Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I'm at a loss, a bizarre attack [Solved]

Started by Gothos , Apr 13 2009 04:04 PM

  • This topic is locked This topic is locked

#1
Gothos
Posted 13 April 2009 - 04:04 PM

Gothos

    Member

  • Member
  • PipPip
  • 34 posts
A brief history. Son uses Mozilla as primary web browser. He went to a site (via WIKI Enclopedia) and a link he clicked on, "popped" to him to this page. He did not download anything from this site, but was attacked while in this site (megaman.wikia.com/wiki/crash_man), and in his research "blammo!!!", starteded getting BHO errors, virus warnings, and all the such.

Presently background wallpaper is now this AD stuff, (not his normal wallpaper), bandom bizarre pop ups, and I can't seem to get it cleaned up.

The following is a list of what has been done:

Ran the ATF Cleaner (found issues and cleaned):

Did a "manual" system restore. The system restore tool shot errors back. Tagged the restore file as "bad 4132009"

Installed and ran ERUNT.

Installed MBAM and killed (removed) all it has found.

Ran a full AV scan of AVG 8.5 (i think that's where it's at) as well as Kapersky**
**Kapersky found more stuff but was unable to remove it. -- AVG cleaned/quar'd the items

All Windows updates and associated software are updated.

Issue is still there.... Active directory screen, and cannot revert back to normal desktop.
I do not know if this machine has been "fully" cleaned. (no priority info is on this machine ... I.E. banking, bill pays, etc... just user accesses to various sites).

Your help would be appreciated.

************** Logs below***************

Rooter.txt

---------

Microsoft Windows XP Professional (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:78520 Mo/Free:4075 Mo)
D:\ [CD-Rom] (Total:484 Mo/Free:0 Mo)
X:\ [CD-Rom] (Total:210 Mo/Free:0 Mo)

Mon 04/13/2009|15:28

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\CTHELPER.EXE
---------- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\WINDOWS\System32\MsPMSPSv.exe
---------- C:\PROGRA~1\AVG\AVG8\avgemc.exe
---------- C:\PROGRA~1\AVG\AVG8\avgrsx.exe
---------- C:\PROGRA~1\AVG\AVG8\avgnsx.exe
---------- C:\Program Files\AVG\AVG8\avgcsrvx.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\system32\wscntfy.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Mon 04/13/2009|15:28

----------------------\\ Scan completed at 15:28

******************

OTLisIt.Txt
--------------

OTListIt logfile created on: 4/13/2009 3:29:16 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\user\Desktop\Security
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.28 Mb Total Physical Memory | 632.36 Mb Available Physical Memory | 61.80% Memory free
1.88 Gb Paging File | 1.61 Gb Available in Paging File | 85.29% Paging File free
Paging file location(s): C:\pagefile.sys 1000 3000;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 7.98 Gb Free Space | 10.41% Space Free | Partition Type: NTFS
Drive D: | 484.40 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 210.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: RACKEY
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\CTHELPER.EXE (Creative Technology Ltd)
PRC - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe ()
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\user\Desktop\Security\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Autodesk Licensing Service [Auto | Running]) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe ()
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (WMDM PMSP Service [Auto | Running]) -- C:\WINDOWS\System32\MsPMSPSv.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ac97intc [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)
DRV - (ASPI32 [System | Running]) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (ctac32k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ctaud2k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctljystk [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ctljystk.sys (Creative Technology Ltd.)
DRV - (ctprxy2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (d347bus [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\d347bus.sys ( )
DRV - (d347prt [Boot | Running]) -- C:\WINDOWS\System32\Drivers\d347prt.sys ( )
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (emupia [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ES1370 [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ES1370MP.sys (Creative Technology Ltd.)
DRV - (gameenum [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (ha10kx2k [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (hidgame [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\hidgame.sys (Microsoft Corporation)
DRV - (insektxp [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\InsektXp.sys (Captain RED)
DRV - (LwAdiHid [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\LwAdiHid.sys (Logitech Inc.)
DRV - (msgame [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\msgame.sys (Microsoft Corporation)
DRV - (ntgrip [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ntgrip.sys (Kensington Technology Group)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (ossrv [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (PfModNT [Auto | Running]) -- C:\WINDOWS\System32\PfModNT.sys (Creative Technology Ltd.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (WFsys [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\wfsys.sys (Leadtek Research Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page_bak = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant_bak =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.0
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8
FF - prefs.js..extensions.enabledItems: {fd2f951f-77ea-4938-9493-0c892c027a13}:0.9.3

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\PROGRAM FILES\AVG\AVG8\FIREFOX [2009/03/24 09:15:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/04/13 11:07:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/30 08:53:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/13 11:07:53 | 00,000,000 | ---D | M]

[2008/09/17 21:27:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Extensions
[2008/09/17 21:27:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/13 11:39:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Firefox\Profiles\dnnydk1q.default\extensions
[2009/03/27 11:33:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Firefox\Profiles\dnnydk1q.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2008/10/22 15:37:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Firefox\Profiles\dnnydk1q.default\extensions\{fd2f951f-77ea-4938-9493-0c892c027a13}
[2009/04/13 11:39:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/29 14:32:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/13 11:07:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/03/29 14:31:53 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/29 14:31:53 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/09/17 21:27:03 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/09/17 21:27:03 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/09/17 21:27:03 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/13 22:21:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/09/17 21:27:03 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/09/17 21:27:03 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/09/17 21:27:03 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (728 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" ()
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [THGuard] "C:\TrojanHunter 4.6\THGuard.exe" (Mischel Internet Security)
O4 - HKLM..\Run: [WINDVDPatch] CTHELPER.EXE (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download with &DAP - C:\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\DAP\dapextie2.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: ([]msn in My Computer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...ector/swdir.cab (Shockwave ActiveX Control)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://codecs.micros...386/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akama...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://sdlc-esd.sun....=javadl.sun.com (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\*.tmp files]
[2009/04/13 11:00:44 | 10,730,57792 | -HS- | C] () -- C:\hiberfil.sys
[2009/04/13 09:09:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/13 09:08:48 | 00,000,479 | ---- | C] () -- C:\DOCUME~1\user\Desktop\NTREGOPT.lnk
[2009/04/13 09:08:48 | 00,000,460 | ---- | C] () -- C:\DOCUME~1\user\Desktop\ERUNT.lnk
[2009/04/13 09:08:48 | 00,000,000 | ---D | C] -- C:\ERUNT
[2009/04/13 09:07:52 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/13 08:39:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2009/04/13 08:39:05 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/13 08:39:03 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/13 08:39:01 | 00,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2009/04/13 08:39:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/27 11:44:34 | 00,009,111 | ---- | C] () -- C:\DOCUME~1\user\Desktop\Tentickles.jpg
[2009/03/25 23:02:54 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/03/24 09:16:01 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/03/24 09:16:00 | 00,325,640 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/03/24 09:15:59 | 00,027,656 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/03/24 09:15:52 | 35,077,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/03/24 09:15:52 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/03/24 09:15:52 | 00,401,372 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/03/24 09:15:52 | 00,093,231 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/03/24 09:15:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/03/24 09:15:45 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/03/24 09:15:40 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/03/24 09:15:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/03/24 09:11:26 | 62,729,728 | ---- | C] (AVG Technologies) -- C:\DOCUME~1\ALLUSE~1\Documents\avg85free_283a1450.exe
[2009/03/23 18:46:33 | 00,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/03/14 23:19:35 | 00,000,000 | ---D | C] -- C:\Sim Ant
[2009/03/14 23:18:55 | 04,111,963 | ---- | C] () -- C:\DOCUME~1\user\Desktop\SimAntWindows.zip
[2008/08/07 22:43:46 | 00,000,032 | ---- | C] () -- C:\WINDOWS\System32\thxcfg.ini
[2008/04/21 15:23:46 | 00,133,120 | ---- | C] () -- C:\WINDOWS\hvdi.dll
[2008/03/29 23:45:06 | 00,000,149 | ---- | C] () -- C:\WINDOWS\SCXEdit.ini
[2007/11/15 21:43:06 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/11/10 16:17:30 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2007/11/10 16:17:30 | 00,000,125 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2007/03/12 19:58:52 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2006/12/22 10:01:36 | 00,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2006/11/06 16:17:33 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/08/11 00:44:05 | 00,358,963 | ---- | C] () -- C:\WINDOWS\System32\mfclibary.dll
[2006/04/17 13:50:01 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2006/03/06 22:46:27 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2005/12/23 18:43:25 | 00,000,148 | ---- | C] () -- C:\WINDOWS\srwsipx.drv
[2005/12/12 13:35:06 | 00,037,727 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2005/12/12 13:35:06 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/12/12 13:35:00 | 00,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/12/12 13:34:59 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2005/07/17 09:47:45 | 00,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2005/07/17 09:47:45 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[2005/06/03 09:18:01 | 00,050,176 | ---- | C] () -- C:\WINDOWS\System32\annihilator.dll
[2005/03/01 16:30:20 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2005/02/24 08:32:00 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/02/01 21:09:34 | 00,000,046 | ---- | C] () -- C:\WINDOWS\VID_DirectX.INI
[2005/01/18 19:41:52 | 00,000,055 | ---- | C] () -- C:\WINDOWS\rdrive.ini
[2004/12/17 14:52:53 | 00,364,544 | ---- | C] () -- C:\WINDOWS\System32\js32.dll
[2004/12/03 19:17:39 | 00,000,092 | ---- | C] () -- C:\WINDOWS\setihome.ini
[2004/11/11 15:15:39 | 00,000,045 | ---- | C] () -- C:\WINDOWS\BBFDGFJK.ini
[2004/09/06 21:45:49 | 00,000,214 | ---- | C] () -- C:\WINDOWS\MP32WAV.INI
[2004/09/06 21:29:26 | 00,000,005 | ---- | C] () -- C:\WINDOWS\gsatcmp.ini
[2004/08/22 17:04:56 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2004/08/15 23:24:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\EQZoneViewer.INI
[2004/08/15 23:18:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\EQZONE~1.INI
[2004/08/06 17:26:07 | 00,052,224 | ---- | C] () -- C:\WINDOWS\System32\EQInside.dll
[2004/07/31 18:43:56 | 00,000,281 | ---- | C] () -- C:\WINDOWS\quest.ini
[2004/06/20 23:12:50 | 00,000,327 | ---- | C] () -- C:\WINDOWS\alchem.ini
[2004/06/20 22:31:21 | 00,308,709 | ---- | C] () -- C:\WINDOWS\twaintec.ini
[2004/06/20 22:31:09 | 00,000,048 | ---- | C] () -- C:\WINDOWS\WinInit.Ini
[2004/06/20 22:30:57 | 00,000,648 | ---- | C] () -- C:\WINDOWS\System32\im64.dll
[2004/06/18 14:52:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nwcontbuild.INI
[2004/06/11 20:17:30 | 00,000,801 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2004/06/05 12:53:44 | 00,327,680 | ---- | C] () -- C:\WINDOWS\System32\dfxg11.dll
[2004/05/19 17:38:39 | 00,002,727 | ---- | C] () -- C:\WINDOWS\eqlsUIConfig.ini
[2004/05/07 12:04:44 | 00,000,162 | ---- | C] () -- C:\WINDOWS\STHVCD.INI
[2004/01/05 19:23:54 | 00,000,730 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2003/10/17 16:08:07 | 00,401,408 | ---- | C] () -- C:\WINDOWS\System32\StepButtonS.dll
[2003/10/17 16:08:05 | 00,233,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/10/17 16:08:05 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\MP2enc.dll
[2003/10/10 19:37:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2003/10/10 19:37:02 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2003/09/20 23:20:50 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/08/20 15:48:41 | 00,000,113 | ---- | C] () -- C:\WINDOWS\Inetreg.ini
[2003/06/09 22:33:33 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2003/06/09 22:33:33 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2003/06/09 22:33:33 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2003/05/29 09:20:51 | 00,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2003/05/18 14:28:03 | 00,217,088 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll
[2003/05/18 14:28:03 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\TrackerNET.dll
[2003/05/05 21:07:20 | 00,000,821 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2003/04/25 07:37:30 | 00,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2003/04/25 07:36:47 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\ddfxDll.dll
[2003/04/25 07:36:47 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\ddfxCro.dll
[2003/04/25 07:36:47 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\ddfxCom.dll
[2003/04/25 07:36:47 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\ddfxDw.dll
[2003/04/25 07:36:47 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\ddfxWeb.dll
[2003/04/25 07:36:46 | 00,015,040 | ---- | C] () -- C:\WINDOWS\System32\Mxmidi16.dll
[2003/04/23 01:59:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\TimeHUD.INI
[2003/04/04 19:56:26 | 00,182,272 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2003/02/03 06:26:18 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2002/10/03 14:42:27 | 00,000,034 | ---- | C] () -- C:\WINDOWS\Q3version.ini
[2002/08/29 06:00:00 | 00,001,466 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/08/29 06:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/06/06 01:01:58 | 00,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll
[2001/05/13 19:23:56 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\SAWZip.dll
[2000/08/17 21:01:12 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/04/13 15:16:19 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/13 15:16:14 | 03,374,149 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-0000000C-00001102-00000002-80651102}.CDF
[2009/04/13 15:16:14 | 03,374,149 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-0000000C-00001102-00000002-80651102}.BAK
[2009/04/13 15:16:11 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/04/13 15:16:03 | 00,021,828 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/04/13 15:15:53 | 00,000,380 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/04/13 15:15:51 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/13 15:15:47 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/13 15:15:46 | 10,730,57792 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/13 15:14:36 | 00,029,676 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-0000000C-00001102-00000002-80651102}.rfx
[2009/04/13 15:14:36 | 00,029,676 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-0000000C-00001102-00000002-80651102}.rfx
[2009/04/13 15:14:36 | 00,017,108 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-0000000C-00001102-00000002-80651102}.rfx
[2009/04/13 15:14:36 | 00,017,108 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-0000000C-00001102-00000002-80651102}.rfx
[2009/04/13 15:14:36 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/04/13 15:14:36 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/04/13 15:14:36 | 00,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-0000000C-00001102-00000002-80651102}.dat
[2009/04/13 15:14:36 | 00,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-0000000C-00001102-00000002-80651102}.dat
[2009/04/13 15:14:04 | 03,231,320 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\IconCache.db
[2009/04/13 11:04:34 | 35,077,856 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/04/13 09:08:48 | 00,000,479 | ---- | M] () -- C:\DOCUME~1\user\Desktop\NTREGOPT.lnk
[2009/04/13 09:08:48 | 00,000,460 | ---- | M] () -- C:\DOCUME~1\user\Desktop\ERUNT.lnk
[2009/04/13 09:00:57 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\loduhaye
[2009/04/13 08:25:44 | 00,000,728 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/04/13 00:13:02 | 00,047,104 | -HS- | M] () -- C:\WINDOWS\System32\falozogi.exe
[2009/04/12 20:37:48 | 00,001,466 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/12 16:20:56 | 00,093,231 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/27 11:44:35 | 00,009,111 | ---- | M] () -- C:\DOCUME~1\user\Desktop\Tentickles.jpg
[2009/03/27 11:31:55 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/03/26 22:58:05 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/03/24 09:16:01 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/03/24 09:16:00 | 00,325,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/03/24 09:15:59 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/03/24 09:15:52 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/03/24 09:15:52 | 00,401,372 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/03/24 06:18:56 | 62,729,728 | ---- | M] (AVG Technologies) -- C:\DOCUME~1\ALLUSE~1\Documents\avg85free_283a1450.exe
[2009/03/20 20:21:47 | 00,002,257 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Skype.lnk
[2009/03/14 23:18:57 | 04,111,963 | ---- | M] () -- C:\DOCUME~1\user\Desktop\SimAntWindows.zip
< End of report >

****************

OTList Extras

OTListIt Extras logfile created on: 4/13/2009 3:29:16 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\user\Desktop\Security
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.28 Mb Total Physical Memory | 632.36 Mb Available Physical Memory | 61.80% Memory free
1.88 Gb Paging File | 1.61 Gb Available in Paging File | 85.29% Paging File free
Paging file location(s): C:\pagefile.sys 1000 3000;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.68 Gb Total Space | 7.98 Gb Free Space | 10.41% Space Free | Partition Type: NTFS
Drive D: | 484.40 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 210.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: RACKEY
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\AIM\aim.exe:*:Enabled:AOL Instant Messenger File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\eMule\emule.exe:*:Enabled:eMule (http://www.emule-project.net)
C:\Nox\GAME.EXE:*:Enabled:GAME File not found
C:\Hegemonia\Hgm.exe:*:Enabled:Haegemonia File not found
C:\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III (Blizzard Entertainment)
C:\Half-Life\hl.exe:*:Enabled:Half-Life Launcher File not found
C:\AIM\aim.exe:*:Enabled:AOL Instant Messenger File not found
C:\Starcraft\StarCraft.exe:*:Enabled:Starcraft (Blizzard Entertainment)
C:\Darkstone\Darkstone.exe:*:Enabled:DarkStone File not found
C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper (Microsoft Corporation)
C:\Gate 88\gate88.exe:*:Enabled:gate88 ()
C:\Warcraft III\war3.exe:*:Enabled:Warcraft III (Blizzard Entertainment)
C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console (Microsoft Corporation)
C:\Dawn of War\W40k.exe:*:Enabled:W40K (THQ Canada Inc.)
C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer (Microsoft Corporation)
C:\Dungeon Siege\DungeonSiege.exe:*:Enabled:Dungeon Siege Game Executable File not found
C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server (Microsoft Corporation)
C:\3dsmax7\3dsmax.exe:*:Enabled:3ds max 7 File not found
C:\Program Files\backburner 2\monitor.exe:*:Enabled:backburner 2.3 monitor (Discreet, a division of Autodesk, Inc.)
C:\Program Files\backburner 2\manager.exe:*:Enabled:backburner 2.3 manager (Discreet, a division of Autodesk, Inc.)
C:\Program Files\backburner 2\server.exe:*:Enabled:backburner 2.3 server (Discreet, a division of Autodesk, Inc.)
C:\DAP\DAP.exe:*:Enabled:Download Accelerator Plus (SpeedBit Ltd.)
C:\Battlefield 1942\BF1942.exe:*:Enabled:BF1942 ()
C:\TOTALA Moo\TotalA.exe:*:Enabled:Total Annihilation File not found
C:\Heroes3\Heroes3_C_crked.exe:*:Enabled:Heroes of Might and Magic® III (The 3DO Company)
C:\Black & White\runblack.exe:*:Enabled:lh (LionHead Studios Ltd.)
C:\Quake III Arena\quake3.exe:*:Enabled:quake3 File not found
C:\Dungeon Siege II Demo\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable File not found
C:\Dungeon Siege 2\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable (Gas Powered Games)
C:\Other Games\GBA\Test\vbaserver.exe:*:Enabled:vbaserver ()
C:\Other Games\GBA\Test\VisualBoyAdvance.exe:*:Enabled:VisualBoyAdvance emulator (None)
C:\WoS\Souls.exe:*:Enabled:Well of Souls File not found
C:\TRIBES\Tribes.exe:*:Enabled:Tribes ()
C:\Descent3\main.exe:*:Enabled:main File not found
C:\UT2003\System\UT2003.exe:*:Enabled:UT2003 ()
C:\Doomsday\Bin\Doomsday.exe:*:Enabled:Doomsday ()
C:\FEAR\fpupdate.exe:*:Enabled:fpupdate File not found
C:\FEAR\FEAR.exe:*:Enabled:FEAR File not found
C:\FEAR\FEARMP.exe:*:Enabled:FEAR File not found
C:\DOCUME~1\user\LOCALS~1\Temp\27exinjs.p.exe:*:Enabled:Microsoft Update File not found
C:\DOCUME~1\user\LOCALS~1\Temp\97exinjs.p.exe:*:Enabled:Microsoft Update File not found
C:\DOCUME~1\user\LOCALS~1\Temp\87exinjs.p.exe:*:Enabled:Microsoft Update File not found
C:\DOCUME~1\user\LOCALS~1\Temp\49exinjs.p.exe:*:Enabled:Microsoft Update File not found
C:\DOCUME~1\user\LOCALS~1\Temp\0exinjs.p.exe:*:Enabled:Microsoft Update File not found
C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent ()
C:\Quake2\quake2.exe:*:Enabled:quake2 File not found
C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer File not found
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0 (SmartSoft Ltd.)
C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad ()
C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (Mozilla Corporation)
C:\Sony\Station\Launchpad\LaunchPad.exe:*:Enabled:LaunchPad ()
C:\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv File not found
C:\Teamspeak2_RC2 Server\server_windows.exe:*:Enabled:Server File not found
C:\Roger Wilco\roger.exe:*:Enabled:Roger Wilco File not found
C:\Roger Wilco\rwbs\rwbs.exe:*:Enabled:rwbs File not found
C:\SPORE\Sporebin\SporeCreatureCreator.exe:*:Enabled:SPORE™ Creature Creator Trial Edition File not found
C:\Heroes of Might and Magic IV\Heroes4.exe:*:Enabled:Heroes of Might and Magic® IV (The 3DO Company)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath (Skype Technologies S.A.)
C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe (AVG Technologies CZ, s.r.o.)
C:\WINDOWS\explorer.exe:*:Enabled:Explorer (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
" Heroes of Might and Magic™ III Armageddon's Blade" = Heroes of Might and Magic™ III Armageddon's Blade
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic ™
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar
"{37D422FE-0E44-4595-9ADF-BE4C1B70318F}" = Armed and Dangerous
"{39D7BD4A-5BE7-11D4-9D68-0020781864F1}" = CueClub
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{3EF79591-BF16-4CF8-8FF0-D8AD968228B1}" = Aliens vs. Predator 2
"{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}" = Sound Blaster Live!
"{4089999C-6CB7-4F9D-A2F6-DB158DBF91FB}" = Rome - Total War™
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{634F6989-4BB5-4EF2-AF6F-C15700F81494}_is1" = Advanced System Optimizer 2.01
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75899930-4038-4146-9F36-AF46F3C9AF92}" = Steels World v2.1
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7}" = Cue Club
"{8681B1E6-CD96-46EF-9065-CE0D1085ED99}" = Star Wars JK II Jedi Outcast
"{8BA41CA6-02ED-405E-AE4F-0AC8447AB55D}" = EverQuest: Depths of Darkhollow
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{96443F45-13E2-11D6-AC87-00D0B7A9E540}" = Arx Fatalis
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B3BA36BC-6795-4DA0-91E9-6B2AF4ABE30A}" = WinFast® Display Driver
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C169D3BB-9A27-43F5-9979-09A0D65FE95C}" = SmartFTP Client 2.0
"{C3FDA1E4-1E17-48D8-B4F0-C141E9FFB4BA}" = nullDC 1.0.0 Public Beta 1 Setup
"{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2
"{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"{E0196000-BEE3-11D4-9E9D-0050DA1EA555}" = The Moon Project
"{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}" = Black and White
"{EA82FF50-E258-4DFE-839B-8F26A01A34A7}" = Microsoft Tool Web Package:WntIpcfg.exe
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE™ Creature Creator Trial Edition
"{F92AB933-9FE7-4335-92BD-D1C3BA27613C}" = 3ds max 7
"Ad-aware 6 Personal" = Ad-aware 6 Personal
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AOL Instant Messenger" = AOL Instant Messenger
"AVG8Uninstall" = AVG 8.5
"BitTorrent" = BitTorrent 5.0.3
"BobWFA" = WFA Config Builder
"Call of Duty" = Call of Duty
"Cassini_Sega_Saturn_Emulator_2.0" = Cassini Sega Saturn Emulator 2.0
"Cassini3.0" = Cassini
"Castle Attack 2" = Castle Attack 2 v1.00
"DarkstoneDeinstKey" = Darkstone
"Descent3" = Descent 3
"Descent3 Mercenary" = Descent 3: Mercenary
"Deus Ex" = Deus Ex
"DFX Demo" = DFX Demo
"DFX for Winamp" = DFX for Winamp
"Diablo II" = Diablo II
"DivX Codec" = DivX Codec
"DivX Player" = DivX Player
"Download Accelerator Plus " = Download Accelerator Plus
"Dungeon Siege 2" = Dungeon Siege II
"DungeonSiege 1.0" = Dungeon Siege
"DungeonSiege2" = Dungeon Siege 2
"DVD Shrink_is1" = DVD Shrink 3.2
"DX-Ball 1.09" = DX-Ball 1.09
"EAX™ Unified (SHELL)" = EAX™ Unified (SHELL)
"elemental" = Elemental
"Emperor" = Emperor: Battle For Dune
"eMule" = eMule
"eMusic Promotion" = eMusic - 50 Free MP3 offer
"EQZoneViewer" = EQZoneViewer
"ERUNT_is1" = ERUNT 1.1j
"Eye of the Beholder" = Eye of the Beholder
"Flash Movie Player" = Flash Movie Player 1.4
"FLVPlayer" = FLV Player 1.3.2
"G I A N T S : Tribunal by Puma Man" = G I A N T S : Tribunal by Puma Man
"Gate 88" = Gate 88 Nov05/04
"GIANTS Ultimate DATA FILES" = GIANTS Ultimate DATA FILES
"GIANTS v 2.7 Tribunal ONLY esm file by Puma Man" = GIANTS v 2.7 Tribunal ONLY esm file by Puma Man
"Google Updater" = Google Updater
"Half-Life" = Half-Life
"Hegemonia" = Hegemonia (remove only)
"Heroes III The Shadow of Death" = Heroes of Might and Magic® III The Shadow of Death™
"Heroes of Might and Magic IV" = Heroes of Might and Magic® IV
"Heroes of Might and Magic® III" = Heroes of Might and Magic® III
"Homeworld" = Homeworld
"Homeworld2" = Homeworld2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Indeo® Software" = Indeo® Software
"InstallShield_{362D5167-9716-44BE-89FD-BF9EB6EF814B}" = DawnOfWar
"InstallShield_{75899930-4038-4146-9F36-AF46F3C9AF92}" = Steels World v2.1
"InstallShield_{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"IrfanView" = IrfanView (remove only)
"JaFO's Botmanager" = JaFO's Botmanager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Might and Magic® VIII: Day of the Destroyer™" = Might and Magic® VIII: Day of the Destroyer™
"Modding tools for Haegemonia" = Modding tools for Haegemonia
"Mount&Blade" = Mount&Blade
"Mozilla (1.7)" = Mozilla (1.7)
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nox" = Nox
"NVIDIA Display Driver" = NVIDIA Display Driver
"NVIDIA Drivers" = NVIDIA Drivers
"NVRefreshTool_is1" = NVRefreshTool 2.1a
"Panda ActiveScan" = Panda ActiveScan
"Product_Name" = Millennium Gamepak Gold
"Project: Guilty Mission 1" = Project: Guilty Mission 1 v1.1
"PROSet" = Intel® PRO Network Adapters and Drivers
"Quake III Arena" = Quake III Arena
"Quake III Arena Point Release 1.32" = Quake III Arena Point Release 1.32
"Quake2UninstallKey" = Quake II
"QuickTime" = QuickTime
"RegCure" = RegCure 1.3.0.2
"Ren Client Version 4" = Ren Client Version 4
"Roger Wilco" = Roger Wilco
"RPGƒcƒN[ƒ‹2003 Chrono" = RPGƒcƒN[ƒ‹2003 - Chrono Chronicles
"SETI@home" = SETI@home
"ShockwaveFlash" = Macromedia Flash Player 8
"Sierra Utilities" = Sierra Utilities
"SimCity2000CDv1" = SimCity 2000® Special Edition
"SmartFTP Client 2.0 Setup Files" = SmartFTP Client 2.0 Setup Files (remove only)
"Soldier of Fortune II - Double Helix GOLD" = Soldier of Fortune II - Double Helix GOLD
"Sound Blaster PCI128 Drivers Online Help" = Sound Blaster PCI128 Drivers Online Help
"SoundEdit Pro" = SoundEdit Pro
"spool" = spool
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.3
"SpywareBlaster_is1" = SpywareBlaster v3.2
"SpywareGuard_is1" = SpywareGuard v2.2
"ST5UNST #1" = Anvil Studio
"ST5UNST #2" = Annihilator
"Starcraft" = Starcraft
"StarCraft X-tra Editor (Professional Edition)_is1" = StarCraft X-tra Editor Version 2.5
"Starsiege TRIBES" = Starsiege TRIBES 1.8
"SuperjoyBox Series USB Game Controller_is1" = SuperjoyBox Game Controller Version 3.0
"SvenCoop" = SvenCo-op 2.1 (Update)
"T2MAutoDownload" = Tribes2Maps.com Automatic Mission Downloading System (remove only)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 2 Server_is1" = TeamSpeak 2 Server RC2
"Tetris 2000 version 1.0_is1" = Tetris 2000 version 1.0
"TigerGame PS/PS2 Game Controller Adapter" = TigerGame PS/PS2 Game Controller Adapter
"Total Annihilation" = Total Annihilation
"Total Annihilation - Core Contingency" = Total Annihilation - Core Contingency
"Total Annihilation Units Compilation Pack_is1" = Total Annihilation Units Compilation Pack Version 2.0
"Total Annihilation: Kingdoms" = Total Annihilation: Kingdoms
"Total Video Converter_is1" = Total Video Converter 2.52
"Tribes 2" = Tribes 2
"TrojanHunter_is1" = TrojanHunter 4.6
"UT2003" = Unreal Tournament 2003
"UT2004-Demo" = Unreal Tournament 2004 Demo
"VDMSound" = VDMSound
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Weapons Factory Arena 3.5_is1" = WFA 3.5
"Wilderness Sounds 3.0 by Puma Man" = Wilderness Sounds 3.0 by Puma Man
"WinAce Archiver" = WinAce Archiver
"Winamp" = Winamp (remove only)
"Windows Live Safety scanner" = Windows Live Safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinMX" = WinMX
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WOLAPI" = Westwood Shared Internet Components
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZC2.10w" = Zelda Classic 2.10w

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/23/2009 12:08:16 AM | Computer Name = RACKEY | Source = Application Error | ID = 1000
Description = Faulting application mugen all characters battle zero.exe, version
0.0.0.0, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x00010efe.

Error - 3/30/2009 12:10:05 AM | Computer Name = RACKEY | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3372, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/30/2009 12:10:14 AM | Computer Name = RACKEY | Source = Application Hang | ID = 1001
Description = Fault bucket 1203592333.

Error - 3/31/2009 6:16:43 AM | Computer Name = RACKEY | Source = Application Error | ID = 1000
Description = Faulting application mugen all characters battle zero.exe, version
0.0.0.0, faulting module dsound.dll, version 5.3.2600.5512, fault address 0x00011052.

Error - 3/31/2009 8:01:15 AM | Computer Name = RACKEY | Source = Application Error | ID = 1000
Description = Faulting application mugen all characters battle zero.exe, version
0.0.0.0, faulting module mugen all characters battle zero.exe, version 0.0.0.0,
fault address 0x00084df6.

Error - 4/3/2009 2:42:45 PM | Computer Name = RACKEY | Source = Application Hang | ID = 1002
Description = Hanging application MKFusion.exe, version 0.2.5.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/3/2009 2:50:58 PM | Computer Name = RACKEY | Source = Application Hang | ID = 1002
Description = Hanging application MKFusionv02bRC1.exe, version 0.2.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/3/2009 2:54:53 PM | Computer Name = RACKEY | Source = Application Hang | ID = 1002
Description = Hanging application MKFusion.exe, version 0.2.5.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/8/2009 4:23:58 PM | Computer Name = RACKEY | Source = Application Hang | ID = 1002
Description = Hanging application MKFusion.exe, version 0.2.5.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/13/2009 1:06:18 PM | Computer Name = RACKEY | Source = MsiInstaller | ID = 11316
Description = Product: Java™ 6 Update 13 -- Error 1316.A network error occurred
while attempting to read from the file C:\Documents and Settings\user\Application
Data\Sun\Java\jre1.6.0_13\jre1.6.0_13-c.msi

[ System Events ]
Error - 4/13/2009 10:16:11 AM | Computer Name = RACKEY | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support
Environment service which failed to start because of the following error: %%31

Error - 4/13/2009 10:16:11 AM | Computer Name = RACKEY | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 4/13/2009 10:16:11 AM | Computer Name = RACKEY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD ASPI32 AvgLdx86 AvgMfx86 AvgTdiX Fips IPSec MRxSmb NetBIOS NetBT oreans32 Processor RasAcd
Rdbss
Tcpip

Error - 4/13/2009 10:22:30 AM | Computer Name = RACKEY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/13/2009 10:24:10 AM | Computer Name = RACKEY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/13/2009 10:25:00 AM | Computer Name = RACKEY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ASPI32 AvgLdx86 AvgMfx86 Fips oreans32 Processor

Error - 4/13/2009 11:00:53 AM | Computer Name = RACKEY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/13/2009 11:06:37 AM | Computer Name = RACKEY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/13/2009 11:07:28 AM | Computer Name = RACKEY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ASPI32 AvgLdx86 AvgMfx86 Fips Processor

Error - 4/13/2009 12:59:47 PM | Computer Name = RACKEY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >

*************

Thanks for the assist

Edited by Gothos, 15 April 2009 - 03:03 PM.

  • 0

Advertisements

#2
fenzodahl512
Posted 17 April 2009 - 05:23 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.




NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.

IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results



Post me these logs in your next reply.. Post each log in separate post..

1. RSIT log.txt
2. RSIT info.txt
3. Attach GMER result..
  • 0

#3
Gothos
Posted 17 April 2009 - 10:02 AM

Gothos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
RSIT logs ---

info.txt logfile of random's system information tool 1.06 2009-04-17 07:22:29

======Uninstall list======

Heroes of Might and Magic™ III Armageddon's Blade-->C:\WINDOWS\IsUninst.exe -fC:\Heroes3\UnBlade.isu -c"C:\Heroes3\unblade.dll
-->"C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S
-->C:\SOLDIE~2\Uninstall\Unwise.exe /u C:\SOLDIE~2\Uninstall\install.log
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3ds max 7-->MsiExec.exe /I{F92AB933-9FE7-4335-92BD-D1C3BA27613C}
Ad-aware 6 Personal-->C:\PROGRA~1\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Advanced System Optimizer 2.01-->"C:\Advanced System Optimizer\unins000.exe"
Aliens vs. Predator 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EF79591-BF16-4CF8-8FF0-D8AD968228B1}\SETUP.EXE"
Annihilator-->C:\WINDOWS\ST5UNST.EXE -n "c:\TOTALA Moo\Annihilator\ST5UNST.LOG"
Anvil Studio-->C:\WINDOWS\ST5UNST.EXE -n "c:\Anvil Studio\ST5UNST.LOG"
AOL Instant Messenger-->C:\AIM\uninstll.exe -LOG= C:\AIM\install.log -OEM=
Armed and Dangerous-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{37D422FE-0E44-4595-9ADF-BE4C1B70318F}\Setup.exe" -l0x9
Arx Fatalis-->MsiExec.exe /X{96443F45-13E2-11D6-AC87-00D0B7A9E540}
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Battlefield 1942-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x9
BitTorrent 5.0.3-->"C:\Program Files\BitTorrent\uninstall.exe"
Black & White® 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}\setup.exe" -l0x9 -removeonly
Black and White-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}\setup.exe"
Call of Duty-->C:\CALLOF~1\Uninstall\Unwise.exe /u C:\CALLOF~1\Uninstall\Install.log
Cassini Sega Saturn Emulator 2.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\Sega Saturn\irunin.ini"
Cassini-->"C:\WINDOWS\Cassini\uninstall.exe" "/U:C:\Other Games\Sega Saturn\cassini\Uninstall\uninstall.xml"
Castle Attack 2 v1.00-->"C:\Castle Attack 2\uninstall.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Cue Club-->"C:\Program Files\Oberon Media\Cue Club\Uninstall.exe" "C:\Program Files\Oberon Media\Cue Club\install.log"
CueClub-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\CueClub\setup.exe"
DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
Darkstone-->C:\WINDOWS\uninst.exe -fC:\Darkstone\DeIsL1.isu
DawnOfWar-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{362D5167-9716-44BE-89FD-BF9EB6EF814B}
Descent 3: Mercenary-->C:\Descent3\unmerc.exe -c C:\Descent3\
Descent 3-->C:\WINDOWS\ISUNINST.EXE -fC:\Descent3\Uninst.isu -cC:\Descent3\d3uninst.dll
Deus Ex-->C:\DeusEx\System\Setup.exe uninstall "Deus Ex"
DFX Demo-->C:\Winamp\DFXDEM~1\UNWISE.EXE C:\Winamp\DFXDEM~1\INSTALL.LOG
DFX for Winamp-->"C:\Winamp\uninstall_dfx.exe"
Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
DivX Codec-->C:\WINDOWS\unvise32.exe C:\DivX\DivX Bundle.log
DivX Player-->C:\DivX\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Accelerator Plus -->C:\DAP\UNWISE.EXE C:\DAP\INSTALL.LOG
Dungeon Siege 2-->"C:\Dungeon Siege 2\UNINSTAL.EXE" /runtemp /uninstall
Dungeon Siege II-->"C:\Dungeon Siege II Demo\UNINSTAL.EXE" /runtemp /uninstall
Dungeon Siege-->"C:\Dungeon Siege\UNINSTAL.EXE" /runtemp /addremove
DVD Shrink 3.2-->"C:\DVD Shrink\unins000.exe"
DX-Ball 1.09-->C:\DX-Ball\UNWISE.EXE C:\DX-Ball\INSTALL.LOG
EAX™ Unified (SHELL)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative Labs\EAX™ Unified (SHELL)\Uninst.isu"
Elemental-->"C:\Dungeon Siege\Mods\elemental\Uninstall.exe"
Emperor: Battle For Dune-->C:\Emperor\Uninstll.EXE
eMule-->"C:\eMule\Uninstall.exe"
eMusic - 50 Free MP3 offer-->"C:\Winamp\eMusic\Uninst-eMusic-promotion.exe"
EQZoneViewer-->C:\EQ Zone Viewer\Uninstal.exe
ERUNT 1.1j-->C:\ERUNT\unins000.exe
EverQuest: Depths of Darkhollow-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8BA41CA6-02ED-405E-AE4F-0AC8447AB55D}\setup.exe" -l0x9
Eye of the Beholder-->C:\NEVERWINTERNIGHTS\NWN\Uninstal.exe
FEAR-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B653229-9854-4989-B780-D978F5F13EAB}\setup.exe" -l0x9 /zU -removeonly
Flash Movie Player 1.4-->C:\Program Files\Flash Movie Player\uninst.exe
FLV Player 1.3.2-->"C:\Program Files\FLVPlayer\uninstall.exe"
G I A N T S : Tribunal by Puma Man-->C:\MORROWIND\DATA FILES\Uninstal.exe
Gate 88 Nov05/04-->C:\Gate 88\uninst.exe
GIANTS Ultimate DATA FILES-->C:\Morrowind\Data Files\Giants Ultimate Data Uninstal.exe
GIANTS v 2.7 Tribunal ONLY esm file by Puma Man-->C:\Morrowind\Data Files\GIANTS Tribunal 27 Uninstal.exe
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GTA2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}\Setup.exe" -l0x9
Half-Life-->C:\WINDOWS\IsUninst.exe -fC:\Half-Life\Uninst.isu -c"C:\Half-Life\HLUNINST.DLL"
Hegemonia (remove only)-->"C:\Hegemonia\uninst-hgm.exe"
Heroes of Might and Magic® III The Shadow of Death™-->C:\WINDOWS\IsUninst.exe -fc:\heroes3\Uninst.isu
Heroes of Might and Magic® III-->C:\WINDOWS\IsUninst.exe -fC:\Heroes3\Uninst.isu -c"C:\Heroes3\uninst.dll
Heroes of Might and Magic® IV-->C:\WINDOWS\IsUninst.exe -f"C:\Heroes of Might and Magic IV\Heroes of Might and Magic IV.isu" -c"C:\Program Files\Common Files\3DO Shared\3DOUnInst.dll
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Homeworld-->C:\HOMEWO~1\UNINST~1\UNWISE.EXE C:\HOMEWO~1\UNINST~1\INSTALL.LOG
Homeworld2-->C:\Homeworld 2\Homeworld2\uninstall.exe
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Indeo® Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu" -c"C:\Program Files\Ligos\Indeo\Indeo System Files\indounin.dll"
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
IrfanView (remove only)-->C:\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
JaFO's Botmanager-->C:\WINDOWS\uninst.exe -fc:\ut2003\botmanager\DeIsL1.isu -cc:\ut2003\botmanager\_ISREG32.DLL
Java™ 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Malwarebytes' Anti-Malware-->"C:\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Tool Web Package:WntIpcfg.exe-->MsiExec.exe /X{EA82FF50-E258-4DFE-839B-8F26A01A34A7}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Might and Magic® VIII: Day of the Destroyer™-->C:\WINDOWS\IsUninst.exe -f"c:\might and magic viii\Uninst.isu" -c"c:\might and magic viii\uninst.dll
Millennium Gamepak Gold-->C:\WINDOWS\iun506.exe C:\Millennium Gamepak Gold\irunin.ini
Modding tools for Haegemonia-->C:\Hegemonia\Modding tools for Haegemonia\uninst.exe
Mount&Blade-->C:\Mount & Blade\uninstall.exe
Mozilla (1.7)-->C:\WINDOWS\MozillaUninstall.exe /ua "1.7 (en)"
Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
Nero-->MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
Nox-->C:\Nox\Uninstll.EXE
nullDC 1.0.0 Public Beta 1 Setup-->MsiExec.exe /I{C3FDA1E4-1E17-48D8-B4F0-C141E9FFB4BA}
NVIDIA Display Driver-->C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVRefreshTool 2.1a-->C:\NVRefreshTool\unins000.exe
Panda ActiveScan-->C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Project: Guilty Mission 1 v1.1-->"C:\Half-Life\SvenCoop\pguninstall\uninst.exe"
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
Quake II-->C:\WINDOWS\IsUninst.exe -fC:\Quake2\Uninst.isu
Quake III Arena Point Release 1.32-->C:\WINDOWS\unvise32.exe c:\quake iii arena\uninstal5.log
Quake III Arena-->C:\WINDOWS\IsUninst.exe -f"C:\Quake III Arena\QIII.isu"
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RegCure 1.3.0.2-->C:\RegCure\uninst.exe
Ren Client Version 4-->C:\WINDOWS\unvise32.exe C:\Tribes2\GameData\base\uninstal.log
Roger Wilco-->C:\ROGERW~1\rwbs\UNWISE.EXE C:\ROGERW~1\rwbs\INSTALL.LOG
RPGƒcƒN[ƒ‹2003 - Chrono Chronicles-->C:\WINDOWS\gamedelete.exe "C:\Other Games\Chrono Chronicles\Chrono\RPG_RT.ind"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
SETI@home-->C:\WINDOWS\IsUninst.exe -fC:\SETI@home\Uninst.isu
Sierra Utilities-->C:\Program Files\Sierra On-Line\sutil32.exe uninstall
SimCity 2000® Special Edition-->C:\WINDOWS\uninst.exe -f"C:\SIMCITY 2000\DeIsL1.isu"
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SmartFTP Client 2.0 Setup Files (remove only)-->"C:\Program Files\SmartFTP Client 2.0 Setup Files\uninst-sftp.exe"
SmartFTP Client 2.0-->MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
Soldier of Fortune II - Double Helix GOLD-->C:\SOLDIE~2\UNINST~1\UNWISE.EXE C:\SOLDIE~2\UNINST~1\INSTALL.LOG
Sound Blaster Live!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}\Setup.exe" -l0x9
Sound Blaster PCI128 Drivers Online Help-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\CREATIVE\AUDIO\HELP\SBPCIDRV.isu"
SoundEdit Pro-->C:\SOUNDE~1\UNWISE.EXE C:\SOUNDE~1\INSTALL.LOG
SPORE™ Creature Creator Trial Edition-->"C:\Program Files\InstallShield Installation Information\{ECEE0279-785F-4CB3-9F28-E69813234BF8}\setup.exe" -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy 1.3-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2-->"C:\Program Files\SpywareGuard\unins000.exe"
Star Wars JK II Jedi Outcast-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8681B1E6-CD96-46EF-9065-CE0D1085ED99}\Setup.exe"
Star Wars®: Knights of the Old Republic ™-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}\setup.exe" -l0x9
StarCraft X-tra Editor Version 2.5-->C:\Starcraft\SCXEDeinst\unins000.exe
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Starsiege TRIBES 1.8-->C:\WINDOWS\IsUninst.exe -f"C:\TRIBES\Uninst.isu"
Steels World v2.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{75899930-4038-4146-9F36-AF46F3C9AF92}
SuperjoyBox Game Controller Version 3.0-->"C:\Program Files\Superjoy\unins000.exe"
SvenCo-op 2.1 (Update)-->C:\WINDOWS\unvise32.exe C:\Half-Life\SvenCoop\uninstal.log
TBS WMP Plug-in-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{DB5F474C-B584-417F-810B-DEBBC1893C2A}
TeamSpeak 2 RC2-->C:\Teamspeak2_RC2\unins000.exe
TeamSpeak 2 Server RC2-->"C:\Teamspeak2_RC2 Server\unins000.exe"
Tetris 2000 version 1.0-->"C:\Tetris 2000\unins000.exe"
The Moon Project-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0196000-BEE3-11D4-9E9D-0050DA1EA555}\setup.exe"
TigerGame PS/PS2 Game Controller Adapter-->C:\PROGRA~1\SUPERJ~1\UNWISE.EXE C:\PROGRA~1\SUPERJ~1\INSTALL.LOG
Total Annihilation - Core Contingency-->C:\TOTALA\CC\CCQUERY.EXE
Total Annihilation Units Compilation Pack Version 2.0-->C:\TOTALA\taucpuninst\unins000.exe
Total Annihilation: Kingdoms-->C:\WINDOWS\IsUninst.exe -fC:\TAK\Uninst.isu
Total Annihilation-->C:\CAVEDOG\TOTALA\setup.exe -u
Total Video Converter 2.52-->"C:\Total Video Converter\unins000.exe"
Tribes 2-->C:\Tribes2\UNWISE.EXE C:\Tribes2\INSTALL.LOG
Tribes2Maps.com Automatic Mission Downloading System (remove only)-->"C:\Tribes2\T2M-AutoDL-uninstall.exe"
TrojanHunter 4.6-->"C:\TrojanHunter 4.6\unins000.exe"
Unreal Tournament 2003-->C:\UT2003\System\Setup.exe uninstall "UT2003"
Unreal Tournament 2004 Demo-->C:\UT2004Demo\System\Setup.exe uninstall "UT2004-Demo"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VDMSound-->C:\VDMSound\uninst.exe
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Ventrilo Server-->MsiExec.exe /I{1D46A3A0-B37D-423A-91C2-101A49E2FF80}
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Westwood Shared Internet Components-->C:\Westwood\Internet\UnstllAP.EXE
WFA 3.5-->"C:\Quake III Arena\wfa\unist\unins000.exe"
WFA Config Builder-->"C:\Program Files\BobWFACfg\uninst-bob.exe"
Wilderness Sounds 3.0 by Puma Man-->C:\MORROWIND\DATA FILES\Uninstall.exe
WinAce Archiver-->C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
Winamp (remove only)-->"C:\Winamp\UninstWA.exe"
Windows Live Safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",?UninstallFunction@CwlscCore@@QAEXXZ
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinFast® Display Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3BA36BC-6795-4DA0-91E9-6B2AF4ABE30A}\setup.exe"
WinMX-->C:\Program Files\WinMX\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Zelda Classic 2.10w-->C:\Other Games\Zelda Clasic\ZC2.10\uninstall.exe

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: RACKEY
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 93234
Source Name: Tcpip
Time Written: 20090121130646.000000-420
Event Type: warning
User:

Computer Name: RACKEY
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 93215
Source Name: W32Time
Time Written: 20090121024049.000000-420
Event Type: warning
User:

Computer Name: RACKEY
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 93211
Source Name: Tcpip
Time Written: 20090120150955.000000-420
Event Type: warning
User:

Computer Name: RACKEY
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 93171
Source Name: Tcpip
Time Written: 20090118202014.000000-420
Event Type: warning
User:

Computer Name: RACKEY
Event Code: 9
Message: The device, \Device\Ide\IdePort1, did not respond within the timeout period.

Record Number: 93170
Source Name: atapi
Time Written: 20090118200849.000000-420
Event Type: error
User:

=====Application event log=====

Computer Name: RACKEY
Event Code: 1000
Message: Faulting application mugen all characters battle zero.exe, version 0.0.0.0, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00010f29.

Record Number: 5030
Source Name: Application Error
Time Written: 20070829172210.000000-360
Event Type: error
User:

Computer Name: RACKEY
Event Code: 1000
Message: Faulting application mugen all characters battle zero.exe, version 0.0.0.0, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00010f29.

Record Number: 5029
Source Name: Application Error
Time Written: 20070829145058.000000-360
Event Type: error
User:

Computer Name: RACKEY
Event Code: 1000
Message: Faulting application mugen all characters battle zero.exe, version 0.0.0.0, faulting module mugen all characters battle zero.exe, version 0.0.0.0, fault address 0x00084df6.

Record Number: 5028
Source Name: Application Error
Time Written: 20070829144655.000000-360
Event Type: error
User:

Computer Name: RACKEY
Event Code: 1000
Message: Faulting application mugen all characters battle zero.exe, version 0.0.0.0, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00018494.

Record Number: 5027
Source Name: Application Error
Time Written: 20070829142740.000000-360
Event Type: error
User:

Computer Name: RACKEY
Event Code: 1002
Message: Hanging application firefox.exe, version 1.8.20070.6982, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 5010
Source Name: Application Hang
Time Written: 20070825133536.000000-360
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\backburner 2\;C:\VDMSound
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 1 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0103
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"VDMSPath"=C:\VDMSound

-----------------EOF-----------------


Logfile of random's system information tool 1.06 (written by random/random)
Run by user at 2009-04-17 07:22:09
Microsoft Windows XP Professional Service Pack 3
System drive C: has 8 GB (10%) free of 79 GB
Total RAM: 1023 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:22:23 AM, on 4/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\TrojanHunter 4.6\THGuard.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\Desktop\Security\Installers\RSIT.exe
C:\Program Files\trend micro\user.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [THGuard] "C:\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [zanisagumu] Rundll32.exe "C:\WINDOWS\system32\kuvimulo.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [zanisagumu] Rundll32.exe "C:\WINDOWS\system32\kuvimulo.dll",s (User 'NETWORK SERVICE')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Download with &DAP - C:\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....=javadl.sun.com
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5496 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Jet Detection"=C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [2001-11-29 28672]
"WINDVDPatch"=C:\WINDOWS\system32\CTHELPER.EXE [2002-07-02 24576]
"QuickTime Task"=C:\QuickTime\qttask.exe [2003-05-19 77824]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-02-24 5537792]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-02-24 86016]
"THGuard"=C:\TrojanHunter 4.6\THGuard.exe [2006-12-21 1108992]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-03-24 1932568]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-13 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryOptimizer]
c:\program files\advanced system optimizer\memtuneup.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\QuickTime\qttask.exe [2003-05-19 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seticlient]
C:\SETI@home\[email protected] -min []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe [2004-11-10 111816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^3DO Registration.lnk]
C:\Heroes3\Register\Remind32.exe [1999-06-04 67584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ISEXEng"=2
"gusvc"=2

C:\Documents and Settings\user\Start Menu\Programs\Startup
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-03-24 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=C:\Program Files\SpywareGuard\spywareguard.dll [2003-08-02 126976]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\eMule\emule.exe"="C:\eMule\emule.exe:*:Enabled:eMule"
"C:\Nox\GAME.EXE"="C:\Nox\GAME.EXE:*:Enabled:GAME"
"C:\Hegemonia\Hgm.exe"="C:\Hegemonia\Hgm.exe:*:Enabled:Haegemonia"
"C:\Warcraft III\Warcraft III.exe"="C:\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Half-Life\hl.exe"="C:\Half-Life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\AIM\aim.exe"="C:\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Starcraft\StarCraft.exe"="C:\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
"C:\Darkstone\Darkstone.exe"="C:\Darkstone\Darkstone.exe:*:Enabled:DarkStone"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Gate 88\gate88.exe"="C:\Gate 88\gate88.exe:*:Enabled:gate88"
"C:\Warcraft III\war3.exe"="C:\Warcraft III\war3.exe:*:Enabled:Warcraft III"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\Dawn of War\W40k.exe"="C:\Dawn of War\W40k.exe:*:Enabled:W40K"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Dungeon Siege\DungeonSiege.exe"="C:\Dungeon Siege\DungeonSiege.exe:*:Enabled:Dungeon Siege Game Executable"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\3dsmax7\3dsmax.exe"="C:\3dsmax7\3dsmax.exe:*:Enabled:3ds max 7"
"C:\Program Files\backburner 2\monitor.exe"="C:\Program Files\backburner 2\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\Program Files\backburner 2\manager.exe"="C:\Program Files\backburner 2\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\Program Files\backburner 2\server.exe"="C:\Program Files\backburner 2\server.exe:*:Enabled:backburner 2.3 server"
"C:\DAP\DAP.exe"="C:\DAP\DAP.exe:*:Enabled:Download Accelerator Plus"
"C:\Battlefield 1942\BF1942.exe"="C:\Battlefield 1942\BF1942.exe:*:Enabled:BF1942"
"C:\TOTALA Moo\TotalA.exe"="C:\TOTALA Moo\TotalA.exe:*:Enabled:Total Annihilation"
"C:\Heroes3\Heroes3_C_crked.exe"="C:\Heroes3\Heroes3_C_crked.exe:*:Enabled:Heroes of Might and Magic® III"
"C:\Black & White\runblack.exe"="C:\Black & White\runblack.exe:*:Enabled:lh"
"C:\Quake III Arena\quake3.exe"="C:\Quake III Arena\quake3.exe:*:Enabled:quake3"
"C:\Dungeon Siege II Demo\DungeonSiege2.exe"="C:\Dungeon Siege II Demo\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable"
"C:\Dungeon Siege 2\DungeonSiege2.exe"="C:\Dungeon Siege 2\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable"
"C:\Other Games\GBA\Test\vbaserver.exe"="C:\Other Games\GBA\Test\vbaserver.exe:*:Enabled:vbaserver"
"C:\Other Games\GBA\Test\VisualBoyAdvance.exe"="C:\Other Games\GBA\Test\VisualBoyAdvance.exe:*:Enabled:VisualBoyAdvance emulator"
"C:\WoS\Souls.exe"="C:\WoS\Souls.exe:*:Enabled:Well of Souls"
"C:\TRIBES\Tribes.exe"="C:\TRIBES\Tribes.exe:*:Enabled:Tribes"
"C:\Descent3\main.exe"="C:\Descent3\main.exe:*:Enabled:main"
"C:\UT2003\System\UT2003.exe"="C:\UT2003\System\UT2003.exe:*:Enabled:UT2003"
"C:\Doomsday\Bin\Doomsday.exe"="C:\Doomsday\Bin\Doomsday.exe:*:Enabled:Doomsday"
"C:\FEAR\fpupdate.exe"="C:\FEAR\fpupdate.exe:*:Enabled:fpupdate"
"C:\FEAR\FEAR.exe"="C:\FEAR\FEAR.exe:*:Enabled:FEAR"
"C:\FEAR\FEARMP.exe"="C:\FEAR\FEARMP.exe:*:Enabled:FEAR"
"C:\WINDOWS\system32\svchost.exe"="C:\WINDOWS\system32\svchost.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\user\LOCALS~1\Temp\27exinjs.p.exe"="C:\DOCUME~1\user\LOCALS~1\Temp\27exinjs.p.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\user\LOCALS~1\Temp\97exinjs.p.exe"="C:\DOCUME~1\user\LOCALS~1\Temp\97exinjs.p.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\user\LOCALS~1\Temp\87exinjs.p.exe"="C:\DOCUME~1\user\LOCALS~1\Temp\87exinjs.p.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\user\LOCALS~1\Temp\49exinjs.p.exe"="C:\DOCUME~1\user\LOCALS~1\Temp\49exinjs.p.exe:*:Enabled:Microsoft Update"
"C:\DOCUME~1\user\LOCALS~1\Temp\0exinjs.p.exe"="C:\DOCUME~1\user\LOCALS~1\Temp\0exinjs.p.exe:*:Enabled:Microsoft Update"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Quake2\quake2.exe"="C:\Quake2\quake2.exe:*:Enabled:quake2"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe"="C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe"="C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Sony\Station\Launchpad\LaunchPad.exe"="C:\Sony\Station\Launchpad\LaunchPad.exe:*:Enabled:LaunchPad"
"C:\VentSrv\ventrilo_srv.exe"="C:\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv"
"C:\Teamspeak2_RC2 Server\server_windows.exe"="C:\Teamspeak2_RC2 Server\server_windows.exe:*:Enabled:Server"
"C:\Roger Wilco\roger.exe"="C:\Roger Wilco\roger.exe:*:Enabled:Roger Wilco"
"C:\Roger Wilco\rwbs\rwbs.exe"="C:\Roger Wilco\rwbs\rwbs.exe:*:Enabled:rwbs"
"C:\SPORE\Sporebin\SporeCreatureCreator.exe"="C:\SPORE\Sporebin\SporeCreatureCreator.exe:*:Enabled:SPORE™ Creature Creator Trial Edition"
"C:\Heroes of Might and Magic IV\Heroes4.exe"="C:\Heroes of Might and Magic IV\Heroes4.exe:*:Enabled:Heroes of Might and Magic® IV"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\AIM\aim.exe"="C:\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-04-17 07:22:10 ----D---- C:\Program Files\trend micro
2009-04-17 07:22:09 ----D---- C:\rsit
2009-04-17 00:54:46 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-17 00:54:36 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-17 00:50:20 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-17 00:49:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-17 00:49:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-17 00:49:26 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-17 00:49:13 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-16 14:01:18 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-14 08:52:36 ----D---- C:\fsaua.data
2009-04-13 15:28:23 ----A---- C:\Rooter.txt
2009-04-13 11:07:53 ----A---- C:\WINDOWS\system32\javaws.exe
2009-04-13 11:07:53 ----A---- C:\WINDOWS\system32\javaw.exe
2009-04-13 11:07:53 ----A---- C:\WINDOWS\system32\java.exe
2009-04-13 11:07:53 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-04-13 09:09:23 ----D---- C:\WINDOWS\ERDNT
2009-04-13 09:08:48 ----D---- C:\ERUNT
2009-04-13 09:07:52 ----D---- C:\Rooter$
2009-04-13 08:39:09 ----D---- C:\Documents and Settings\user\Application Data\Malwarebytes
2009-04-13 08:39:01 ----D---- C:\Malwarebytes' Anti-Malware
2009-04-13 08:39:01 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-25 23:02:54 ----HD---- C:\$AVG8.VAULT$
2009-03-24 09:16:01 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-03-24 09:15:40 ----D---- C:\Program Files\AVG
2009-03-24 09:15:39 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-03-14 23:19:35 ----D---- C:\Sim Ant
2009-03-11 03:01:26 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 03:01:17 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-11 03:01:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-11 03:00:19 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-02-24 20:17:41 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-11 04:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-08 22:12:22 ----D---- C:\SimCity 2000

======List of files/folders modified in the last 3 months======

2009-04-17 07:22:14 ----D---- C:\WINDOWS\Prefetch
2009-04-17 07:22:10 ----AD---- C:\Program Files
2009-04-17 07:21:33 ----D---- C:\WINDOWS\system32
2009-04-17 07:21:32 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-17 07:17:44 ----SD---- C:\WINDOWS\Tasks
2009-04-17 07:17:37 ----D---- C:\WINDOWS\Temp
2009-04-17 07:17:26 ----D---- C:\WINDOWS
2009-04-17 07:17:24 ----A---- C:\WINDOWS\{00000002-00000000-0000000C-00001102-00000002-80651102}.BAK
2009-04-17 07:16:17 ----D---- C:\WINDOWS\system32\wbem
2009-04-17 07:16:17 ----D---- C:\WINDOWS\AppPatch
2009-04-17 00:55:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-17 00:54:51 ----HD---- C:\WINDOWS\inf
2009-04-17 00:54:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-17 00:54:40 ----A---- C:\WINDOWS\imsins.BAK
2009-04-17 00:54:18 ----D---- C:\WINDOWS\system32\en-US
2009-04-17 00:54:18 ----D---- C:\Program Files\Internet Explorer
2009-04-17 00:53:55 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-17 00:49:50 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-16 21:59:13 ----D---- C:\Program Files\Mozilla Firefox
2009-04-16 00:35:17 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-04-14 08:56:09 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-13 11:08:02 ----SHD---- C:\WINDOWS\Installer
2009-04-13 11:07:31 ----D---- C:\Program Files\Java
2009-04-13 09:25:43 ----AC---- C:\WINDOWS\ntbtlog.txt
2009-04-13 09:01:30 ----D---- C:\WINDOWS\system32\drivers
2009-04-12 20:37:48 ----A---- C:\WINDOWS\win.ini
2009-04-09 01:07:30 ----D---- C:\SWKotOR
2009-04-03 12:40:14 ----D---- C:\Other Games
2009-03-28 07:00:42 ----D---- C:\WINDOWS\system32\CatRoot
2009-03-24 09:15:16 ----D---- C:\WINDOWS\WinSxS
2009-03-24 09:14:42 ----SD---- C:\Documents and Settings\user\Application Data\Microsoft
2009-03-21 08:06:58 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-03-20 20:22:18 ----D---- C:\Documents and Settings\user\Application Data\Skype
2009-03-20 20:21:56 ----D---- C:\Documents and Settings\user\Application Data\skypePM
2009-03-12 19:29:23 ----D---- C:\DX Ball2
2009-03-12 13:34:20 ----D---- C:\TOTALA Moo
2009-03-10 22:18:20 ----N---- C:\WINDOWS\system32\LegitCheckControl.dll
2009-03-10 22:18:14 ----N---- C:\WINDOWS\system32\WgaTray.exe
2009-03-10 22:18:00 ----A---- C:\WINDOWS\system32\WgaLogon.dll
2009-03-06 08:22:18 ----A---- C:\WINDOWS\system32\pdh.dll
2009-03-04 15:07:16 ----A---- C:\WINDOWS\system32\CmdLineExt03.dll
2009-03-02 18:18:25 ----A---- C:\WINDOWS\system32\wininet.dll
2009-02-20 12:09:38 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-02-20 12:09:38 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-02-20 12:09:38 ----A---- C:\WINDOWS\system32\url.dll
2009-02-20 12:09:38 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-02-20 12:09:38 ----A---- C:\WINDOWS\system32\occache.dll
2009-02-20 12:09:38 ----A---- C:\WINDOWS\system32\mstime.dll
2009-02-20 12:09:38 ----A---- C:\WINDOWS\system32\msrating.dll
2009-02-20 12:09:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-02-20 12:09:38 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-02-20 12:09:37 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-02-20 12:09:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-02-20 12:09:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-02-20 12:09:37 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-02-20 12:09:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-02-20 12:09:37 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-02-20 12:09:36 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-02-20 12:09:36 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-02-20 12:09:36 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-02-20 12:09:36 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-02-20 12:09:36 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-02-20 12:09:36 ----A---- C:\WINDOWS\system32\icardie.dll
2009-02-20 12:09:36 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-02-20 12:09:36 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-02-20 12:09:35 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-02-20 12:09:35 ----A---- C:\WINDOWS\system32\advpack.dll
2009-02-20 04:20:49 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-02-20 04:20:49 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-02-19 23:14:12 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-02-16 17:54:14 ----D---- C:\Dungeon Siege 2
2009-02-09 06:10:49 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-02-09 06:10:48 ----A---- C:\WINDOWS\system32\rpcss.dll
2009-02-09 06:10:48 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-02-09 06:10:48 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-02-07 19:02:58 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-02-06 05:11:05 ----A---- C:\WINDOWS\system32\services.exe
2009-02-06 05:08:19 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-02-06 04:39:08 ----A---- C:\WINDOWS\system32\sc.exe
2009-02-03 13:59:07 ----A---- C:\WINDOWS\system32\secur32.dll
2009-01-22 00:40:47 ----D---- C:\Everquest

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-03-24 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-03-24 27656]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-03-27 108552]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys []
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-07-19 127948]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-07-19 837548]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-07-19 11068]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-07-19 213860]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-10-28 153088]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-07-19 156604]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2002-07-24 998004]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-02-24 3454144]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-07-19 195432]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WFsys;WinFox Control I/O Driver; C:\WINDOWS\System32\DRIVERS\wfsys.sys [2001-09-06 10652]
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 cel90xbe;cel90xbe; \??\C:\DOCUME~1\user\LOCALS~1\Temp\cel90xbe.sys []
S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM); C:\WINDOWS\system32\drivers\ES1370MP.sys [2001-08-17 37120]
S3 hidgame;Microsoft Hid to Joystick Port Enabler; C:\WINDOWS\system32\DRIVERS\hidgame.sys [2001-08-17 8576]
S3 insektxp;insektxp; C:\WINDOWS\System32\Drivers\InsektXp.sys [2002-07-20 29407]
S3 LwAdiHid;Logitech WingMan Digital Devices(Auto-Detect); C:\WINDOWS\system32\DRIVERS\LwAdiHid.sys [2002-08-28 20864]
S3 msgame;Sidewinder HID to Joystick Port Enabler; C:\WINDOWS\System32\DRIVERS\msgame.sys [2001-08-17 35200]
S3 ntgrip;Gravis GamePort device driver; C:\WINDOWS\system32\drivers\ntgrip.sys [2001-08-17 51552]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2005-03-20 68608]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-03-24 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-03-24 298264]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-13 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-02-24 127043]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2001-05-01 53248]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 183280]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------



GMER is attached.

Thanks for the assist.

Attached Files

  • Attached File  GMER.txt   6.88KB   228 downloads

  • 0

#4
fenzodahl512
Posted 17 April 2009 - 06:58 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
IMPORTANT!! Uninstall these programs first (if present..) so that they won't interfere with our fixes..

1. Ask Toolbar
2. Lavasoft Ad-Aware
3. Spybot - Search & Destroy
4. Viewpoint (all of them..)




Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O4 - HKUS\S-1-5-19\..\Run: [zanisagumu] Rundll32.exe "C:\WINDOWS\system32\kuvimulo.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [zanisagumu] Rundll32.exe "C:\WINDOWS\system32\kuvimulo.dll",s (User 'NETWORK SERVICE')

Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.




NEXT


Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
explorer.exe

:services
cel90xbe

:files
C:\WINDOWS\system32\kuvimulo.dll
C:\Documents and Settings\user\Local Settings\temp\??exinjs.p.exe
C:\Documents and Settings\user\Local Settings\temp\?exinjs.p.exe
C:\Documents and Settings\user\Local Settings\temp\cel90xbe.sys

:reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\DOCUME~1\user\LOCALS~1\Temp\27exinjs.p.exe"=-
"C:\DOCUME~1\user\LOCALS~1\Temp\97exinjs.p.exe"=-
"C:\DOCUME~1\user\LOCALS~1\Temp\87exinjs.p.exe"=-
"C:\DOCUME~1\user\LOCALS~1\Temp\49exinjs.p.exe"=-
"C:\DOCUME~1\user\LOCALS~1\Temp\0exinjs.p.exe"=-

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT again... Post these logs in your next reply..

1. OTMoveIt3
2. RSIT log.txt
  • 0

#5
Gothos
Posted 18 April 2009 - 06:43 AM

Gothos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Could not locate any ASK Toolbar(s)
Removed the 2 registry entries (HKUS\S ....)
Removed programs and folders and emptied trash bin for the rest.
Logs listed below.


OTMoveIt3 log ----



========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========

Service\Driver cel90xbe deleted successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\kuvimulo.dll not found.
File/Folder C:\Documents and Settings\user\Local Settings\temp\??exinjs.p.exe not found.
File/Folder C:\Documents and Settings\user\Local Settings\temp\?exinjs.p.exe not found.
File/Folder C:\Documents and Settings\user\Local Settings\temp\cel90xbe.sys not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\user\LOCALS~1\Temp\27exinjs.p.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\user\LOCALS~1\Temp\97exinjs.p.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\user\LOCALS~1\Temp\87exinjs.p.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\user\LOCALS~1\Temp\49exinjs.p.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\DOCUME~1\user\LOCALS~1\Temp\0exinjs.p.exe deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DFBAB2.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DFF7A7.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\P9QVHJAR\iframe[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\711CDHKJ\I-m-loss-bizarre-attack-t235516[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1fc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04182009_062435




RSIT log ------

Logfile of random's system information tool 1.06 (written by random/random)
Run by user at 2009-04-18 06:33:39
Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (17%) free of 79 GB
Total RAM: 1023 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:33:54 AM, on 4/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\TrojanHunter 4.6\THGuard.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\Desktop\Security\RSIT.exe
C:\Program Files\trend micro\user.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [THGuard] "C:\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Download with &DAP - C:\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun....=javadl.sun.com
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5255 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Jet Detection"=C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [2001-11-29 28672]
"WINDVDPatch"=C:\WINDOWS\system32\CTHELPER.EXE [2002-07-02 24576]
"QuickTime Task"=C:\QuickTime\qttask.exe [2003-05-19 77824]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-02-24 5537792]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-02-24 86016]
"THGuard"=C:\TrojanHunter 4.6\THGuard.exe [2006-12-21 1108992]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-03-24 1932568]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-13 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryOptimizer]
c:\program files\advanced system optimizer\memtuneup.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\QuickTime\qttask.exe [2003-05-19 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seticlient]
C:\SETI@home\[email protected] -min []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^3DO Registration.lnk]
C:\Heroes3\Register\Remind32.exe [1999-06-04 67584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ISEXEng"=2
"gusvc"=2

C:\Documents and Settings\user\Start Menu\Programs\Startup
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-03-24 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=C:\Program Files\SpywareGuard\spywareguard.dll [2003-08-02 126976]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\eMule\emule.exe"="C:\eMule\emule.exe:*:Enabled:eMule"
"C:\Nox\GAME.EXE"="C:\Nox\GAME.EXE:*:Enabled:GAME"
"C:\Hegemonia\Hgm.exe"="C:\Hegemonia\Hgm.exe:*:Enabled:Haegemonia"
"C:\Warcraft III\Warcraft III.exe"="C:\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Half-Life\hl.exe"="C:\Half-Life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\AIM\aim.exe"="C:\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Starcraft\StarCraft.exe"="C:\Starcraft\StarCraft.exe:*:Enabled:Starcraft"
"C:\Darkstone\Darkstone.exe"="C:\Darkstone\Darkstone.exe:*:Enabled:DarkStone"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Gate 88\gate88.exe"="C:\Gate 88\gate88.exe:*:Enabled:gate88"
"C:\Warcraft III\war3.exe"="C:\Warcraft III\war3.exe:*:Enabled:Warcraft III"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\Dawn of War\W40k.exe"="C:\Dawn of War\W40k.exe:*:Enabled:W40K"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Dungeon Siege\DungeonSiege.exe"="C:\Dungeon Siege\DungeonSiege.exe:*:Enabled:Dungeon Siege Game Executable"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\3dsmax7\3dsmax.exe"="C:\3dsmax7\3dsmax.exe:*:Enabled:3ds max 7"
"C:\Program Files\backburner 2\monitor.exe"="C:\Program Files\backburner 2\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\Program Files\backburner 2\manager.exe"="C:\Program Files\backburner 2\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\Program Files\backburner 2\server.exe"="C:\Program Files\backburner 2\server.exe:*:Enabled:backburner 2.3 server"
"C:\DAP\DAP.exe"="C:\DAP\DAP.exe:*:Enabled:Download Accelerator Plus"
"C:\Battlefield 1942\BF1942.exe"="C:\Battlefield 1942\BF1942.exe:*:Enabled:BF1942"
"C:\TOTALA Moo\TotalA.exe"="C:\TOTALA Moo\TotalA.exe:*:Enabled:Total Annihilation"
"C:\Heroes3\Heroes3_C_crked.exe"="C:\Heroes3\Heroes3_C_crked.exe:*:Enabled:Heroes of Might and Magic® III"
"C:\Black & White\runblack.exe"="C:\Black & White\runblack.exe:*:Enabled:lh"
"C:\Quake III Arena\quake3.exe"="C:\Quake III Arena\quake3.exe:*:Enabled:quake3"
"C:\Dungeon Siege II Demo\DungeonSiege2.exe"="C:\Dungeon Siege II Demo\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable"
"C:\Dungeon Siege 2\DungeonSiege2.exe"="C:\Dungeon Siege 2\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable"
"C:\Other Games\GBA\Test\vbaserver.exe"="C:\Other Games\GBA\Test\vbaserver.exe:*:Enabled:vbaserver"
"C:\Other Games\GBA\Test\VisualBoyAdvance.exe"="C:\Other Games\GBA\Test\VisualBoyAdvance.exe:*:Enabled:VisualBoyAdvance emulator"
"C:\WoS\Souls.exe"="C:\WoS\Souls.exe:*:Enabled:Well of Souls"
"C:\TRIBES\Tribes.exe"="C:\TRIBES\Tribes.exe:*:Enabled:Tribes"
"C:\Descent3\main.exe"="C:\Descent3\main.exe:*:Enabled:main"
"C:\UT2003\System\UT2003.exe"="C:\UT2003\System\UT2003.exe:*:Enabled:UT2003"
"C:\Doomsday\Bin\Doomsday.exe"="C:\Doomsday\Bin\Doomsday.exe:*:Enabled:Doomsday"
"C:\FEAR\fpupdate.exe"="C:\FEAR\fpupdate.exe:*:Enabled:fpupdate"
"C:\FEAR\FEAR.exe"="C:\FEAR\FEAR.exe:*:Enabled:FEAR"
"C:\FEAR\FEARMP.exe"="C:\FEAR\FEARMP.exe:*:Enabled:FEAR"
"C:\WINDOWS\system32\svchost.exe"="C:\WINDOWS\system32\svchost.exe:*:Enabled:Microsoft Update"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Quake2\quake2.exe"="C:\Quake2\quake2.exe:*:Enabled:quake2"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe"="C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0"
"C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe"="C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Sony\Station\Launchpad\LaunchPad.exe"="C:\Sony\Station\Launchpad\LaunchPad.exe:*:Enabled:LaunchPad"
"C:\VentSrv\ventrilo_srv.exe"="C:\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv"
"C:\Teamspeak2_RC2 Server\server_windows.exe"="C:\Teamspeak2_RC2 Server\server_windows.exe:*:Enabled:Server"
"C:\Roger Wilco\roger.exe"="C:\Roger Wilco\roger.exe:*:Enabled:Roger Wilco"
"C:\Roger Wilco\rwbs\rwbs.exe"="C:\Roger Wilco\rwbs\rwbs.exe:*:Enabled:rwbs"
"C:\SPORE\Sporebin\SporeCreatureCreator.exe"="C:\SPORE\Sporebin\SporeCreatureCreator.exe:*:Enabled:SPORE™ Creature Creator Trial Edition"
"C:\Heroes of Might and Magic IV\Heroes4.exe"="C:\Heroes of Might and Magic IV\Heroes4.exe:*:Enabled:Heroes of Might and Magic® IV"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\AIM\aim.exe"="C:\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-04-18 06:24:35 ----D---- C:\_OTMoveIt
2009-04-17 07:22:10 ----D---- C:\Program Files\trend micro
2009-04-17 07:22:09 ----D---- C:\rsit
2009-04-17 00:54:46 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-17 00:54:36 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-17 00:50:20 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-17 00:49:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-17 00:49:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-17 00:49:26 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-17 00:49:13 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-16 14:01:18 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-14 08:52:36 ----D---- C:\fsaua.data
2009-04-13 15:28:23 ----A---- C:\Rooter.txt
2009-04-13 11:07:53 ----A---- C:\WINDOWS\system32\javaws.exe
2009-04-13 11:07:53 ----A---- C:\WINDOWS\system32\javaw.exe
2009-04-13 11:07:53 ----A---- C:\WINDOWS\system32\java.exe
2009-04-13 11:07:53 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-04-13 09:09:23 ----D---- C:\WINDOWS\ERDNT
2009-04-13 09:08:48 ----D---- C:\ERUNT
2009-04-13 09:07:52 ----D---- C:\Rooter$
2009-04-13 08:39:09 ----D---- C:\Documents and Settings\user\Application Data\Malwarebytes
2009-04-13 08:39:01 ----D---- C:\Malwarebytes' Anti-Malware
2009-04-13 08:39:01 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-25 23:02:54 ----HD---- C:\$AVG8.VAULT$
2009-03-24 09:16:01 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-03-24 09:15:40 ----D---- C:\Program Files\AVG
2009-03-24 09:15:39 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-03-14 23:19:35 ----D---- C:\Sim Ant
2009-03-11 03:01:26 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 03:01:17 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-11 03:01:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-11 03:00:19 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-02-24 20:17:41 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-11 04:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-08 22:12:22 ----D---- C:\SimCity 2000

======List of files/folders modified in the last 3 months======

2009-04-18 06:33:48 ----D---- C:\WINDOWS\Prefetch
2009-04-18 06:30:05 ----A---- C:\WINDOWS\{00000002-00000000-0000000C-00001102-00000002-80651102}.BAK
2009-04-18 06:30:00 ----D---- C:\WINDOWS\Temp
2009-04-18 06:29:23 ----SD---- C:\WINDOWS\Tasks
2009-04-18 06:28:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-18 06:17:05 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-04-18 06:17:04 ----AD---- C:\Program Files
2009-04-18 06:10:29 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-04-18 06:10:29 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-18 06:10:01 ----D---- C:\Program Files\Ad-aware 6
2009-04-18 01:46:34 ----D---- C:\Program Files\Mozilla Firefox
2009-04-17 07:29:23 ----AC---- C:\WINDOWS\WORDPAD.INI
2009-04-17 07:21:33 ----D---- C:\WINDOWS\system32
2009-04-17 07:21:32 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-17 07:17:39 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-04-17 07:17:26 ----D---- C:\WINDOWS
2009-04-17 07:16:17 ----D---- C:\WINDOWS\system32\wbem
2009-04-17 07:16:17 ----D---- C:\WINDOWS\AppPatch
2009-04-17 00:54:51 ----HD---- C:\WINDOWS\inf
2009-04-17 00:54:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-17 00:54:40 ----A---- C:\WINDOWS\imsins.BAK
2009-04-17 00:54:18 ----D---- C:\WINDOWS\system32\en-US
2009-04-17 00:54:18 ----D---- C:\Program Files\Internet Explorer
2009-04-17 00:53:55 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-17 00:49:50 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-14 08:56:09 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-13 11:08:02 ----SHD---- C:\WINDOWS\Installer
2009-04-13 11:07:31 ----D---- C:\Program Files\Java
2009-04-13 09:25:43 ----AC---- C:\WINDOWS\ntbtlog.txt
2009-04-13 09:01:30 ----D---- C:\WINDOWS\system32\drivers
2009-04-12 20:37:48 ----A---- C:\WINDOWS\win.ini
2009-04-09 01:07:30 ----D---- C:\SWKotOR
2009-04-03 12:40:14 ----D---- C:\Other Games
2009-03-28 07:00:42 ----D---- C:\WINDOWS\system32\CatRoot
2009-03-24 09:15:16 ----D---- C:\WINDOWS\WinSxS
2009-03-24 09:14:42 ----SD---- C:\Documents and Settings\user\Application Data\Microsoft
2009-03-21 08:06:58 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-03-20 20:22:18 ----D---- C:\Documents and Settings\user\Application Data\Skype
2009-03-20 20:21:56 ----D---- C:\Documents and Settings\user\Application Data\skypePM
2009-03-12 19:29:23 ----D---- C:\DX Ball2
2009-03-12 13:34:20 ----D---- C:\TOTALA Moo
2009-03-10 22:18:20 ----N---- C:\WINDOWS\system32\LegitCheckControl.dll
2009-03-10 22:18:14 ----N---- C:\WINDOWS\system32\WgaTray.exe
2009-03-10 22:18:00 ----A---- C:\WINDOWS\system32\WgaLogon.dll
2009-03-06 08:22:18 ----A---- C:\WINDOWS\system32\pdh.dll
2009-03-04 15:07:16 ----A---- C:\WINDOWS\system32\CmdLineExt03.dll
2009-03-02 18:18:25 ----A---- C:\WINDOWS\system32\wininet.dll
2009-02-20 12:09:38 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-02-20 12:09:38 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-02-20 12:09:38 ----A---- C:\WINDOWS\system32\url.dll
2009-02-20 12:09:38 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-02-20 12:09:38 ----A---- C:\WINDOWS\system32\occache.dll
2009-02-20 12:09:38 ----A---- C:\WINDOWS\system32\mstime.dll
2009-02-20 12:09:38 ----A---- C:\WINDOWS\system32\msrating.dll
2009-02-20 12:09:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-02-20 12:09:38 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-02-20 12:09:37 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-02-20 12:09:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-02-20 12:09:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-02-20 12:09:37 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-02-20 12:09:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-02-20 12:09:37 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-02-20 12:09:36 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-02-20 12:09:36 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-02-20 12:09:36 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-02-20 12:09:36 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-02-20 12:09:36 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-02-20 12:09:36 ----A---- C:\WINDOWS\system32\icardie.dll
2009-02-20 12:09:36 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-02-20 12:09:36 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-02-20 12:09:35 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-02-20 12:09:35 ----A---- C:\WINDOWS\system32\advpack.dll
2009-02-20 04:20:49 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-02-20 04:20:49 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-02-19 23:14:12 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-02-16 17:54:14 ----D---- C:\Dungeon Siege 2
2009-02-09 06:10:49 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-02-09 06:10:48 ----A---- C:\WINDOWS\system32\rpcss.dll
2009-02-09 06:10:48 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-02-09 06:10:48 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-02-07 19:02:58 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-02-06 05:11:05 ----A---- C:\WINDOWS\system32\services.exe
2009-02-06 05:08:19 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-02-06 04:39:08 ----A---- C:\WINDOWS\system32\sc.exe
2009-02-03 13:59:07 ----A---- C:\WINDOWS\system32\secur32.dll
2009-01-22 00:40:47 ----D---- C:\Everquest

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-03-24 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-03-24 27656]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-03-27 108552]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys []
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-07-19 127948]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-07-19 837548]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-07-19 11068]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-07-19 213860]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-10-28 153088]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-07-19 156604]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2002-07-24 998004]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-02-24 3454144]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-07-19 195432]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WFsys;WinFox Control I/O Driver; C:\WINDOWS\System32\DRIVERS\wfsys.sys [2001-09-06 10652]
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 ES1370;Creative AudioPCI (ES1370), SB PCI 64/128 (WDM); C:\WINDOWS\system32\drivers\ES1370MP.sys [2001-08-17 37120]
S3 hidgame;Microsoft Hid to Joystick Port Enabler; C:\WINDOWS\system32\DRIVERS\hidgame.sys [2001-08-17 8576]
S3 insektxp;insektxp; C:\WINDOWS\System32\Drivers\InsektXp.sys [2002-07-20 29407]
S3 LwAdiHid;Logitech WingMan Digital Devices(Auto-Detect); C:\WINDOWS\system32\DRIVERS\LwAdiHid.sys [2002-08-28 20864]
S3 msgame;Sidewinder HID to Joystick Port Enabler; C:\WINDOWS\System32\DRIVERS\msgame.sys [2001-08-17 35200]
S3 ntgrip;Gravis GamePort device driver; C:\WINDOWS\system32\drivers\ntgrip.sys [2001-08-17 51552]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2005-03-20 68608]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-03-24 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-03-24 298264]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-13 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-02-24 127043]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2001-05-01 53248]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 183280]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------
  • 0

#6
fenzodahl512
Posted 18 April 2009 - 06:56 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


How's the computer now? :)
  • 0

#7
Gothos
Posted 18 April 2009 - 08:28 AM

Gothos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Seems to be running a lot faster.

Here's the log file for ESET ----

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=4018 (20090418)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=97548c6b8bc8cc45a16d0614d7a1410f
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-04-18 02:24:47
# local_time=2009-04-18 08:24:47 (-0700, Mountain Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=254910
# found=2
# scan_time=4954
C:\Program Files\BitTorrent\uninstall.exe Win32/Adware.BHO.AV application (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\SmartFTP Client 2.0 Setup Files\uninst-sftp.exe Win32/Adware.BHO.AV application (unable to clean - deleted) 00000000000000000000000000000000
  • 0

#8
fenzodahl512
Posted 18 April 2009 - 11:58 AM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Looks good to me.. Lets do some cleanup...


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware



Read these links about safe internet surfing..

http://www.pcpitstop...safesurfing.asp
http://bluefive.pair...afe_surfing.htm



Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512
  • 0

#9
Gothos
Posted 18 April 2009 - 12:09 PM

Gothos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
No problems seen. system is running much faster, as well as a quicker boot up sequence.

Thanks again for the assist

:)
  • 0

#10
fenzodahl512
Posted 18 April 2009 - 12:16 PM

fenzodahl512

  • Malware Removal
  • 9,863 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP