D---- C:\Documents and Settings\Neill\Application Data\True Sword
2008-10-12 22:43:31 ----D---- C:\Program Files\True Sword 5
2008-10-12 15:38:46 ----A---- C:\WINDOWS\1.ini
2008-10-12 15:14:28 ----A---- C:\WINDOWS\system32\locate.com
2008-10-12 15:13:09 ----D---- C:\MGtools
2008-10-12 14:54:45 ----A---- C:\Boot.bak
2008-10-12 14:54:38 ----D---- C:\cmdcons
2008-10-12 14:53:13 ----A---- C:\WINDOWS\zip.exe
2008-10-12 14:53:13 ----A---- C:\WINDOWS\VFIND.exe
2008-10-12 14:53:13 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-10-12 14:53:13 ----A---- C:\WINDOWS\SWSC.exe
2008-10-12 14:53:13 ----A---- C:\WINDOWS\SWREG.exe
2008-10-12 14:53:13 ----A---- C:\WINDOWS\sed.exe
2008-10-12 14:53:13 ----A---- C:\WINDOWS\NIRCMD.exe
2008-10-12 14:53:13 ----A---- C:\WINDOWS\grep.exe
2008-10-12 14:53:13 ----A---- C:\WINDOWS\fdsv.exe
2008-10-12 14:51:59 ----D---- C:\WINDOWS\ERDNT
2008-10-12 14:51:59 ----D---- C:\Qoobox
2008-10-12 14:26:17 ----D---- C:\Documents and Settings\Neill\Application Data\Malwarebytes
2008-10-12 14:26:13 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-12 14:26:13 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-10-12 13:54:49 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-12 13:54:49 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-10-12 12:13:09 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-10-12 12:13:04 ----D---- C:\Program Files\SUPERAntiSpyware
2008-10-12 12:13:04 ----D---- C:\Documents and Settings\Neill\Application Data\SUPERAntiSpyware.com
2008-10-12 12:06:42 ----A---- C:\MGtools.exe
2008-10-12 11:50:11 ----D---- C:\Program Files\CCleaner
2008-10-12 11:44:59 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-12 11:44:59 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-12 11:44:59 ----A---- C:\WINDOWS\system32\java.exe
2008-10-12 11:44:59 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-10-12 11:16:46 ----A---- C:\Program Files\unst0_0.exe
2008-10-12 11:16:44 ----A---- C:\Program Files\Program Files.ini
2008-10-12 11:02:30 ----D---- C:\Program Files\Uninstall Plus v4.1
2008-10-06 04:37:03 ----D---- C:\Program Files\Common Files\plugin
2008-09-17 09:27:39 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\K7 Computing
2008-09-10 16:32:55 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-09-05 09:17:31 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-09-04 09:09:21 ----N---- C:\WINDOWS\system32\pxsfs.dll
2008-09-04 09:09:21 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-08-26 22:33:45 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-08-26 22:33:34 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-08-26 22:33:25 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-08-26 22:33:21 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-26 22:33:21 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-08-26 22:33:06 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-08-26 22:33:06 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-08-26 22:32:37 ----N---- C:\WINDOWS\system32\setupn.exe
2008-08-26 22:32:30 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-08-26 22:32:27 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-08-26 22:32:26 ----N---- C:\WINDOWS\system32\qutil.dll
2008-08-26 22:32:23 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-08-26 22:32:23 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-08-26 22:32:22 ----N---- C:\WINDOWS\system32\qagent.dll
2008-08-26 22:32:20 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-26 22:32:14 ----N---- C:\WINDOWS\system32\onex.dll
2008-08-26 22:31:52 ----N---- C:\WINDOWS\system32\napstat.exe
2008-08-26 22:31:52 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-08-26 22:31:52 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-08-26 22:31:43 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-08-26 22:31:43 ----N---- C:\WINDOWS\system32\mssha.dll
2008-08-26 22:31:07 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-08-26 22:31:07 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-26 22:31:07 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-08-26 22:31:07 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-26 22:30:39 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-08-26 22:30:30 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-08-26 22:30:30 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-08-26 22:30:30 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-08-26 22:30:30 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-08-26 22:30:30 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-08-26 22:29:28 ----A---- C:\WINDOWS\005782_.tmp
2008-08-26 22:29:26 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-08-26 22:29:26 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-08-26 22:29:26 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-08-26 22:29:26 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-08-26 22:29:26 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-08-26 22:29:26 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-08-26 22:29:26 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-08-26 22:29:26 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-08-26 22:29:22 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-08-26 22:29:22 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-08-26 22:29:22 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-08-26 22:29:22 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-08-26 22:29:22 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-08-26 22:29:22 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-08-26 22:29:22 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-08-26 22:29:19 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-08-26 22:29:19 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-08-26 22:29:19 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-08-26 22:29:16 ----N---- C:\WINDOWS\system32\credssp.dll
2008-08-26 22:29:10 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-08-26 22:29:09 ----N---- C:\WINDOWS\system32\azroles.dll
2008-08-26 22:28:59 ----N---- C:\WINDOWS\system32\aaclient.dll

======List of files/folders modified in the last 2 months======

2008-10-20 20:40:08 ----D---- C:\WINDOWS\Temp
2008-10-20 20:36:53 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-20 20:36:07 ----D---- C:\Program Files\Mozilla Firefox
2008-10-20 20:36:03 ----D---- C:\WINDOWS\Prefetch
2008-10-20 20:32:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-20 20:31:10 ----D---- C:\WINDOWS\system32
2008-10-20 20:26:30 ----SHD---- C:\WINDOWS\Installer
2008-10-20 20:26:20 ----D---- C:\Program Files\Java
2008-10-20 13:49:09 ----D---- C:\Documents and Settings\Neill\Application Data\OpenOffice.org2
2008-10-20 12:03:38 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-20 11:54:36 ----D---- C:\WINDOWS\system32\drivers
2008-10-20 08:06:07 ----D---- C:\WINDOWS
2008-10-20 00:22:00 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2008-10-20 00:20:57 ----D---- C:\Program Files
2008-10-17 00:32:11 ----HD---- C:\WINDOWS\inf
2008-10-17 00:32:08 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-16 22:52:51 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-16 14:58:47 ----D---- C:\WINDOWS\Debug
2008-10-15 13:55:33 ----D---- C:\WINDOWS\system32\appmgmt
2008-10-15 13:55:33 ----D---- C:\Documents and Settings
2008-10-15 12:21:48 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-10-15 12:10:49 ----N---- C:\WINDOWS\system.ini
2008-10-15 12:06:11 ----D---- C:\WINDOWS\AppPatch
2008-10-15 12:06:11 ----D---- C:\Program Files\Common Files
2008-10-15 09:31:56 ----SD---- C:\Documents and Settings\Neill\Application Data\Microsoft
2008-10-15 09:01:28 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-15 08:58:59 ----D---- C:\WINDOWS\system32\Setup
2008-10-15 08:58:58 ----D---- C:\WINDOWS\system32\wbem
2008-10-15 08:58:58 ----D---- C:\Program Files\Internet Explorer
2008-10-15 08:58:57 ----RSD---- C:\WINDOWS\Fonts
2008-10-15 08:56:06 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-15 08:54:57 ----D---- C:\Program Files\Messenger
2008-10-15 08:54:31 ----D---- C:\WINDOWS\security
2008-10-15 08:50:07 ----D---- C:\WINDOWS\WinSxS
2008-10-15 08:50:01 ----D---- C:\Program Files\Windows Media Player
2008-10-15 08:49:50 ----D---- C:\WINDOWS\ime
2008-10-15 08:49:50 ----D---- C:\WINDOWS\Help
2008-10-15 08:49:42 ----D---- C:\WINDOWS\system32\usmt
2008-10-15 08:49:39 ----D---- C:\WINDOWS\peernet
2008-10-15 08:49:39 ----D---- C:\Program Files\Movie Maker
2008-10-15 08:47:14 ----D---- C:\WINDOWS\system32\Restore
2008-10-15 08:47:14 ----D---- C:\WINDOWS\system32\npp
2008-10-15 08:47:13 ----D---- C:\WINDOWS\mui
2008-10-15 08:47:13 ----D---- C:\WINDOWS\msagent
2008-10-15 08:47:12 ----D---- C:\WINDOWS\srchasst
2008-10-15 08:47:11 ----D---- C:\Program Files\NetMeeting
2008-10-15 08:47:10 ----D---- C:\WINDOWS\system32\Com
2008-10-15 08:47:08 ----D---- C:\Program Files\Windows NT
2008-10-15 08:47:08 ----D---- C:\Program Files\Outlook Express
2008-10-15 08:47:06 ----D---- C:\Program Files\Common Files\System
2008-10-15 08:46:55 ----D---- C:\WINDOWS\system32\oobe
2008-10-15 08:46:54 ----D---- C:\WINDOWS\system
2008-10-15 08:44:44 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-15 08:44:32 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-15 08:41:42 ----D---- C:\WINDOWS\EHome
2008-10-14 22:43:02 ----D---- C:\WINDOWS\Minidump
2008-10-14 10:19:17 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-13 21:09:12 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-10-13 11:00:41 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-13 11:00:37 ----RSD---- C:\WINDOWS\assembly
2008-10-13 02:24:47 ----AC---- C:\WINDOWS\NeroDigital.ini
2008-10-13 01:04:47 ----SD---- C:\WINDOWS\Tasks
2008-10-12 15:38:02 ----D---- C:\Documents and Settings\Neill\Application Data\Mozilla
2008-10-12 15:24:25 ----D---- C:\Program Files\Mozilla Thunderbird
2008-10-12 15:24:22 ----AC---- C:\WINDOWS\WININIT.INI
2008-10-12 14:58:13 ----D---- C:\WINDOWS\system32\config
2008-10-12 14:56:07 ----D---- C:\Program Files\LogMeIn
2008-10-12 14:54:45 ----RASH---- C:\boot.ini
2008-10-12 14:24:09 ----D---- C:\WINDOWS\wt
2008-10-12 12:12:40 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-12 11:15:09 ----D---- C:\Inetpub
2008-10-12 11:14:09 ----D---- C:\WTK23
2008-10-12 11:14:09 ----D---- C:\WTK22
2008-10-12 11:14:09 ----D---- C:\Temp
2008-10-12 11:14:09 ----D---- C:\Program Files\Winamp
2008-10-12 11:14:09 ----D---- C:\Program Files\SQLyog
2008-10-12 11:14:09 ----D---- C:\Program Files\MUSHclient
2008-10-12 11:14:09 ----D---- C:\Program Files\IsoBuster
2008-10-12 11:14:09 ----D---- C:\Program Files\GameSpy Arcade
2008-10-12 11:14:09 ----D---- C:\PHP
2008-10-12 11:14:09 ----D---- C:\MinGW
2008-10-12 11:14:08 ----D---- C:\cygwin
2008-10-08 08:19:40 ----AC---- C:\WINDOWS\system32\MRT.exe
2008-09-22 09:40:44 ----D---- C:\Games
2008-09-22 09:39:16 ----D---- C:\Program Files\Common Files\InstallShield
2008-09-19 19:43:17 ----D---- C:\Program Files\D-Tools
2008-09-17 19:00:38 ----D---- C:\Program Files\FlashGet
2008-09-05 13:39:30 ----C---- C:\WINDOWS\win.ini
2008-09-04 10:37:39 ----D---- C:\Documents and Settings\Neill\Application Data\Apple Computer
2008-09-04 09:11:11 ----D---- C:\WINDOWS\RegisteredPackages
2008-08-28 20:46:02 ----A---- C:\WINDOWS\system32\win32spl.dll
2008-08-28 20:46:02 ----A---- C:\WINDOWS\system32\msw3prt.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-10-15 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-10-15 26824]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2003-10-11 52128]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-30 12032]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-10-15 76040]
R2 enodpl;enodpl; C:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\RaInfo.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2002-08-30 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2002-08-30 55936]
R2 tandpl;tandpl; C:\WINDOWS\System32\drivers\tandpl.sys [2003-04-19 4736]
R2 tcaicchg;tcaicchg; \??\C:\WINDOWS\system32\tcaicchg.sys []
R2 TCAITDI;TCAITDI Protocol; C:\WINDOWS\system32\DRIVERS\TCAITDI.sys [2001-09-04 19534]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2005-01-20 965632]
R3 EL2000;3Com 3C2000x EtherLink XL Adapter; C:\WINDOWS\System32\DRIVERS\EL2K_XP.sys [2003-06-03 147328]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM; C:\WINDOWS\system32\drivers\Envy24HF.sys [2004-11-26 577664]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-01-29 16168]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 LMImirr;LMImirr; C:\WINDOWS\system32\DRIVERS\LMImirr.sys [2005-12-15 7400]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-08-30 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Winachcf;Winachcf; C:\WINDOWS\system32\DRIVERS\winachcf.sys [2001-08-15 737975]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-18 3712]
S3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-18 283904]
S3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-18 6912]
S3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
S3 ipw_mdfl;Wireless Broadband Modem Filter; C:\WINDOWS\system32\DRIVERS\ipw_mdfl.sys []
S3 ipw_mdm;Wireless Broadband Modem (WDM); C:\WINDOWS\system32\DRIVERS\ipw_mdm.sys []
S3 krdpdre;krdpdre; \??\C:\DOCUME~1\Neill\LOCALS~1\Temp\krdpdre.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys []
S3 P2k;Motorola USB Device; C:\WINDOWS\system32\DRIVERS\P2k.sys [2005-07-20 36480]
S3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-18 36480]
S3 sony_ssm.sys;sony_ssm.sys; \??\C:\DOCUME~1\Neill\LOCALS~1\Temp\sony_ssm.sys []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-14 26112]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apache;Apache; C:\Program Files\Apache Group\Apache\Apache.exe [2005-10-18 20545]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-15 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-15 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-12 147456]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-03-19 335872]
R2 MySQL4;MySQL4; C:\mysql\bin\mysqld-nt --defaults-file=C:\mysql\my.ini MySQL4 []
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2007-12-20 122880]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-01-19 516096]
S2 OODefrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2002-01-18 263168]
S2 systemdown;Remote Access; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 wowsystemcode;Remote TCP/IPv6; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
S3 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2005-10-14 28768528]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2004-10-29 86016]
S3 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2005-10-14 87768]
S3 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-01-20 344064]
S4 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\RaMaint.exe []
S4 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\LogMeIn.exe [2005-12-15 1610480]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2005-10-14 239320]

-----------------EOF-----------------
  • 0

#9
Neilld
Posted 20 October 2008 - 01:47 AM

Neilld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Weird thing tho... I only got one log from the RSIT thingy

I had a search for the info.txt file and the only one in the relevant folder was the one that I did yesterday.

Am I doing something wrong? Or is it hiding in a sneaky place that I haven't looked in? :)
  • 0

#10
Jimmy2012
Posted 20 October 2008 - 02:13 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello Neilld,

I only got one log from the RSIT thingy

No problem, I just mainly needed the log.txt. :)

STEP 1
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
explorer.exe

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BA0A0B68-6F3C-51D2-B901-E381E036D21A}"=-

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

STEP 2
Please run another scan with RSIT and post log.txt in your next reply.

~~~~~~~~~~~~
In your next reply please have these logs.
The OTMoveIt3 log
And the RSIT log.txt
  • 0

Advertisements

#11
Neilld
Posted 20 October 2008 - 05:40 PM

Neilld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Here's the OTMoveIt3 log file

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{BA0A0B68-6F3C-51D2-B901-E381E036D21A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA0A0B68-6F3C-51D2-B901-E381E036D21A}\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Neill\LOCALS~1\Temp\etilqs_tf3PidDxOh3540VItYBD scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\ib2 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib3 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib4 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib5 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib6 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_520.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Neill\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6yvctxw.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Neill\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6yvctxw.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Neill\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6yvctxw.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Neill\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6yvctxw.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Neill\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6yvctxw.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Neill\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6yvctxw.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10212008_123141

Files moved on Reboot...
File C:\DOCUME~1\Neill\LOCALS~1\Temp\etilqs_tf3PidDxOh3540VItYBD not found!
File move failed. C:\WINDOWS\temp\ib2 scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\ib3 scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\ib4 scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\ib5 scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\ib6 scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_520.dat not found!
C:\Documents and Settings\Neill\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6yvctxw.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Neill\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6yvctxw.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Neill\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6yvctxw.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Neill\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6yvctxw.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Neill\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6yvctxw.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Neill\Local Settings\Application Data\Mozilla\Firefox\Profiles\u6yvctxw.default\XUL.mfl moved successfully.
  • 0

#12
Neilld
Posted 20 October 2008 - 05:41 PM

Neilld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
And here's the RSIT log.txt file

Logfile of random's system information tool 1.04 (written by random/random)
Run by Neill at 2008-10-21 12:38:57
Microsoft Windows XP Professional Service Pack 3
System drive C: has 22 GB (20%) free of 114 GB
Total RAM: 1023 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:15 p.m., on 21/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apache Group\Apache\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Apache Group\Apache\Apache.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\WINDOWS\system32\TCAUDIAG.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Neill\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Neill.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_10.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySQL4 - Unknown owner - C:\mysql\bin\mysqld-nt (file missing)
O23 - Service: O&O Defrag (OODefrag) - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 7427 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-10-15 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-10-12 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-15 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5366673-E8CA-11D3-9CD9-0090271D075B}]
IeCatch2 Class - C:\PROGRA~1\FlashGet\jccatch.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-10-12 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-10-12 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet Bar - C:\PROGRA~1\FlashGet\fgiebar.dll [2005-06-07 86016]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-15 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"=C:\Program Files\LogMeIn\LogMeInSystray.exe [2005-12-15 295664]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-03-15 180269]
"OPSE reminder"=C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe [2003-07-07 729088]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"TCASUTIEXE"=TCAUDIAG.exe -on []
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-10-15 1234712]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-10-12 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-09-03 1576176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-01-20 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2005-12-15 10472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Games\Dawn of War\w40k.exe"="C:\Games\Dawn of War\w40k.exe:*:Enabled:W40K"
"C:\Games\Wolfenstein - Enemy Territory\ET.exe"="C:\Games\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"C:\Games\Mohaa\MOHAA.exe"="C:\Games\Mohaa\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault"
"C:\Games\Worms\WWP.EXE"="C:\Games\Worms\WWP.EXE:*:Enabled:Worms World Party"
"C:\Games\Warcraft III\Warcraft III.exe"="C:\Games\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Games\Warcraft III\war3.exe"="C:\Games\Warcraft III\war3.exe:*:Enabled:Warcraft III"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Games\TmSunriseDemoMag\TmSunriseDemoMag.exe"="C:\Games\TmSunriseDemoMag\TmSunriseDemoMag.exe:*:Enabled:TmSunriseDemoMag"
"C:\Games\Doomsday\Bin\Doomsday.exe"="C:\Games\Doomsday\Bin\Doomsday.exe:*:Enabled:Doomsday"
"C:\Games\Legacy\Legacy.exe"="C:\Games\Legacy\Legacy.exe:*:Enabled:Legacy"
"C:\Program Files (x86)\rmDC++0.403D\StrongDC.exe"="C:\Program Files (x86)\rmDC++0.403D\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Games\TOTALA\totala.exe"="C:\Games\TOTALA\totala.exe:*:Enabled:Total Annihilation"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Games\Dawn of War\W40kWA.exe"="C:\Games\Dawn of War\W40kWA.exe:*:Enabled:W40kWA"
"C:\Program Files (x86)\Skype\Phone\Skype.exe"="C:\Program Files (x86)\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Games\Command & Conquer Generals Zero Hour\game.dat"="C:\Games\Command & Conquer Generals Zero Hour\game.dat:*:Enabled:game"
"C:\Program Files (x86)\rmDC++0.403D\CZDCPlusPlus.exe"="C:\Program Files (x86)\rmDC++0.403D\CZDCPlusPlus.exe:*:Enabled:CZDC++"
"C:\Program Files\Java\jdk1.5.0_05\bin\java.exe"="C:\Program Files\Java\jdk1.5.0_05\bin\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\Program Files (x86)\Xfire\Xfire.exe"="C:\Program Files (x86)\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\Games\UT2004\System\UT2004.exe"="C:\Games\UT2004\System\UT2004.exe:*:Enabled:UT2004"
"C:\Program Files\Apache Group\Apache\Apache.exe"="C:\Program Files\Apache Group\Apache\Apache.exe:*:Enabled:Apache"
"C:\Games\TrackMania Nations ESWC\TmNationsESWC.exe"="C:\Games\TrackMania Nations ESWC\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Games\Dawn of War\Dawn of War - Dark Crusade\DarkCrusade.exe"="C:\Games\Dawn of War\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\World of Warcraft\WoW-2.3.0.7561-to-2.4.0.8089-enUS-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.3.0.7561-to-2.4.0.8089-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 2 months======

2008-10-20 20:31:08 ----D---- C:\_OTMoveIt
2008-10-20 00:20:57 ----D---- C:\Program Files\Oberon Media
2008-10-20 00:20:57 ----D---- C:\Program Files\MSN Games
2008-10-19 20:39:42 ----D---- C:\rsit
2008-10-19 16:46:02 ----D---- C:\Program Files\DOSBox-0.72
2008-10-17 00:32:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-16 13:27:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 13:25:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 13:23:08 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 12:52:43 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 12:50:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-16 12:24:14 ----HDC---- C:\WINDOWS\$NtUninstallKB953155$
2008-10-16 12:22:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-16 09:40:57 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Blizzard
2008-10-15 13:31:09 ----D---- C:\Program Files\Trend Micro
2008-10-15 13:28:26 ----D---- C:\Documents and Settings\Neill\Application Data\Help
2008-10-15 13:07:47 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan
2008-10-15 13:07:38 ----D---- C:\Program Files\Security Task Manager
2008-10-15 12:54:05 ----HD---- C:\$AVG8.VAULT$
2008-10-15 12:22:01 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-10-15 12:21:57 ----D---- C:\Documents and Settings\Neill\Application Data\AVGTOOLBAR
2008-10-15 12:21:48 ----D---- C:\Program Files\AVG
2008-10-15 12:17:53 ----SHD---- C:\RECYCLER
2008-10-15 12:17:14 ----A---- C:\ComboFix.txt
2008-10-15 12:03:38 ----D---- C:\ComboFix
2008-10-15 09:40:25 ----D---- C:\Program Files\Kaspersky Anti-Virus
2008-10-15 08:56:03 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-10-15 08:55:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-15 08:55:50 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-15 08:55:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-15 08:55:38 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-15 08:55:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-15 08:55:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-10-15 08:55:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-15 08:55:13 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-15 08:55:08 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-15 08:55:01 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-10-15 08:54:55 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-15 08:54:49 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-15 08:49:42 ----D---- C:\WINDOWS\system32\en-us
2008-10-15 08:49:41 ----D---- C:\WINDOWS\system32\scripting
2008-10-15 08:49:40 ----D---- C:\WINDOWS\l2schemas
2008-10-15 08:49:39 ----D---- C:\WINDOWS\system32\en
2008-10-15 08:49:39 ----D---- C:\WINDOWS\system32\bits
2008-10-15 08:45:51 ----D---- C:\WINDOWS\network diagnostic
2008-10-13 14:21:49 ----D---- C:\Program Files\World of Warcraft
2008-10-13 11:23:57 ----RA---- C:\WINDOWS\system32\UpdDrv2K.exe
2008-10-13 11:23:57 ----RA---- C:\WINDOWS\system32\UN3CDiag.exe
2008-10-13 11:23:57 ----RA---- C:\WINDOWS\system32\sk98nt4.ini
2008-10-13 11:23:57 ----RA---- C:\WINDOWS\system32\InstInfo.ini
2008-10-13 11:23:03 ----A---- C:\WINDOWS\system32\TDInst2K.exe
2008-10-13 11:23:03 ----A---- C:\WINDOWS\system32\tcauprot.dll
2008-10-13 11:23:03 ----A---- C:\WINDOWS\system32\tcaum998.dll
2008-10-13 11:23:03 ----A---- C:\WINDOWS\system32\tcaudvar.txt
2008-10-13 11:23:03 ----A---- C:\WINDOWS\system32\TCAUDIAG.EXE
2008-10-13 11:23:03 ----A---- C:\WINDOWS\system32\TCAMHWAC.DLL
2008-10-13 11:23:03 ----A---- C:\WINDOWS\system32\ROBOEX32.DLL
2008-10-13 11:23:03 ----A---- C:\WINDOWS\system32\INETWH32.dll
2008-10-13 11:22:59 ----D---- C:\3com
2008-10-13 10:59:47 ----D---- C:\Program Files\PC Drivers HeadQuarters
2008-10-13 10:59:47 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters
2008-10-13 10:18:57 ----D---- C:\WINDOWS\Performance
2008-10-13 10:18:46 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Corporation
2008-10-13 10:18:16 ----D---- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2008-10-13 00:25:24 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\SiteAdvisor
2008-10-13 00:06:21 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee
2008-10-12 23:26:23 ----A---- C:\log2.txt
2008-10-12 23:26:23 ----A---- C:\log1.txt
2008-10-12 22:43:37 ----D---- C:\Documents and Settings\Neill\Application Data\True Sword
2008-10-12 22:43:31 ----D---- C:\Program Files\True Sword 5
2008-10-12 15:38:46 ----A---- C:\WINDOWS\1.ini
2008-10-12 15:14:28 ----A---- C:\WINDOWS\system32\locate.com
2008-10-12 15:13:09 ----D---- C:\MGtools
2008-10-12 14:54:45 ----A---- C:\Boot.bak
2008-10-12 14:54:38 ----D---- C:\cmdcons
2008-10-12 14:53:13 ----A---- C:\WINDOWS\zip.exe
2008-10-12 14:53:13 ----A---- C:\WINDOWS\VFIND.exe
2008-10-12 14:53:13 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-10-12 14:53:13 ----A---- C:\WINDOWS\SWSC.exe
2008-10-12 14:53:13 ----A---- C:\WINDOWS\SWREG.exe
2008-10-12 14:53:13 ----A---- C:\WINDOWS\sed.exe
2008-10-12 14:53:13 ----A---- C:\WINDOWS\NIRCMD.exe
2008-10-12 14:53:13 ----A---- C:\WINDOWS\grep.exe
2008-10-12 14:53:13 ----A---- C:\WINDOWS\fdsv.exe
2008-10-12 14:51:59 ----D---- C:\WINDOWS\ERDNT
2008-10-12 14:51:59 ----D---- C:\Qoobox
2008-10-12 14:26:17 ----D---- C:\Documents and Settings\Neill\Application Data\Malwarebytes
2008-10-12 14:26:13 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-12 14:26:13 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-10-12 13:54:49 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-12 13:54:49 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-10-12 12:13:09 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-10-12 12:13:04 ----D---- C:\Program Files\SUPERAntiSpyware
2008-10-12 12:13:04 ----D---- C:\Documents and Settings\Neill\Application Data\SUPERAntiSpyware.com
2008-10-12 12:06:42 ----A---- C:\MGtools.exe
2008-10-12 11:50:11 ----D---- C:\Program Files\CCleaner
2008-10-12 11:44:59 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-12 11:44:59 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-12 11:44:59 ----A---- C:\WINDOWS\system32\java.exe
2008-10-12 11:44:59 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-10-12 11:16:46 ----A---- C:\Program Files\unst0_0.exe
2008-10-12 11:16:44 ----A---- C:\Program Files\Program Files.ini
2008-10-12 11:02:30 ----D---- C:\Program Files\Uninstall Plus v4.1
2008-10-06 04:37:03 ----D---- C:\Program Files\Common Files\plugin
2008-09-17 09:27:39 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\K7 Computing
2008-09-10 16:32:55 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-09-05 09:17:31 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-09-04 09:09:21 ----N---- C:\WINDOWS\system32\pxsfs.dll
2008-09-04 09:09:21 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-08-26 22:33:45 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-08-26 22:33:34 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-08-26 22:33:25 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-08-26 22:33:21 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-08-26 22:33:21 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-08-26 22:33:06 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-08-26 22:33:06 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-08-26 22:32:37 ----N---- C:\WINDOWS\system32\setupn.exe
2008-08-26 22:32:30 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-08-26 22:32:27 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-08-26 22:32:26 ----N---- C:\WINDOWS\system32\qutil.dll
2008-08-26 22:32:23 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-08-26 22:32:23 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-08-26 22:32:22 ----N---- C:\WINDOWS\system32\qagent.dll
2008-08-26 22:32:20 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-08-26 22:32:14 ----N---- C:\WINDOWS\system32\onex.dll
2008-08-26 22:31:52 ----N---- C:\WINDOWS\system32\napstat.exe
2008-08-26 22:31:52 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-08-26 22:31:52 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-08-26 22:31:43 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-08-26 22:31:43 ----N---- C:\WINDOWS\system32\mssha.dll
2008-08-26 22:31:07 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-08-26 22:31:07 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-08-26 22:31:07 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-08-26 22:31:07 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-08-26 22:30:39 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-08-26 22:30:30 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-08-26 22:30:30 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-08-26 22:30:30 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-08-26 22:30:30 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-08-26 22:30:30 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-08-26 22:29:28 ----A---- C:\WINDOWS\005782_.tmp
2008-08-26 22:29:26 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-08-26 22:29:26 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-08-26 22:29:26 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-08-26 22:29:26 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-08-26 22:29:26 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-08-26 22:29:26 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-08-26 22:29:26 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-08-26 22:29:26 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-08-26 22:29:22 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-08-26 22:29:22 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-08-26 22:29:22 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-08-26 22:29:22 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-08-26 22:29:22 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-08-26 22:29:22 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-08-26 22:29:22 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-08-26 22:29:19 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-08-26 22:29:19 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-08-26 22:29:19 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-08-26 22:29:16 ----N---- C:\WINDOWS\system32\credssp.dll
2008-08-26 22:29:10 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-08-26 22:29:09 ----N---- C:\WINDOWS\system32\azroles.dll
2008-08-26 22:28:59 ----N---- C:\WINDOWS\system32\aaclient.dll

======List of files/folders modified in the last 2 months======

2008-10-21 12:39:15 ----D---- C:\WINDOWS\Temp
2008-10-21 12:36:31 ----D---- C:\Program Files\Mozilla Firefox
2008-10-21 12:35:25 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-21 12:35:25 ----D---- C:\WINDOWS
2008-10-21 12:35:18 ----D---- C:\WINDOWS\system32
2008-10-21 12:32:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-21 08:10:18 ----HD---- C:\WINDOWS\inf
2008-10-21 08:10:18 ----D---- C:\WINDOWS\Prefetch
2008-10-21 08:10:15 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-21 08:10:14 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-21 08:09:34 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-20 20:26:30 ----SHD---- C:\WINDOWS\Installer
2008-10-20 20:26:20 ----D---- C:\Program Files\Java
2008-10-20 13:49:09 ----D---- C:\Documents and Settings\Neill\Application Data\OpenOffice.org2
2008-10-20 11:54:36 ----D---- C:\WINDOWS\system32\drivers
2008-10-20 00:22:00 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2008-10-20 00:20:57 ----D---- C:\Program Files
2008-10-16 22:52:51 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-16 14:58:47 ----D---- C:\WINDOWS\Debug
2008-10-15 13:55:33 ----D---- C:\WINDOWS\system32\appmgmt
2008-10-15 13:55:33 ----D---- C:\Documents and Settings
2008-10-15 12:21:48 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-10-15 12:10:49 ----N---- C:\WINDOWS\system.ini
2008-10-15 12:06:11 ----D---- C:\WINDOWS\AppPatch
2008-10-15 12:06:11 ----D---- C:\Program Files\Common Files
2008-10-15 09:31:56 ----SD---- C:\Documents and Settings\Neill\Application Data\Microsoft
2008-10-15 09:01:28 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-15 08:58:59 ----D---- C:\WINDOWS\system32\Setup
2008-10-15 08:58:58 ----D---- C:\WINDOWS\system32\wbem
2008-10-15 08:58:58 ----D---- C:\Program Files\Internet Explorer
2008-10-15 08:58:57 ----RSD---- C:\WINDOWS\Fonts
2008-10-15 08:54:57 ----D---- C:\Program Files\Messenger
2008-10-15 08:54:31 ----D---- C:\WINDOWS\security
2008-10-15 08:50:07 ----D---- C:\WINDOWS\WinSxS
2008-10-15 08:50:01 ----D---- C:\Program Files\Windows Media Player
2008-10-15 08:49:50 ----D---- C:\WINDOWS\ime
2008-10-15 08:49:50 ----D---- C:\WINDOWS\Help
2008-10-15 08:49:42 ----D---- C:\WINDOWS\system32\usmt
2008-10-15 08:49:39 ----D---- C:\WINDOWS\peernet
2008-10-15 08:49:39 ----D---- C:\Program Files\Movie Maker
2008-10-15 08:47:14 ----D---- C:\WINDOWS\system32\Restore
2008-10-15 08:47:14 ----D---- C:\WINDOWS\system32\npp
2008-10-15 08:47:13 ----D---- C:\WINDOWS\mui
2008-10-15 08:47:13 ----D---- C:\WINDOWS\msagent
2008-10-15 08:47:12 ----D---- C:\WINDOWS\srchasst
2008-10-15 08:47:11 ----D---- C:\Program Files\NetMeeting
2008-10-15 08:47:10 ----D---- C:\WINDOWS\system32\Com
2008-10-15 08:47:08 ----D---- C:\Program Files\Windows NT
2008-10-15 08:47:08 ----D---- C:\Program Files\Outlook Express
2008-10-15 08:47:06 ----D---- C:\Program Files\Common Files\System
2008-10-15 08:46:55 ----D---- C:\WINDOWS\system32\oobe
2008-10-15 08:46:54 ----D---- C:\WINDOWS\system
2008-10-15 08:44:44 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-15 08:44:32 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-15 08:41:42 ----D---- C:\WINDOWS\EHome
2008-10-14 22:43:02 ----D---- C:\WINDOWS\Minidump
2008-10-14 10:19:17 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-13 21:09:12 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2008-10-13 11:00:41 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-13 11:00:37 ----RSD---- C:\WINDOWS\assembly
2008-10-13 02:24:47 ----AC---- C:\WINDOWS\NeroDigital.ini
2008-10-13 01:04:47 ----SD---- C:\WINDOWS\Tasks
2008-10-12 15:38:02 ----D---- C:\Documents and Settings\Neill\Application Data\Mozilla
2008-10-12 15:24:25 ----D---- C:\Program Files\Mozilla Thunderbird
2008-10-12 15:24:22 ----AC---- C:\WINDOWS\WININIT.INI
2008-10-12 14:58:13 ----D---- C:\WINDOWS\system32\config
2008-10-12 14:56:07 ----D---- C:\Program Files\LogMeIn
2008-10-12 14:54:45 ----RASH---- C:\boot.ini
2008-10-12 14:24:09 ----D---- C:\WINDOWS\wt
2008-10-12 12:12:40 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-12 11:15:09 ----D---- C:\Inetpub
2008-10-12 11:14:09 ----D---- C:\WTK23
2008-10-12 11:14:09 ----D---- C:\WTK22
2008-10-12 11:14:09 ----D---- C:\Temp
2008-10-12 11:14:09 ----D---- C:\Program Files\Winamp
2008-10-12 11:14:09 ----D---- C:\Program Files\SQLyog
2008-10-12 11:14:09 ----D---- C:\Program Files\MUSHclient
2008-10-12 11:14:09 ----D---- C:\Program Files\IsoBuster
2008-10-12 11:14:09 ----D---- C:\Program Files\GameSpy Arcade
2008-10-12 11:14:09 ----D---- C:\PHP
2008-10-12 11:14:09 ----D---- C:\MinGW
2008-10-12 11:14:08 ----D---- C:\cygwin
2008-10-08 08:19:40 ----AC---- C:\WINDOWS\system32\MRT.exe
2008-09-22 09:40:44 ----D---- C:\Games
2008-09-22 09:39:16 ----D---- C:\Program Files\Common Files\InstallShield
2008-09-19 19:43:17 ----D---- C:\Program Files\D-Tools
2008-09-17 19:00:38 ----D---- C:\Program Files\FlashGet
2008-09-05 23:30:42 ----A---- C:\WINDOWS\system32\WgaLogon.dll
2008-09-05 23:30:06 ----A---- C:\WINDOWS\system32\LegitCheckControl.dll
2008-09-05 23:29:58 ----N---- C:\WINDOWS\system32\WgaTray.exe
2008-09-05 13:39:30 ----C---- C:\WINDOWS\win.ini
2008-09-04 10:37:39 ----D---- C:\Documents and Settings\Neill\Application Data\Apple Computer
2008-09-04 09:11:11 ----D---- C:\WINDOWS\RegisteredPackages
2008-08-28 20:46:02 ----A---- C:\WINDOWS\system32\win32spl.dll
2008-08-28 20:46:02 ----A---- C:\WINDOWS\system32\msw3prt.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-10-15 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-10-15 26824]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2003-10-11 52128]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-30 12032]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-10-15 76040]
R2 enodpl;enodpl; C:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\RaInfo.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2002-08-30 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2002-08-30 55936]
R2 tandpl;tandpl; C:\WINDOWS\System32\drivers\tandpl.sys [2003-04-19 4736]
R2 tcaicchg;tcaicchg; \??\C:\WINDOWS\system32\tcaicchg.sys []
R2 TCAITDI;TCAITDI Protocol; C:\WINDOWS\system32\DRIVERS\TCAITDI.sys [2001-09-04 19534]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2005-01-20 965632]
R3 EL2000;3Com 3C2000x EtherLink XL Adapter; C:\WINDOWS\System32\DRIVERS\EL2K_XP.sys [2003-06-03 147328]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM; C:\WINDOWS\system32\drivers\Envy24HF.sys [2004-11-26 577664]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-01-29 16168]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 LMImirr;LMImirr; C:\WINDOWS\system32\DRIVERS\LMImirr.sys [2005-12-15 7400]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-08-30 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Winachcf;Winachcf; C:\WINDOWS\system32\DRIVERS\winachcf.sys [2001-08-15 737975]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-18 3712]
S3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-18 283904]
S3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-18 6912]
S3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
S3 ipw_mdfl;Wireless Broadband Modem Filter; C:\WINDOWS\system32\DRIVERS\ipw_mdfl.sys []
S3 ipw_mdm;Wireless Broadband Modem (WDM); C:\WINDOWS\system32\DRIVERS\ipw_mdm.sys []
S3 krdpdre;krdpdre; \??\C:\DOCUME~1\Neill\LOCALS~1\Temp\krdpdre.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys []
S3 P2k;Motorola USB Device; C:\WINDOWS\system32\DRIVERS\P2k.sys [2005-07-20 36480]
S3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-18 36480]
S3 sony_ssm.sys;sony_ssm.sys; \??\C:\DOCUME~1\Neill\LOCALS~1\Temp\sony_ssm.sys []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-14 26112]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apache;Apache; C:\Program Files\Apache Group\Apache\Apache.exe [2005-10-18 20545]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-15 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-15 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-12 147456]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-03-19 335872]
R2 MySQL4;MySQL4; C:\mysql\bin\mysqld-nt --defaults-file=C:\mysql\my.ini MySQL4 []
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2007-12-20 122880]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-01-19 516096]
S2 OODefrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2002-01-18 263168]
S2 systemdown;Remote Access; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 wowsystemcode;Remote TCP/IPv6; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
S3 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2005-10-14 28768528]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2004-10-29 86016]
S3 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2005-10-14 87768]
S3 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-01-20 344064]
S4 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\RaMaint.exe []
S4 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\LogMeIn.exe [2005-12-15 1610480]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2005-10-14 239320]

-----------------EOF-----------------
  • 0

#13
Jimmy2012
Posted 20 October 2008 - 10:15 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello Neilld,

Please do an online scan with Kaspersky WebScanner
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
~~~~~~~~~~~
In your next reply please have these logs/info.
The Kaspersky log
And please tell me how your computer is running
  • 0

#14
Neilld
Posted 21 October 2008 - 12:56 PM

Neilld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi Jimmy

Thanks for all the help so far...hope it gets all solved soon :)

My computer is running a lot smoother now and I'm no longer getting the warning messages from AVG that there is a problem...It still picks up a trojan tho on it's daily scans. The last few scans said there was still the PSW.OnlineGames one but had a different suffix at the end....yesterday was .BEEF rather than .BCUF

Anyway...here's the Kaspersky's log for your enjoyment ;-)

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, October 22, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, October 21, 2008 07:37:54
Records in database: 1330410
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 286336
Threat name: 11
Infected objects: 29
Suspicious objects: 0
Duration of the scan: 05:53:37


File name / Threat name / Threats count
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan\MreadfeB.dll.q_8046000_q Infected: Trojan-Downloader.Win32.Agent.ahle 1
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan\SystemHper.dll.q_804F000_q Infected: Trojan-GameThief.Win32.WOW.cgh 1
C:\Program Files\LogMeIn\LogMeIn.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\kerneldrv470_83.dll.vir Infected: Trojan-GameThief.Win32.WOW.cds 1
C:\System Volume Information\_restore{727AB5D6-B326-432F-AB38-9E2301D5887B}\RP940\A0173572.exe Infected: Trojan-GameThief.Win32.WOW.cer 1
C:\System Volume Information\_restore{727AB5D6-B326-432F-AB38-9E2301D5887B}\RP940\A0173573.exe Infected: Trojan-GameThief.Win32.WOW.cer 1
C:\System Volume Information\_restore{727AB5D6-B326-432F-AB38-9E2301D5887B}\RP940\A0173574.exe Infected: Trojan-GameThief.Win32.WOW.cer 1
C:\System Volume Information\_restore{727AB5D6-B326-432F-AB38-9E2301D5887B}\RP940\A0173575.exe Infected: Trojan-GameThief.Win32.WOW.cer 1
C:\System Volume Information\_restore{727AB5D6-B326-432F-AB38-9E2301D5887B}\RP940\A0173576.exe Infected: Trojan-GameThief.Win32.WOW.cer 1
C:\System Volume Information\_restore{727AB5D6-B326-432F-AB38-9E2301D5887B}\RP941\A0173681.dll Infected: Trojan-GameThief.Win32.WOW.cds 1
C:\System Volume Information\_restore{727AB5D6-B326-432F-AB38-9E2301D5887B}\RP943\A0175050.exe Infected: Trojan-GameThief.Win32.WOW.cdk 1
C:\System Volume Information\_restore{727AB5D6-B326-432F-AB38-9E2301D5887B}\RP943\A0175051.exe Infected: Trojan-GameThief.Win32.WOW.cer 1
C:\System Volume Information\_restore{727AB5D6-B326-432F-AB38-9E2301D5887B}\RP943\A0175052.exe Infected: Trojan-GameThief.Win32.WOW.cdk 1
C:\System Volume Information\_restore{727AB5D6-B326-432F-AB38-9E2301D5887B}\RP943\A0175054.exe Infected: Trojan-GameThief.Win32.WOW.cdk 1
C:\System Volume Information\_restore{727AB5D6-B326-432F-AB38-9E2301D5887B}\RP953\A0185594.dll Infected: Trojan-GameThief.Win32.OnLineGames.tnpi 1
C:\System Volume Information\_restore{727AB5D6-B326-432F-AB38-9E2301D5887B}\RP959\A0190386.dll Infected: Trojan-GameThief.Win32.WOW.cgh 1
C:\System Volume Information\_restore{727AB5D6-B326-432F-AB38-9E2301D5887B}\RP960\A0190387.dll Infected: Trojan-Downloader.Win32.Agent.ahle 1
F:\Reuben_backup_delete_me\old\E-mail\Dad\Inbox.dbx Infected: Virus.VBS.Redlof.a 4
F:\Reuben_backup_delete_me\old\E-mail\Dad\Inbox.dbx Infected: Virus.VBS.Confi 1
F:\Reuben_backup_delete_me\old\E-mail\Dad\Sent Items.dbx Infected: Virus.VBS.Redlof.a 4
F:\Reuben_backup_delete_me\old\E-mail\Dad\Sent Items.dbx Infected: Virus.VBS.Confi 1
F:\Reuben_backup_delete_me\old\E-mail\Mum\Deleted Items.dbx Infected: Email-Worm.Win32.NetSky.aa 1
F:\Reuben_backup_delete_me\old\E-mail\Mum\Inbox.dbx Infected: Email-Worm.Win32.Mydoom.a 1

The selected area was scanned.
  • 0

#15
Jimmy2012
Posted 21 October 2008 - 02:10 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello Neilld,

It still picks up a trojan tho on it's daily scans.

Could you please tell me where they are picking up the trojan at?


The Kaspersky scan found some emails that are infected in this folder.
F:\Reuben_backup_delete_me\old\E-mail
Please delete the emails in that folder.



  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
explorer.exe

:Files
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan\MreadfeB.dll.q_8046000_q
C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan\SystemHper.dll.q_804F000_q

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP