Severe Download Trojan - Help :(

Posted 7/29/2009 5:18 PM
#75545
User avatar

LordBTY Advanced member

Date Joined Nov 2016
Total Posts: 35
I had several instances of iexplore.exe running in the start task manager. I got many pop ups for anti-virus software, access to game sites etc. <br/> <br/>I've tried removing them in safe mode - they just came back again. <br/> <br/>I've run avast, avg, spydoctor (who informed me it was a download trojan), avz, trojan remover, Malware-Bytes Anti-Malware, combofix, CCleaner (along with the registry fix) <br/> <br/>SuperAntiSpyware does not work. <br/> <br/>Now, safe mode does not work and neither does my internet. <br/> <br/>Please help! :( <br/> <br/>I'm currently logged on using a laptop... <br/> <br/>Here's the Hijackthis log.. <br/> <br/>I also have a ComboFix log (however, I've read the rules and I'm not allowed to post it without someone asking me to do so.) <br/> <br/>---- <br/> <br/>Logfile of Trend Micro HijackThis v2.0.2 <br/>Scan saved at 17:04:19, on 29/07/2009 <br/>Platform: Windows XP SP3 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v7.00 SP3 (7.00.6000.16850) <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe <br/>C:\Program Files\Alwil Software\Avast4\ashServ.exe <br/>C:\WINDOWS\System32\spoolsv.exe <br/>C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe <br/>C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe <br/>C:\WINDOWS\system32\nvsvc32.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\PROGRA~1\AVG\AVG8\avgemc.exe <br/>C:\PROGRA~1\AVG\AVG8\avgrsx.exe <br/>C:\PROGRA~1\AVG\AVG8\avgnsx.exe <br/>C:\Program Files\AVG\AVG8\avgcsrvx.exe <br/>C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe <br/>C:\Program Files\Alwil Software\Avast4\ashWebSv.exe <br/>C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\WINDOWS\explorer.exe <br/>C:\WINDOWS\system32\notepad.exe <br/>C:\Program Files\Mozilla Firefox\firefox.exe <br/>C:\Program Files\Trend Micro\HijackThis\HijackThis.exe <br/> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 <br/>R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll <br/>O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll <br/>O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll <br/>O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll <br/>O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll <br/>O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll <br/>O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) <br/>O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll <br/>O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll <br/>O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll <br/>O2 - BHO: (no name) - {D8AF8CAD-BCDC-4FDD-9D4C-9DE8C63EC4B3} - C:\PROGRA~1\MRSCAS~1\1.0\MRSCAS~1.DLL <br/>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll <br/>O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll <br/>O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll <br/>O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll <br/>O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll <br/>O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe <br/>O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup <br/>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe <br/>O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM') <br/>O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user') <br/>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll <br/>O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll <br/>O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll <br/>O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll <br/>O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab <br/>O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 <br/>O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll <br/>O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab <br/>O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab <br/>O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238448251250 <br/>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab <br/>O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab <br/>O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll <br/>O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll <br/>O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe <br/>O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe <br/>O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe <br/>O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe <br/>O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe <br/>O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe <br/>O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe <br/>O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe <br/>O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe <br/>O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe <br/>O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <br/>O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe <br/>O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe <br/>O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe <br/>O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe <br/>O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe <br/>O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe <br/>O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe <br/>O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe <br/> <br/>-- <br/>End of file - 8879 bytes <br/> <br/>---- <br/> <br/>Thank you very much!
Posted 7/29/2009 11:27 PM
#75556
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Hello LordBTY, <br/> <br/>Right now the only unwanted items showing in this log are you have two antivirus softwares installed, which will cause quite a few problems and issues. You need to choose between them, then disable all security software and uninstall either AVG or Avast. Realistically, as this arrangement may have corrupted both, you might want to go with uninstalling both for now, until we get things sorted out here. You may find some improvements just by those removals. <br/> <br/> <br/>Once you have made those changes reboot, and let's get some additional info to check further. <br/> <br/>To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. <br/> <br/> <br/> Download RSIT (random's system information tool) from here to your desktop, then click on the RSIT.exe to start the scan. <br/> <br/>If necessary allow it to locate or download a copy of HijackThis as needed. <br/> <br/>Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt. <br/> <br/>RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt). <br/> <br/>You can break logs into parts and use separate posts here when replying and posting the log files, if needed. <br/> <br/>-------------- <br/> <br/>Also click here and download the installer for Gmer to your desktop, then click that file to run Gmer. <br/> <br/> <br/>If on it's opening scan Gmer locates items shown in red or indicates "hidden" or "rootkit", stop there, and click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. We don't want any crashes just from taking an initial look at things. <br/> <br/>If not, then click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan). <br/> <br/>When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.
Posted 7/30/2009 5:02 PM
#75570
User avatar

cuqe Member

Date Joined Nov 2016
Total Posts: 1
Hello LordBTY, <br/> <br/>I am a member from China.I am willing to help you to solve this problem,but Hijackthis log is not <SPAN class=mn>detailed.pelease download SREng(system repair engineer)to get a log and send to me.my e-mail address is [url=chih-chao@qq.com]chih-chao@qq.com[/url] . http://download.kztechs.com/files/sreng2.zip 智能扫描——扫描(scan)——保存报告(save log) <br/> <br/><SPAN class=mn>http://download.kztechs.com/files/sreng2.zip
Posted 7/30/2009 8:39 PM
#75574
User avatar

LordBTY Advanced member

Date Joined Nov 2016
Total Posts: 35
Ok, GMER is scanning now and I've got the rist logs <br/> <br/>I'll post it in a moment <br/> <br/>Thank you :) <br/> <br/>---- <br/> <br/>TomMx
Posted 7/30/2009 10:15 PM
#75576
User avatar

LordBTY Advanced member

Date Joined Nov 2016
Total Posts: 35
RSIT Log <br/> <br/>Logfile of random's system information tool 1.06 (written by random/random) <br/>Run by User at 2009-07-30 21:13:30 <br/>Microsoft Windows XP Home Edition Service Pack 3 <br/>System drive C: has 87 GB (37%) free of 238 GB <br/>Total RAM: 1022 MB (65% free) <br/> <br/>Logfile of Trend Micro HijackThis v2.0.2 <br/>Scan saved at 21:13:36, on 30/07/2009 <br/>Platform: Windows XP SP3 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v7.00 SP3 (7.00.6000.16850) <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\spoolsv.exe <br/>C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe <br/>C:\WINDOWS\system32\nvsvc32.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe <br/>E:\RSIT.exe <br/>C:\Program Files\Trend Micro\HijackThis\User.exe <br/> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 <br/>O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll <br/>O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll <br/>O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll <br/>O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll <br/>O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) <br/>O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll <br/>O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll <br/>O2 - BHO: (no name) - {D8AF8CAD-BCDC-4FDD-9D4C-9DE8C63EC4B3} - C:\PROGRA~1\MRSCAS~1\1.0\MRSCAS~1.DLL <br/>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll <br/>O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll <br/>O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll <br/>O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll <br/>O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) <br/>O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup <br/>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe <br/>O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM') <br/>O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user') <br/>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll <br/>O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll <br/>O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll <br/>O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll <br/>O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab <br/>O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 <br/>O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll <br/>O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab <br/>O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab <br/>O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238448251250 <br/>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab <br/>O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab <br/>O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe <br/>O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe <br/>O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe <br/>O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe <br/>O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <br/>O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe <br/>O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe <br/>O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe <br/>O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe <br/>O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe <br/>O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe <br/>O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe <br/>O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe <br/> <br/>-- <br/>End of file - 7076 bytes <br/> <br/>======Scheduled tasks folder====== <br/> <br/>C:\WINDOWS\tasks\AppleSoftwareUpdate.job <br/> <br/>======Registry dump====== <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] <br/>&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] <br/>Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}] <br/>Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] <br/>SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-05-26 320920] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] <br/>Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] <br/>Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-11-10 657904] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D8AF8CAD-BCDC-4FDD-9D4C-9DE8C63EC4B3}] <br/>C:\PROGRA~1\MRSCAS~1\1.0\MRSCAS~1.DLL [2006-05-23 549888] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] <br/>Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-26 35840] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] <br/>JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-26 73728] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] <br/>{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504] <br/>{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! ¤u¨ã¦C - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936] <br/>{CCC7A320-B3CA-4199-B1A6-9F516DD69829} <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <br/>"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776] <br/> <br/>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <br/>"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY] <br/>C:\PROGRA~1\AVG\AVG8\avgtray.exe [] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] <br/>C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-01 153136] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] <br/>C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper] <br/>C:\WINDOWS\system32\CTHELPER.EXE [2007-12-12 23040] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dog about manager team] <br/>C:\Documents and Settings\All Users\Application Data\Drv Audio Dog About\Camp Ball.exe [2009-07-29 757760] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O] <br/>C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-10-23 385024] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] <br/>C:\Program Files\Common Files\AOL\1241988343\ee\AOLSoftware.exe [2006-11-14 50736] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure] <br/>C:\WINDOWS\system32\JMRaidTool.exe [2006-08-14 352256] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] <br/>C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-05-18 49152] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] <br/>C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-05-15 484904] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] <br/>C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] <br/>C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] <br/>nwiz.exe /install [] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2] <br/>C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] <br/>C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [2008-03-28 1079296] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] <br/>C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ref list] <br/>C:\DOCUME~1\User\APPLIC~1\ERRORP~1\Less Admin.exe [2009-07-27 503808] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] <br/>C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-12-07 30208] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI] <br/>C:\WINDOWS\system32\MIDIDef.exe [2007-12-12 31232] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner] <br/>C:\Program Files\Trojan Remover\Trjscan.exe /boot [] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client] <br/>C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WG111v2 Smart Wizard Wireless Setting.lnk] <br/>C:\PROGRA~1\NETGEAR\WG111V~1\RtlWake.exe [2006-04-06 745472] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] <br/>"vsmon"=2 <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <br/>WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] <br/>"dontdisplaylastusername"=0 <br/>"legalnoticecaption"= <br/>"legalnoticetext"= <br/>"shutdownwithoutlogon"=1 <br/>"undockwithoutlogon"=1 <br/> <br/>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] <br/>"NoDriveTypeAutoRun"=323 <br/>"NoDriveAutoRun"=67108863 <br/>"NoDrives"=0 <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] <br/>"HonorAutoRunSetting"= <br/>"NoDriveAutoRun"= <br/>"NoDriveTypeAutoRun"= <br/>"NoDrives"= <br/> <br/>[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] <br/>"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" <br/>"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard" <br/>"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL" <br/>"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL" <br/>"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" <br/>"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire" <br/>"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" <br/>"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" <br/>"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server" <br/>"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" <br/>"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console" <br/>"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" <br/>"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" <br/>"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" <br/>"C:\Program Files\AOL 9.0 VR\waol.exe"="C:\Program Files\AOL 9.0 VR\waol.exe:*:Enabled:AOL" <br/>"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed" <br/>"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader" <br/>"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information" <br/>"C:\Program Files\AOL 9.0 VR\aol.exe"="C:\Program Files\AOL 9.0 VR\aol.exe:*:Enabled:AOL 9.0 VR" <br/>"C:\Program Files\AOL 9.0 VR\AOLphx.exe"="C:\Program Files\AOL 9.0 VR\AOLphx.exe:*:Enabled:AOLphx.exe" <br/>"C:\Program Files\AOL 9.0 VR\AOLphxex.exe"="C:\Program Files\AOL 9.0 VR\AOLphxex.exe:*:Enabled:AOLphxex.exe" <br/>"C:\Program Files\AOL 9.0 VR\shellrestart.exe"="C:\Program Files\AOL 9.0 VR\shellrestart.exe:*:Enabled:shellrestart.exe" <br/>"C:\Program Files\AOL 9.0 VR\shellmon.exe"="C:\Program Files\AOL 9.0 VR\shellmon.exe:*:Enabled:shellmon.exe" <br/>"C:\Program Files\Common Files\AOL\1241988343\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1241988343\ee\aolsoftware.exe:*:Enabled:AOL Shared Components" <br/>"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer" <br/> <br/>[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] <br/>"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" <br/>"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL" <br/>"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL" <br/>"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" <br/>"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL" <br/>"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" <br/>"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" <br/>"C:\Program Files\AOL 9.0a\waol.exe"="C:\Program Files\AOL 9.0a\waol.exe:*:Enabled:AOL" <br/> <br/>======List of files/folders created in the last 1 months====== <br/> <br/>2009-07-30 21:13:30 ----D---- C:\rsit <br/>2009-07-30 21:07:06 ----SHD---- C:\RECYCLER <br/>2009-07-29 17:01:58 ----A---- C:\ComboFix.txt <br/>2009-07-29 16:45:01 ----A---- C:\Boot.bak <br/>2009-07-29 16:44:57 ----RASHD---- C:\cmdcons <br/>2009-07-29 16:40:11 ----A---- C:\WINDOWS\zip.exe <br/>2009-07-29 16:40:11 ----A---- C:\WINDOWS\SWXCACLS.exe <br/>2009-07-29 16:40:11 ----A---- C:\WINDOWS\SWSC.exe <br/>2009-07-29 16:40:11 ----A---- C:\WINDOWS\SWREG.exe <br/>2009-07-29 16:40:11 ----A---- C:\WINDOWS\sed.exe <br/>2009-07-29 16:40:11 ----A---- C:\WINDOWS\PEV.exe <br/>2009-07-29 16:40:11 ----A---- C:\WINDOWS\NIRCMD.exe <br/>2009-07-29 16:40:11 ----A---- C:\WINDOWS\grep.exe <br/>2009-07-29 16:40:06 ----D---- C:\WINDOWS\ERDNT <br/>2009-07-29 16:39:08 ----D---- C:\Qoobox <br/>2009-07-29 16:38:41 ----HD---- C:\WINDOWS\PIF <br/>2009-07-29 03:12:30 ----D---- C:\Program Files\Trend Micro <br/>2009-07-29 03:09:35 ----D---- C:\Documents and Settings\User\Application Data\Malwarebytes <br/>2009-07-29 03:09:20 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes <br/>2009-07-29 03:09:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware <br/>2009-07-27 22:17:55 ----D---- C:\Program Files\Error pure <br/>2009-07-27 22:08:22 ----A---- C:\WINDOWS\SchedLgU.Txt <br/>2009-07-19 22:25:31 ----D---- C:\Documents and Settings\All Users\Application Data\Drv Audio Dog About <br/>2009-07-19 22:24:17 ----D---- C:\Documents and Settings\User\Application Data\Error pure <br/>2009-07-19 22:19:34 ----D---- C:\Program Files\Circle Developement <br/>2009-07-16 12:38:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$ <br/>2009-07-16 12:38:14 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$ <br/>2009-07-16 12:33:45 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$ <br/>2009-07-11 00:25:15 ----D---- C:\Program Files\Common Files\Wise Installation Wizard <br/> <br/>======List of files/folders modified in the last 1 months====== <br/> <br/>2009-07-30 21:13:29 ----D---- C:\WINDOWS\Prefetch <br/>2009-07-30 21:11:10 ----D---- C:\WINDOWS\Temp <br/>2009-07-30 20:58:14 ----D---- C:\WINDOWS\system32 <br/>2009-07-30 20:58:10 ----D---- C:\WINDOWS\system32\drivers <br/>2009-07-30 20:43:42 ----SD---- C:\Documents and Settings\User\Application Data\Microsoft <br/>2009-07-30 20:43:41 ----D---- C:\WINDOWS <br/>2009-07-30 20:42:57 ----HD---- C:\$AVG8.VAULT$ <br/>2009-07-29 17:03:26 ----D---- C:\Program Files\Mozilla Firefox <br/>2009-07-29 17:00:03 ----RSHDC---- C:\WINDOWS\system32\dllcache <br/>2009-07-29 16:56:45 ----A---- C:\WINDOWS\system.ini <br/>2009-07-29 16:49:15 ----D---- C:\WINDOWS\AppPatch <br/>2009-07-29 16:49:12 ----D---- C:\Program Files\Common Files <br/>2009-07-29 16:46:29 ----D---- C:\WINDOWS\system32\CatRoot2 <br/>2009-07-29 16:45:01 ----RASH---- C:\boot.ini <br/>2009-07-29 16:44:31 ----D---- C:\Program Files\BitComet <br/>2009-07-29 16:07:07 ----D---- C:\Program Files\Internet Explorer <br/>2009-07-29 03:50:16 ----RD---- C:\Program Files <br/>2009-07-29 03:46:10 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP <br/>2009-07-29 03:45:52 ----A---- C:\WINDOWS\win.ini <br/>2009-07-29 03:03:50 ----D---- C:\WINDOWS\system32\CatRoot <br/>2009-07-29 03:03:05 ----HD---- C:\WINDOWS\inf <br/>2009-07-29 03:01:38 ----SHD---- C:\WINDOWS\Installer <br/>2009-07-29 03:01:36 ----D---- C:\WINDOWS\WinSxS <br/>2009-07-29 02:33:08 ----D---- C:\WINDOWS\Help <br/>2009-07-29 02:24:41 ----D---- C:\WINDOWS\pss <br/>2009-07-28 18:50:47 ----D---- C:\WINDOWS\ie7updates <br/>2009-07-28 18:28:09 ----HD---- C:\WINDOWS\$hf_mig$ <br/>2009-07-28 07:19:36 ----A---- C:\WINDOWS\NeroDigital.ini <br/>2009-07-27 23:00:14 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ <br/>2009-07-27 22:23:02 ----D---- C:\Downloads <br/>2009-07-27 22:16:12 ----SD---- C:\WINDOWS\Tasks <br/>2009-07-26 18:04:17 ----D---- C:\Documents and Settings <br/>2009-07-26 16:24:51 ----D---- C:\WINDOWS\Debug <br/>2009-07-26 16:17:42 ----D---- C:\Documents and Settings\All Users\Application Data\AOL <br/>2009-07-19 22:19:31 ----D---- C:\Program Files\Messenger Plus! Live <br/>2009-07-18 00:32:18 ----D---- C:\Documents and Settings\User\Application Data\OpenOffice.org2 <br/>2009-07-13 18:10:58 ----A---- C:\VETlog.txt <br/>2009-07-12 03:53:04 ----A---- C:\WINDOWS\PhotoSnapViewer.INI <br/>2009-07-11 01:02:13 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy <br/>2009-07-11 00:25:35 ----D---- C:\Program Files\Lavasoft <br/>2009-07-11 00:21:53 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft <br/>2009-07-10 13:24:37 ----SD---- C:\WINDOWS\Downloaded Program Files <br/>2009-07-07 16:10:56 ----A---- C:\WINDOWS\system32\MRT.exe <br/> <br/>======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== <br/> <br/>R1 Asapi;Asapi; C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 11264] <br/>R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2002-07-17 16877] <br/>R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] <br/>R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2008-01-27 8552] <br/>R2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2005-04-01 66048] <br/>R2 Nsynas32;Nsynas32; C:\WINDOWS\system32\drivers\Nsynas32.sys [2001-04-09 17784] <br/>R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys [] <br/>R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] <br/>R3 CLEDX;Team H2O CLEDX service; C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-10-23 33792] <br/>R3 COMMONFX.SYS;COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [2007-12-12 98328] <br/>R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2007-12-12 511000] <br/>R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2007-12-12 524824] <br/>R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2007-12-12 14360] <br/>R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2007-12-12 159256] <br/>R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2007-12-12 95768] <br/>R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168] <br/>R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\System32\drivers\ha10kx2k.sys [2007-12-12 802840] <br/>R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] <br/>R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] <br/>R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] <br/>R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392] <br/>R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-02-17 34176] <br/>R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-02-17 13056] <br/>R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2007-12-12 129560] <br/>R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] <br/>R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] <br/>R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] <br/>R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] <br/>R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588] <br/>S3 BRIDGE;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552] <br/>S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552] <br/>S3 catchme;catchme; \??\C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys [] <br/>S3 COMMONFX;COMMONFX; C:\WINDOWS\system32\drivers\COMMONFX.SYS [2007-12-12 98328] <br/>S3 CT20XUT.SYS;CT20XUT.SYS; C:\WINDOWS\System32\drivers\CT20XUT.SYS [2007-12-12 171032] <br/>S3 CT20XUT;CT20XUT; C:\WINDOWS\system32\drivers\CT20XUT.SYS [2007-12-12 171032] <br/>S3 CTAUDFX.SYS;CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [2007-12-12 528920] <br/>S3 CTAUDFX;CTAUDFX; C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2007-12-12 528920] <br/>S3 CTEAPSFX.SYS;CTEAPSFX.SYS; C:\WINDOWS\System32\drivers\CTEAPSFX.SYS [2007-12-12 163352] <br/>S3 CTEAPSFX;CTEAPSFX; C:\WINDOWS\system32\drivers\CTEAPSFX.SYS [2007-12-12 163352] <br/>S3 CTEDSPFX.SYS;CTEDSPFX.SYS; C:\WINDOWS\System32\drivers\CTEDSPFX.SYS [2007-12-12 259096] <br/>S3 CTEDSPFX;CTEDSPFX; C:\WINDOWS\system32\drivers\CTEDSPFX.SYS [2007-12-12 259096] <br/>S3 CTEDSPIO.SYS;CTEDSPIO.SYS; C:\WINDOWS\System32\drivers\CTEDSPIO.SYS [2007-12-12 134168] <br/>S3 CTEDSPIO;CTEDSPIO; C:\WINDOWS\system32\drivers\CTEDSPIO.SYS [2007-12-12 134168] <br/>S3 CTEDSPSY.SYS;CTEDSPSY.SYS; C:\WINDOWS\System32\drivers\CTEDSPSY.SYS [2007-12-12 309784] <br/>S3 CTEDSPSY;CTEDSPSY; C:\WINDOWS\system32\drivers\CTEDSPSY.SYS [2007-12-12 309784] <br/>S3 CTERFXFX.SYS;CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [2007-12-12 99352] <br/>S3 CTERFXFX;CTERFXFX; C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2007-12-12 99352] <br/>S3 CTEXFIFX.SYS;CTEXFIFX.SYS; C:\WINDOWS\System32\drivers\CTEXFIFX.SYS [2007-12-12 1324056] <br/>S3 CTEXFIFX;CTEXFIFX; C:\WINDOWS\system32\drivers\CTEXFIFX.SYS [2007-12-12 1324056] <br/>S3 CTHWIUT.SYS;CTHWIUT.SYS; C:\WINDOWS\System32\drivers\CTHWIUT.SYS [2007-12-12 72728] <br/>S3 CTHWIUT;CTHWIUT; C:\WINDOWS\system32\drivers\CTHWIUT.SYS [2007-12-12 72728] <br/>S3 CTSBLFX.SYS;CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [2007-12-12 534040] <br/>S3 CTSBLFX;CTSBLFX; C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2007-12-12 534040] <br/>S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS [] <br/>S3 Freedom;FREEDOM Miniport; C:\WINDOWS\system32\DRIVERS\FREEDOM.SYS [] <br/>S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2007-12-12 163864] <br/>S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] <br/>S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [] <br/>S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160] <br/>S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2007-11-29 16896] <br/>S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2007-11-29 19328] <br/>S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632] <br/>S3 PPPoEWin;PPPoEWin Miniport; C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS [] <br/>S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 8064] <br/>S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-01-15 30464] <br/>S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] <br/>S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] <br/>S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] <br/>S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] <br/>S3 usbser;Nokia USB Serial Port; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112] <br/>S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 8064] <br/>S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] <br/>S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688] <br/>S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] <br/>S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032] <br/> <br/>======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== <br/> <br/>R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640] <br/>R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716] <br/>R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] <br/>R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] <br/>S3 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664] <br/>S3 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-01-15 110592] <br/>S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] <br/>S3 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376] <br/>S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] <br/>S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] <br/>S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-10 168432] <br/>S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] <br/>S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104] <br/>S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-26 152984] <br/>S3 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-05-15 79400] <br/>S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112] <br/>S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920] <br/>S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] <br/>S3 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2005-08-08 167936] <br/>S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592] <br/>S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] <br/>S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] <br/>S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] <br/>S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] <br/> <br/>-----------------EOF----------------- <br/> <br/> <br/>RSIT Info <br/> <br/> <br/> <br/>info.txt logfile of random's system information tool 1.06 2009-07-30 21:13:43 <br/> <br/>======Uninstall list====== <br/> <br/>-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE <br/>-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL <br/>-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL <br/>-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL <br/>-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL <br/>-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL <br/>-->C:\WINDOWS\UNRecode.exe /UNINSTALL <br/>-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5633D266-6BAE-41CE-987F-0FE5F5F92D64}\setup.exe" -l0x9 <br/>-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf <br/>4oD-->MsiExec.exe /I {8B7443F5-E141-42A0-AB61-ED2331AAD606} <br/>Active@ ISO Burner v 1.1-->"C:\Program Files\LSoft Technologies\Active ISO Burner\UNWISE.EXE" "C:\Program Files\LSoft Technologies\Active ISO Burner\INSTALL.LOG" <br/>AcusticaAudio Nebula3cm-->c:\nebulatemprepository\Uninstall.exe <br/>AcusticaAudio Nebula3Free-->c:\nebulatemprepository\uninstall3free.exe <br/>Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} <br/>Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe <br/>Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe <br/>Adobe Reader 8.1.4-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003} <br/>Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log <br/>AMD Processor Driver-->C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0009 -removeonly <br/>AmpliTube Metal-->C:\Program Files\InstallShield Installation Information\{9EDEF5B1-B740-4DFF-AC16-E2428E1713E8}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly <br/>AnalogX DXMan-->C:\Program Files\AnalogX\DXMan\dxmanu.exe <br/>AnalogX MaxMem-->C:\Program Files\AnalogX\MaxMem\maxmemu.exe <br/>AnalogX SuperShredder-->C:\Program Files\AnalogX\SuperShredder\shredu.exe <br/>AnalogX Vocal Remover-->C:\Program Files\AnalogX\VocalRemover\vremu.exe <br/>Antares Auto Tune TDM 4.3.10.0-->C:\PROGRA~1\ANTARE~1\AUTO-T~3\AIRLOG~1\AT4TDM~1\UNWISE.EXE C:\PROGRA~1\ANTARE~1\AUTO-T~3\AIRLOG~1\AT4TDM~1\INSTALL.LOG <br/>Antares Autotune VST RTAS TDM v5.08-->"C:\Program Files\Antares Audio Technologies\unins000.exe" <br/>Antares Autotune VST v5.09-->"C:\Program Files\Antares Audio Technologies\Uninstall\unins000.exe" <br/>Antares Harmony Engine VST RTAS v1.0-->"C:\Program Files\Antares Audio Technologies\unins001.exe" <br/>AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe <br/>Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543} <br/>Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F} <br/>ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9 <br/>ASAPI Update-->C:\WINDOWS\system32\IWUNIN~1.EXE -uninstall C:\WINDOWS\ISUNINST.EXE -fC:\PROGRA~1\VOB\ASAPIU~1\ASAPI.isu <br/>ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe <br/>Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe" <br/>Blue Cat's FreqAnalyst CM - DX-->MsiExec.exe /I{5894FAF1-125E-44BE-A622-002D335BFC49} <br/>Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3} <br/>BTR Design Rockster Plus Mastering Processor v1.19-->"C:\Program Files\BornToRock\Uninstall\unins000.exe" <br/>Canon MP Navigator 2.0-->"C:\Program Files\Canon\MP Navigator 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 2.0\uninst.ini <br/>Canon MP170-->"C:\WINDOWS\system32\CanonMP Uninstaller Information\{91175441-4E5D-4e13-B116-828FD352CDB2}\DelDrv.exe" /U:{91175441-4E5D-4e13-B116-828FD352CDB2} /L0x0009 <br/>Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini <br/>CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" <br/>Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} <br/>Cubasis VST 4-->C:\PROGRA~1\STEINB~1\CUBASI~1\UNINST~1.EXE C:\PROGRA~1\STEINB~1\CUBASI~1\INSTALL.LOG <br/>Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu" <br/>Eazy VCD 1.15a-->C:\PROGRA~1\EAZYVC~1\UNWISE.EXE C:\PROGRA~1\EAZYVC~1\INSTALL.LOG <br/>E-MU Audio Drivers-->"C:\Program Files\Creative Professional\Drivers\DrvInst\Setup.exe" /remove <br/>E-muPatchMix DSP-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5633D266-6BAE-41CE-987F-0FE5F5F92D64}\setup.exe" -l0x9 /remove <br/>FrostWire 4.13.4-->C:\Program Files\FrostWire\Uninstall.exe <br/>GIMP 2.6.6-->"C:\Program Files\GIMP-2.0\setup\unins000.exe" <br/>Glitch One MB VSTi Version 1.0b-->"C:\Program Files\Steinberg\Vstplugins\DashSignature.com\Glitch One MB\unins000.exe" <br/>HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall <br/>Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" <br/>Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" <br/>Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" <br/>Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" <br/>iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B} <br/>iZotope Ozone 3-->"C:\Program Files\iZotope\Ozone 3\unins000.exe" <br/>Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF} <br/>JMB36X Raid Configurer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly <br/>KeyToSound - Dynamic EQ 1.0 r4-->"C:\Program Files\KeyToSound\Dynamic EQ\unins000.exe" <br/>Kjaerhus Audio - Golden Compressor | GCO-1 v1.12-->"C:\Program Files\Kjaerhus Audio\GCO-1\unins000.exe" <br/>Kjaerhus Audio Golden Compressor GCO-1 v1.12 VST-->C:\PROGRA~1\STEINB~1\VSTPLU~1\GCO-1\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\GCO-1\INSTALL.LOG <br/>Kjaerhus Audio Golden Uni-Pressor GUP-1 v1.02 VST-->C:\PROGRA~1\STEINB~1\GUP-1\UNWISE.EXE C:\PROGRA~1\STEINB~1\GUP-1\INSTALL.LOG <br/>Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe <br/>Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" <br/>MeldaProduction MDrummer 2 Small CM-->C:/Program Files/MeldaProduction MDrummer 2 Small/setup.exe <br/>Messenger Plus! Live & Sponsor (CiD)-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe" <br/>Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} <br/>Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} <br/>Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe <br/>Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} <br/>Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" <br/>Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" <br/>Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" <br/>Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9} <br/>Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} <br/>Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} <br/>Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} <br/>Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8} <br/>Mozilla Firefox (3.0.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe <br/>Mrs Cash Back 1.0-->"C:\Program Files\Mrs Cash Back\1.0\unins000.exe" <br/>MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27} <br/>MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} <br/>MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} <br/>MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96} <br/>Native Instruments - Rig Kontrol 3 Driver-->C:\Program Files\Native Instruments\Rig Kontrol 3 Driver\uninst.exe Software\Native Instruments\Rig Kontrol 3 Driver\Setup <br/>Native Instruments Guitar Rig 3-->C:\PROGRA~1\NATIVE~1\GUITAR~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\GUITAR~1\INSTALL.LOG <br/>Native Instruments Service Center-->C:\PROGRA~1\NATIVE~1\SERVIC~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\SERVIC~1\INSTALL.LOG <br/>nebula3 CM-->MsiExec.exe /I{5354D5F2-342D-43DD-A361-B65BF7AABE1D} <br/>Nero 7 Essentials-->MsiExec.exe /X{1DED92A7-05FA-4736-8AEA-1BE2363F1033} <br/>neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} <br/>Nokia Connectivity Cable Driver-->MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1} <br/>Nokia Flashing Cable Driver-->MsiExec.exe /X{A4E0CA0F-1903-440A-9B98-FEA6CB049999} <br/>Nokia Multimedia Factory-->"C:\Documents and Settings\All Users\Application Data\Installations\{4CFB3821-1582-4f3b-BF8D-30986923B36B}\Nokia_Multimedia_Factory_2_0.exe" /MAINTENANCE /SILENT="SWLPCER" /LANG="2057" /MSI_COMMON_OPTIONS="PCSLANG= MMFLANG=eng" <br/>Nokia Multimedia Factory-->MsiExec.exe /I{4CFB3821-1582-4F3B-BF8D-30986923B36B} <br/>Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{0FC76B71-2534-4354-B255-3468578E3F47}\Nokia_PC_Suite_rel_6_86_9_0_eng.exe <br/>Nokia PC Suite-->MsiExec.exe /I{0FC76B71-2534-4354-B255-3468578E3F47} <br/>Nokia Software Updater-->MsiExec.exe /X{2B06E7FD-C5A1-403E-B387-A8D4AA858F48} <br/>NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI <br/>OmniPage SE 2.0-->MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7} <br/>OpenOffice.org 2.0-->MsiExec.exe /I{75852F49-2CAF-443F-B7C2-53DE5847DE56} <br/>Opera 9.64-->MsiExec.exe /X{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0} <br/>PC Connectivity Solution-->MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930} <br/>PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall <br/>PSP MP4 Converter 1.36-->"C:\Program Files\ApecSoft\ApecSoft PSP MP4 Converter\unins000.exe" <br/>PSP StereoPack-->"C:\WINDOWS\PSP StereoPack\uninstall.exe" "/U:C:\Program Files\PSP StereoPack 1.8\Uninstall\uninstall.xml" <br/>QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD} <br/>RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0 <br/>Reason 4.0-->"C:\Program Files\Propellerhead\Reason\Uninstall Reason\unins000.exe" <br/>Safari-->MsiExec.exe /I{40589552-3892-409E-B92C-9F5032A4B2F0} <br/>Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" <br/>SSL LMC-1 v1.0-->C:\Program Files\Steinberg\Vstplugins\Solid State Logic\Remove LMC-1.exe <br/>SSL X-ISM v1.1-->C:\Program Files\Steinberg\Vstplugins\Solid State Logic\Remove X-ISM.exe <br/>Steinberg Cubase SX v3.1.1.944-->C:\PROGRA~1\STEINB~1\CUBASE~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\CUBASE~1\INSTALL.LOG <br/>Steinberg Virtual Bassist 1.0.0-->"C:\Program Files\Steinberg\Vstplugins\Virtual Bassist\unins000.exe" <br/>Steinberg Virtual Bassist v1.0.0.504-->C:\PROGRA~1\STEINB~1\VSTPLU~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\VSTPLU~1\VIRTUA~1\INSTALL.LOG <br/>Steinberg WaveLab 5.01b-->C:\PROGRA~1\STEINB~1\WaveLab\UNWISE.EXE C:\PROGRA~1\STEINB~1\WaveLab\INSTALL.LOG <br/>SUPER © Version 2009.bld.35 (Jan 5, 2009)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0 <br/>SyncroSoft Emu (Remove only)-->C:\Program Files\SyncroSoft\Pos\H2O\Uninst.exe <br/>Syncrosoft's License Control-->C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG <br/>Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" <br/>Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" <br/>Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" <br/>Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u <br/>WG111v2 Configuration Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0F252A6-DE85-4E93-A93B-DFC3537B3965}\install.exe" -l0x9 REMOVE -removeonly <br/>Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf <br/>Windows Driver Package - Nokia Modem (03/05/2008 3.7)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_635B28EFCFA9395123BB1C251595CB16129E2560\nokia_bluetooth.inf <br/>Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_28F2EAC406838DA65AFF6C6886FE9FE96AEF5186\nokbtmdm.inf <br/>Windows Driver Package - Nokia Modem (08/03/2007 3.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_05A76228EE0EF20D8B64523AD40E95C8F09D6988\pccs_bluetooth.inf <br/>Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_1EB5F2E6F54A6BEDE9F436D1BA5D830FC71739BE\nokbtmdm.inf <br/>Windows Driver Package - Nokia Modem (10/12/2007 3.6)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_0A5D98F754C6588B2E3DDE89DDEF097075ADFFB7\nokia_bluetooth.inf <br/>Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf <br/>Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320} <br/>Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7} <br/>Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0} <br/>Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C} <br/>Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00} <br/>Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" <br/>Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll <br/>Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall <br/>Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" <br/>Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" <br/>WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe <br/>Wusikstation CM VSTi V1.1.062-->"C:\Program Files\Steinberg\Vstplugins\Wusik.com\Wusikstation CM V1\unins000.exe" <br/>Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe" <br/>Yahoo! ¤u¨ã¦C-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE <br/>Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S <br/>Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL <br/>Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll <br/>Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG <br/> <br/>=====HijackThis Backups===== <br/> <br/>O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-07-29] <br/>O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE [2009-07-29] <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [2009-07-29] <br/>O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [2009-07-29] <br/>O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) [2009-07-30] <br/> <br/>======System event log====== <br/> <br/>Computer Name: USER-CF7CB10869 <br/>Event Code: 1003 <br/>Message: Your computer was not able to renew its address from the network (from the <br/>DHCP Server) for the Network Card with network address 001D605B12BE. The following <br/>error occurred: <br/>The semaphore timeout period has expired. <br/>. <br/>Your computer will continue to try and obtain an address on its own from <br/>the network address (DHCP) server. <br/> <br/>Record Number: 8713 <br/>Source Name: Dhcp <br/>Time Written: 20090626232418.000000+060 <br/>Event Type: warning <br/>User: <br/> <br/>Computer Name: USER-CF7CB10869 <br/>Event Code: 1003 <br/>Message: Your computer was not able to renew its address from the network (from the <br/>DHCP Server) for the Network Card with network address 001D605B12BE. The following <br/>error occurred: <br/>The operation was canceled by the user. <br/>. <br/>Your computer will continue to try and obtain an address on its own from <br/>the network address (DHCP) server. <br/> <br/>Record Number: 8712 <br/>Source Name: Dhcp <br/>Time Written: 20090626232351.000000+060 <br/>Event Type: warning <br/>User: <br/> <br/>Computer Name: USER-CF7CB10869 <br/>Event Code: 4226 <br/>Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. <br/> <br/>Record Number: 8704 <br/>Source Name: Tcpip <br/>Time Written: 20090626204502.000000+060 <br/>Event Type: warning <br/>User: <br/> <br/>Computer Name: USER-CF7CB10869 <br/>Event Code: 20106 <br/>Message: Unable to add the interface {A6E0ED49-CF1D-440C-B704-86E3ADEBF626} with the Router Manager for the IP protocol. The <br/>following error occurred: Cannot complete this function. <br/> <br/> <br/>Record Number: 8694 <br/>Source Name: RemoteAccess <br/>Time Written: 20090626113622.000000+060 <br/>Event Type: error <br/>User: <br/> <br/>Computer Name: USER-CF7CB10869 <br/>Event Code: 20106 <br/>Message: Unable to add the interface {5FC66DBC-7380-4EAE-A568-F0CF11DD90C3} with the Router Manager for the IP protocol. The <br/>following error occurred: Cannot complete this function. <br/> <br/> <br/>Record Number: 8693 <br/>Source Name: RemoteAccess <br/>Time Written: 20090626113622.000000+060 <br/>Event Type: error <br/>User: <br/> <br/>=====Application event log===== <br/> <br/>Computer Name: USER-CF7CB10869 <br/>Event Code: 1002 <br/>Message: Hanging application Cubasesx3.exe, version 3.1.1.944, hang module hungapp, version 0.0.0.0, hang address 0x00000000. <br/> <br/>Record Number: 11203 <br/>Source Name: Application Hang <br/>Time Written: 20090501212822.000000+060 <br/>Event Type: error <br/>User: <br/> <br/>Computer Name: USER-CF7CB10869 <br/>Event Code: 12001 <br/>Message: The Messenger Sharing USN Journal Reader service started successfully. <br/> <br/>Record Number: 11194 <br/>Source Name: usnjsvc <br/>Time Written: 20090501160244.000000+060 <br/>Event Type: <br/>User: <br/> <br/>Computer Name: USER-CF7CB10869 <br/>Event Code: 12001 <br/>Message: The Messenger Sharing USN Journal Reader service started successfully. <br/> <br/>Record Number: 11175 <br/>Source Name: usnjsvc <br/>Time Written: 20090430162158.000000+060 <br/>Event Type: <br/>User: <br/> <br/>Computer Name: USER-CF7CB10869 <br/>Event Code: 12001 <br/>Message: The Messenger Sharing USN Journal Reader service started successfully. <br/> <br/>Record Number: 11163 <br/>Source Name: usnjsvc <br/>Time Written: 20090429154411.000000+060 <br/>Event Type: <br/>User: <br/> <br/>Computer Name: USER-CF7CB10869 <br/>Event Code: 1517 <br/>Message: Windows saved user USER-CF7CB10869\User registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. <br/> <br/> <br/>This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. <br/> <br/>Record Number: 11160 <br/>Source Name: Userenv <br/>Time Written: 20090428223132.000000+060 <br/>Event Type: warning <br/>User: NT AUTHORITY\SYSTEM <br/> <br/>======Environment variables====== <br/> <br/>"ComSpec"=%SystemRoot%\system32\cmd.exe <br/>"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC Connectivity Solution;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\iZotope\Runtimes <br/>"windir"=%SystemRoot% <br/>"FP_NO_HOST_CHECK"=NO <br/>"OS"=Windows_NT <br/>"PROCESSOR_ARCHITECTURE"=x86 <br/>"PROCESSOR_LEVEL"=6 <br/>"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel <br/>"PROCESSOR_REVISION"=0f0d <br/>"NUMBER_OF_PROCESSORS"=2 <br/>"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH <br/>"TEMP"=%SystemRoot%\TEMP <br/>"TMP"=%SystemRoot%\TEMP <br/>"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip <br/>"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip <br/> <br/>-----------------EOF----------------- <br/> <br/> <br/> <br/>GMER LOG <br/> <br/> <br/>GMER 1.0.15.15011 [qonfcduy.exe] - http://www.gmer.net <br/>Rootkit scan 2009-07-30 23:07:31 <br/>Windows 5.1.2600 Service Pack 3 <br/> <br/> <br/>---- User IAT/EAT - GMER 1.0.15 ---- <br/> <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\crypt32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\crypt32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\crypt32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\crypt32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/>IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1472] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) <br/> <br/>---- EOF - GMER 1.0.15 ----
Posted 7/31/2009 1:08 AM
#75582
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
The Gmer log shows normal AOL functions. I see you have run ComboFix and Malwarebytes, so I am coming aboard here without knowing the benefits of what changes they may have made. But the logs do show good 'ol Messenger Plus, and it's not-so good 'ol Lop adware, which it calls it's "Sponsor". Both are owned by Circle Media so just some trickery on their part. After the Messenger Plus install the adware waits 36 hours before going active. This way the user does not suspect Messenger Plus as the infection source. <br/> <br/> <br/>Go to Start – Settings – Control Panel. Click on Add/Remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on Remove. Then close the Control Panel. <br/> <br/>Messenger Plus! Live & Sponsor (CiD) <br/> <br/>-------------------- <br/> <br/>Open and update Malwarebytes. <br/> <br/> * If an update is found, it will download and install the latest version. <br/> * Once the program has loaded, select "Perform quick scan", then click Scan. <br/> * The scan may take some time to finish,so please be patient. <br/> * When the scan is complete, click OK, then Show Results to view the results. <br/> * Make sure that everything is checked, and click Remove Selected. <br/> * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. <br/> * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. <br/> * Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then. <br/> <br/>------- <br/> <br/>Disable your antivirus program and go here and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan, or download the installer to run it in a different browser). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. Next, check the following boxes: <br/> <br/>Remove found threats <br/>Scan unwanted applications <br/> <br/>Click Start. This scan may take a while, so please be patient. A log may open when the scan is complete (if not, go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt). Click Edit - Select All then copy/paste that log back here please. <br/> <br/> <br/>If you have any problems getting Eset started, one work-around is to have an open Internet connection, and then click [URL="http://download.eset.com/special/eos/esetsmartinstaller_enu.exe"]here[/URL] and download the esetsmartinstaller_enu.exe Eset installer. Then click that file, and follow the same previous steps to run the scan. <br/> <br/> <br/>Run a new RSIT scan and post that main log along with the Eset log and the Malwarebytes log please.
Posted 7/31/2009 1:11 PM
#75594
User avatar

LordBTY Advanced member

Date Joined Nov 2016
Total Posts: 35
I can't access the internet on the infected pc. I'm using a laptop atm. So far, I've been transferring installiation files via a USB stick. <br/> <br/>I had, before, gone into msconfig and disabled startup processes, thus stopping the dreaded iexplore.exe from running. I've enabled them again. <br/> <br/>Here are the results (minus Eset) <br/> <br/>---- <br/> <br/>Malwarebytes' Anti-Malware 1.39 <br/>Database version: 2524 <br/>Windows 5.1.2600 Service Pack 3 <br/> <br/>31/07/2009 13:41:40 <br/>mbam-log-2009-07-31 (13-41-40).txt <br/> <br/>Scan type: Quick Scan <br/>Objects scanned: 106810 <br/>Time elapsed: 2 minute(s), 54 second(s) <br/> <br/>Memory Processes Infected: 0 <br/>Memory Modules Infected: 0 <br/>Registry Keys Infected: 0 <br/>Registry Values Infected: 0 <br/>Registry Data Items Infected: 0 <br/>Folders Infected: 0 <br/>Files Infected: 0 <br/> <br/>Memory Processes Infected: <br/>(No malicious items detected) <br/> <br/>Memory Modules Infected: <br/>(No malicious items detected) <br/> <br/>Registry Keys Infected: <br/>(No malicious items detected) <br/> <br/>Registry Values Infected: <br/>(No malicious items detected) <br/> <br/>Registry Data Items Infected: <br/>(No malicious items detected) <br/> <br/>Folders Infected: <br/>(No malicious items detected) <br/> <br/>Files Infected: <br/>(No malicious items detected) <br/> <br/>---- <br/> <br/>Logfile of random's system information tool 1.06 (written by random/random) <br/>Run by User at 2009-07-31 14:01:58 <br/>Microsoft Windows XP Home Edition Service Pack 3 <br/>System drive C: has 87 GB (37%) free of 238 GB <br/>Total RAM: 1022 MB (55% free) <br/> <br/>Logfile of Trend Micro HijackThis v2.0.2 <br/>Scan saved at 14:01:59, on 31/07/2009 <br/>Platform: Windows XP SP3 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v7.00 SP3 (7.00.6000.16850) <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\spoolsv.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe <br/>C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe <br/>C:\Program Files\Common Files\AOL\1241988343\ee\AOLSoftware.exe <br/>C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe <br/>C:\WINDOWS\system32\CTHELPER.EXE <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe <br/>C:\Program Files\Windows Live\Messenger\msnmsgr.exe <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\Program Files\Internet Explorer\iexplore.exe <br/>C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe <br/>C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe <br/>C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPMixDSP.exe <br/>C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe <br/>C:\WINDOWS\system32\nvsvc32.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\Program Files\PC Connectivity Solution\ServiceLayer.exe <br/>C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe <br/>C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe <br/>C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe <br/>C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe <br/>C:\WINDOWS\system32\NOTEPAD.EXE <br/>C:\Documents and Settings\User\Desktop\RSIT.exe <br/>C:\Program Files\Trend Micro\HijackThis\User.exe <br/> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 <br/>O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll <br/>O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll <br/>O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll <br/>O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll <br/>O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) <br/>O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll <br/>O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll <br/>O2 - BHO: (no name) - {D8AF8CAD-BCDC-4FDD-9D4C-9DE8C63EC4B3} - C:\PROGRA~1\MRSCAS~1\1.0\MRSCAS~1.DLL <br/>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll <br/>O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll <br/>O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll <br/>O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll <br/>O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) <br/>O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup <br/>O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u <br/>O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" <br/>O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot <br/>O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/>O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" <br/>O4 - HKLM\..\Run: [nwiz] nwiz.exe /install <br/>O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" <br/>O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot <br/>O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1241988343\ee\AOLSoftware.exe <br/>O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe <br/>O4 - HKLM\..\Run: [dog about manager team] C:\Documents and Settings\All Users\Application Data\Drv Audio Dog About\Camp Ball.exe <br/>O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE <br/>O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe <br/>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe <br/>O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe <br/>O4 - HKCU\..\Run: [ref list] C:\DOCUME~1\User\APPLIC~1\ERRORP~1\Less Admin.exe <br/>O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray <br/>O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background <br/>O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden <br/>O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" <br/>O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM') <br/>O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user') <br/>O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ? <br/>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll <br/>O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll <br/>O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll <br/>O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll <br/>O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab <br/>O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 <br/>O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll <br/>O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab <br/>O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab <br/>O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238448251250 <br/>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab <br/>O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab <br/>O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe <br/>O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe <br/>O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe <br/>O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe <br/>O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <br/>O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe <br/>O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe <br/>O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe <br/>O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe <br/>O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe <br/>O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe <br/>O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe <br/>O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe <br/> <br/>-- <br/>End of file - 9839 bytes <br/> <br/>======Scheduled tasks folder====== <br/> <br/>C:\WINDOWS\tasks\AppleSoftwareUpdate.job <br/> <br/>======Registry dump====== <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] <br/>&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] <br/>Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}] <br/>Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] <br/>SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-05-26 320920] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] <br/>Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] <br/>Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-11-10 657904] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D8AF8CAD-BCDC-4FDD-9D4C-9DE8C63EC4B3}] <br/>C:\PROGRA~1\MRSCAS~1\1.0\MRSCAS~1.DLL [2006-05-23 549888] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] <br/>Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-26 35840] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] <br/>JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-26 73728] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] <br/>{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504] <br/>{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! ¤u¨ã¦C - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936] <br/>{CCC7A320-B3CA-4199-B1A6-9F516DD69829} <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <br/>"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776] <br/>"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u [] <br/>"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [] <br/>"TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe /boot [] <br/>"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-12-07 30208] <br/>"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696] <br/>"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152] <br/>"nwiz"=nwiz.exe /install [] <br/>"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-05-18 49152] <br/>"JMB36X Configure"=C:\WINDOWS\system32\JMRaidTool.exe [2006-08-14 352256] <br/>"HostManager"=C:\Program Files\Common Files\AOL\1241988343\ee\AOLSoftware.exe [2006-11-14 50736] <br/>"H2O"=C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-10-23 385024] <br/>"dog about manager team"=C:\Documents and Settings\All Users\Application Data\Drv Audio Dog About\Camp Ball.exe [2009-07-31 757760] <br/>"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2007-12-12 23040] <br/>"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [] <br/> <br/>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <br/>"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] <br/>"SetDefaultMIDI"=C:\WINDOWS\system32\MIDIDef.exe [2007-12-12 31232] <br/>"ref list"=C:\DOCUME~1\User\APPLIC~1\ERRORP~1\Less Admin.exe [2009-07-27 503808] <br/>"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [2008-03-28 1079296] <br/>"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184] <br/>"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-05-15 484904] <br/>"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-01 153136] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] <br/>"vsmon"=2 <br/> <br/>C:\Documents and Settings\All Users\Start Menu\Programs\Startup <br/>WG111v2 Smart Wizard Wireless Setting.lnk - C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <br/>WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] <br/>"dontdisplaylastusername"=0 <br/>"legalnoticecaption"= <br/>"legalnoticetext"= <br/>"shutdownwithoutlogon"=1 <br/>"undockwithoutlogon"=1 <br/> <br/>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] <br/>"NoDriveTypeAutoRun"=323 <br/>"NoDriveAutoRun"=67108863 <br/>"NoDrives"=0 <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] <br/>"HonorAutoRunSetting"= <br/>"NoDriveAutoRun"= <br/>"NoDriveTypeAutoRun"= <br/>"NoDrives"= <br/> <br/>[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] <br/>"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" <br/>"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard" <br/>"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL" <br/>"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL" <br/>"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" <br/>"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire" <br/>"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" <br/>"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" <br/>"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server" <br/>"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" <br/>"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console" <br/>"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" <br/>"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" <br/>"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" <br/>"C:\Program Files\AOL 9.0 VR\waol.exe"="C:\Program Files\AOL 9.0 VR\waol.exe:*:Enabled:AOL" <br/>"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed" <br/>"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader" <br/>"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information" <br/>"C:\Program Files\AOL 9.0 VR\aol.exe"="C:\Program Files\AOL 9.0 VR\aol.exe:*:Enabled:AOL 9.0 VR" <br/>"C:\Program Files\AOL 9.0 VR\AOLphx.exe"="C:\Program Files\AOL 9.0 VR\AOLphx.exe:*:Enabled:AOLphx.exe" <br/>"C:\Program Files\AOL 9.0 VR\AOLphxex.exe"="C:\Program Files\AOL 9.0 VR\AOLphxex.exe:*:Enabled:AOLphxex.exe" <br/>"C:\Program Files\AOL 9.0 VR\shellrestart.exe"="C:\Program Files\AOL 9.0 VR\shellrestart.exe:*:Enabled:shellrestart.exe" <br/>"C:\Program Files\AOL 9.0 VR\shellmon.exe"="C:\Program Files\AOL 9.0 VR\shellmon.exe:*:Enabled:shellmon.exe" <br/>"C:\Program Files\Common Files\AOL\1241988343\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1241988343\ee\aolsoftware.exe:*:Enabled:AOL Shared Components" <br/>"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer" <br/> <br/>[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] <br/>"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" <br/>"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL" <br/>"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL" <br/>"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" <br/>"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL" <br/>"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" <br/>"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" <br/>"C:\Program Files\AOL 9.0a\waol.exe"="C:\Program Files\AOL 9.0a\waol.exe:*:Enabled:AOL" <br/> <br/>======List of files/folders created in the last 1 months====== <br/> <br/>2009-07-30 21:13:30 ----D---- C:\rsit <br/>2009-07-30 21:07:06 ----SHD---- C:\RECYCLER <br/>2009-07-29 17:01:58 ----A---- C:\ComboFix.txt <br/>2009-07-29 16:45:01 ----A---- C:\Boot.bak <br/>2009-07-29 16:44:57 ----RASHD---- C:\cmdcons <br/>2009-07-29 16:40:11 ----A---- C:\WINDOWS\zip.exe <br/>2009-07-29 16:40:11 ----A---- C:\WINDOWS\SWXCACLS.exe <br/>2009-07-29 16:40:11 ----A---- C:\WINDOWS\SWSC.exe <br/>2009-07-29 16:40:11 ----A---- C:\WINDOWS\SWREG.exe <br/>2009-07-29 16:40:11 ----A---- C:\WINDOWS\sed.exe <br/>2009-07-29 16:40:11 ----A---- C:\WINDOWS\PEV.exe <br/>2009-07-29 16:40:11 ----A---- C:\WINDOWS\NIRCMD.exe <br/>2009-07-29 16:40:11 ----A---- C:\WINDOWS\grep.exe <br/>2009-07-29 16:40:06 ----D---- C:\WINDOWS\ERDNT <br/>2009-07-29 16:39:08 ----D---- C:\Qoobox <br/>2009-07-29 16:38:41 ----HD---- C:\WINDOWS\PIF <br/>2009-07-29 03:12:30 ----D---- C:\Program Files\Trend Micro <br/>2009-07-29 03:09:35 ----D---- C:\Documents and Settings\User\Application Data\Malwarebytes <br/>2009-07-29 03:09:20 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes <br/>2009-07-29 03:09:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware <br/>2009-07-27 22:17:55 ----D---- C:\Program Files\Error pure <br/>2009-07-27 22:08:22 ----A---- C:\WINDOWS\SchedLgU.Txt <br/>2009-07-19 22:25:31 ----D---- C:\Documents and Settings\All Users\Application Data\Drv Audio Dog About <br/>2009-07-19 22:24:17 ----D---- C:\Documents and Settings\User\Application Data\Error pure <br/>2009-07-16 12:38:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$ <br/>2009-07-16 12:38:14 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$ <br/>2009-07-16 12:33:45 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$ <br/>2009-07-11 00:25:15 ----D---- C:\Program Files\Common Files\Wise Installation Wizard <br/> <br/>======List of files/folders modified in the last 1 months====== <br/> <br/>2009-07-31 14:01:44 ----D---- C:\WINDOWS\Prefetch <br/>2009-07-31 13:54:37 ----D---- C:\WINDOWS <br/>2009-07-31 13:54:36 ----D---- C:\WINDOWS\Temp <br/>2009-07-31 13:53:53 ----D---- C:\Program Files\Mozilla Firefox <br/>2009-07-31 13:47:57 ----RASH---- C:\boot.ini <br/>2009-07-31 13:47:57 ----A---- C:\WINDOWS\win.ini <br/>2009-07-31 13:47:57 ----A---- C:\WINDOWS\system.ini <br/>2009-07-31 13:47:56 ----D---- C:\WINDOWS\pss <br/>2009-07-31 13:46:24 ----RD---- C:\Program Files <br/>2009-07-30 20:58:14 ----D---- C:\WINDOWS\system32 <br/>2009-07-30 20:58:10 ----D---- C:\WINDOWS\system32\drivers <br/>2009-07-30 20:43:42 ----SD---- C:\Documents and Settings\User\Application Data\Microsoft <br/>2009-07-30 20:42:57 ----HD---- C:\$AVG8.VAULT$ <br/>2009-07-29 17:00:03 ----RSHDC---- C:\WINDOWS\system32\dllcache <br/>2009-07-29 16:49:15 ----D---- C:\WINDOWS\AppPatch <br/>2009-07-29 16:49:12 ----D---- C:\Program Files\Common Files <br/>2009-07-29 16:46:29 ----D---- C:\WINDOWS\system32\CatRoot2 <br/>2009-07-29 16:44:31 ----D---- C:\Program Files\BitComet <br/>2009-07-29 16:07:07 ----D---- C:\Program Files\Internet Explorer <br/>2009-07-29 03:46:10 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP <br/>2009-07-29 03:03:50 ----D---- C:\WINDOWS\system32\CatRoot <br/>2009-07-29 03:03:05 ----HD---- C:\WINDOWS\inf <br/>2009-07-29 03:01:38 ----SHD---- C:\WINDOWS\Installer <br/>2009-07-29 03:01:36 ----D---- C:\WINDOWS\WinSxS <br/>2009-07-29 02:33:08 ----D---- C:\WINDOWS\Help <br/>2009-07-28 18:50:47 ----D---- C:\WINDOWS\ie7updates <br/>2009-07-28 18:28:09 ----HD---- C:\WINDOWS\$hf_mig$ <br/>2009-07-28 07:19:36 ----A---- C:\WINDOWS\NeroDigital.ini <br/>2009-07-27 23:00:14 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ <br/>2009-07-27 22:23:02 ----D---- C:\Downloads <br/>2009-07-27 22:16:12 ----SD---- C:\WINDOWS\Tasks <br/>2009-07-26 18:04:17 ----D---- C:\Documents and Settings <br/>2009-07-26 16:24:51 ----D---- C:\WINDOWS\Debug <br/>2009-07-26 16:17:42 ----D---- C:\Documents and Settings\All Users\Application Data\AOL <br/>2009-07-18 00:32:18 ----D---- C:\Documents and Settings\User\Application Data\OpenOffice.org2 <br/>2009-07-13 18:10:58 ----A---- C:\VETlog.txt <br/>2009-07-12 03:53:04 ----A---- C:\WINDOWS\PhotoSnapViewer.INI <br/>2009-07-11 01:02:13 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy <br/>2009-07-11 00:25:35 ----D---- C:\Program Files\Lavasoft <br/>2009-07-11 00:21:53 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft <br/>2009-07-10 13:24:37 ----SD---- C:\WINDOWS\Downloaded Program Files <br/>2009-07-07 16:10:56 ----A---- C:\WINDOWS\system32\MRT.exe <br/> <br/>======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== <br/> <br/>R1 Asapi;Asapi; C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 11264] <br/>R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2002-07-17 16877] <br/>R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] <br/>R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2008-01-27 8552] <br/>R2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2005-04-01 66048] <br/>R2 Nsynas32;Nsynas32; C:\WINDOWS\system32\drivers\Nsynas32.sys [2001-04-09 17784] <br/>R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys [] <br/>R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] <br/>R3 CLEDX;Team H2O CLEDX service; C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-10-23 33792] <br/>R3 COMMONFX.SYS;COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [2007-12-12 98328] <br/>R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2007-12-12 511000] <br/>R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2007-12-12 524824] <br/>R3 CTEDSPIO.SYS;CTEDSPIO.SYS; C:\WINDOWS\System32\drivers\CTEDSPIO.SYS [2007-12-12 134168] <br/>R3 CTEDSPSY.SYS;CTEDSPSY.SYS; C:\WINDOWS\System32\drivers\CTEDSPSY.SYS [2007-12-12 309784] <br/>R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2007-12-12 14360] <br/>R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2007-12-12 159256] <br/>R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2007-12-12 95768] <br/>R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168] <br/>R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\System32\drivers\ha10kx2k.sys [2007-12-12 802840] <br/>R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] <br/>R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] <br/>R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] <br/>R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392] <br/>R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-02-17 34176] <br/>R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-02-17 13056] <br/>R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2007-12-12 129560] <br/>R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] <br/>R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] <br/>R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] <br/>R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] <br/>R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588] <br/>S3 BRIDGE;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552] <br/>S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552] <br/>S3 catchme;catchme; \??\C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys [] <br/>S3 COMMONFX;COMMONFX; C:\WINDOWS\system32\drivers\COMMONFX.SYS [2007-12-12 98328] <br/>S3 CT20XUT.SYS;CT20XUT.SYS; C:\WINDOWS\System32\drivers\CT20XUT.SYS [2007-12-12 171032] <br/>S3 CT20XUT;CT20XUT; C:\WINDOWS\system32\drivers\CT20XUT.SYS [2007-12-12 171032] <br/>S3 CTAUDFX.SYS;CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [2007-12-12 528920] <br/>S3 CTAUDFX;CTAUDFX; C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2007-12-12 528920] <br/>S3 CTEAPSFX.SYS;CTEAPSFX.SYS; C:\WINDOWS\System32\drivers\CTEAPSFX.SYS [2007-12-12 163352] <br/>S3 CTEAPSFX;CTEAPSFX; C:\WINDOWS\system32\drivers\CTEAPSFX.SYS [2007-12-12 163352] <br/>S3 CTEDSPFX.SYS;CTEDSPFX.SYS; C:\WINDOWS\System32\drivers\CTEDSPFX.SYS [2007-12-12 259096] <br/>S3 CTEDSPFX;CTEDSPFX; C:\WINDOWS\system32\drivers\CTEDSPFX.SYS [2007-12-12 259096] <br/>S3 CTEDSPIO;CTEDSPIO; C:\WINDOWS\system32\drivers\CTEDSPIO.SYS [2007-12-12 134168] <br/>S3 CTEDSPSY;CTEDSPSY; C:\WINDOWS\system32\drivers\CTEDSPSY.SYS [2007-12-12 309784] <br/>S3 CTERFXFX.SYS;CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [2007-12-12 99352] <br/>S3 CTERFXFX;CTERFXFX; C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2007-12-12 99352] <br/>S3 CTEXFIFX.SYS;CTEXFIFX.SYS; C:\WINDOWS\System32\drivers\CTEXFIFX.SYS [2007-12-12 1324056] <br/>S3 CTEXFIFX;CTEXFIFX; C:\WINDOWS\system32\drivers\CTEXFIFX.SYS [2007-12-12 1324056] <br/>S3 CTHWIUT.SYS;CTHWIUT.SYS; C:\WINDOWS\System32\drivers\CTHWIUT.SYS [2007-12-12 72728] <br/>S3 CTHWIUT;CTHWIUT; C:\WINDOWS\system32\drivers\CTHWIUT.SYS [2007-12-12 72728] <br/>S3 CTSBLFX.SYS;CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [2007-12-12 534040] <br/>S3 CTSBLFX;CTSBLFX; C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2007-12-12 534040] <br/>S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS [] <br/>S3 Freedom;FREEDOM Miniport; C:\WINDOWS\system32\DRIVERS\FREEDOM.SYS [] <br/>S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2007-12-12 163864] <br/>S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] <br/>S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [] <br/>S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160] <br/>S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2007-11-29 16896] <br/>S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2007-11-29 19328] <br/>S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632] <br/>S3 PPPoEWin;PPPoEWin Miniport; C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS [] <br/>S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 8064] <br/>S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-01-15 30464] <br/>S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] <br/>S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] <br/>S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] <br/>S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] <br/>S3 usbser;Nokia USB Serial Port; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112] <br/>S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 8064] <br/>S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] <br/>S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688] <br/>S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] <br/>S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032] <br/> <br/>======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== <br/> <br/>R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640] <br/>R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716] <br/>R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] <br/>R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] <br/>R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920] <br/>R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592] <br/>S3 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664] <br/>S3 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-01-15 110592] <br/>S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] <br/>S3 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376] <br/>S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] <br/>S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] <br/>S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-10 168432] <br/>S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] <br/>S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104] <br/>S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-26 152984] <br/>S3 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-05-15 79400] <br/>S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112] <br/>S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] <br/>S3 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2005-08-08 167936] <br/>S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] <br/>S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] <br/>S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] <br/>S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] <br/> <br/>-----------------EOF-----------------
Posted 7/31/2009 11:24 PM
#75601
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Dogone Lop didn't completely uninstall when Messenger Plus was removed. Though why trust a crook to do something honorable. Let's address that now. <br/> <br/>The logs also show an undesirable Mrs Cash Back 1.0 toolbar, so be sure to uninstall that through Add/Remove Programs. <br/> <br/> <br/> To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. <br/> <br/> <br/> <br/>Download OTM.exe by OldTimer to your desktop. <br/> <br/>Then click OTM.exe to run it (Vista users, please right click on OTM.exe and select "Run as an Administrator"). <br/> <br/>Copy the file path(s) below (inside the Code box) to the clipboard by highlighting ALL of them and pressing CTRL + C, or right-click and choose Copy): <br/> <br/>[code]:files <br/>C:\Documents and Settings\All Users\Application Data\Drv Audio Dog About <br/>C:\Documents and Settings\User\Application Data\Error pure <br/>C:\Program Files\Error pure <br/>:reg <br/>[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <br/>"UserFaultCheck"=- <br/>"ZoneAlarm Client"=- <br/>"TrojanScanner"=- <br/>"dog about manager team"=- <br/>"AVG8_TRAY"=- <br/>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <br/>"ref list"=- <br/>:commands <br/>[purity] <br/>[emptytemp][/code] <br/> <br/>Return to OTM, right click in the "Paste Instructions for Items to be Moved" window and select Paste. Then click the red MoveIt! button. <br/> <br/>A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder, in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply. <br/> <br/>If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes" (it will). <br/> <br/>----------- <br/> <br/>Then see if you have normal online access and can do this scan: <br/> <br/>Disable your antivirus program (remember to re-enable it once this scan is complete) and go here (be sure to re-enable it after the scan completes) and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and take a break for a while. <br/> <br/>When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export the scan report". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All. Then copy/paste that log back here please. <br/> <br/>--------------- <br/> <br/>Run and post back a new RSIT scan log, the OTM log and the BitDefender log please.
Posted 8/1/2009 8:52 PM
#75622
User avatar

LordBTY Advanced member

Date Joined Nov 2016
Total Posts: 35
The two instances of iexplore don't seem to be running anymore... that seems like a good sign. <br/> <br/>Though, I haven't accessed the net for BitDefender. <br/> <br/> <br/>OTM <br/> <br/> <br/>All processes killed <br/>========== FILES ========== <br/>C:\Documents and Settings\All Users\Application Data\Drv Audio Dog About moved successfully. <br/>C:\Documents and Settings\User\Application Data\Error pure moved successfully. <br/>C:\Program Files\Error pure moved successfully. <br/>========== REGISTRY ========== <br/>Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UserFaultCheck not found. <br/>Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ZoneAlarm Client deleted successfully. <br/>Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TrojanScanner deleted successfully. <br/>Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\dog about manager team deleted successfully. <br/>Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AVG8_TRAY deleted successfully. <br/>Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ref list deleted successfully. <br/>========== COMMANDS ========== <br/> <br/>[EMPTYTEMP] <br/> <br/>User: Administrator <br/>->Temp folder emptied: 0 bytes <br/>->Temporary Internet Files folder emptied: 67 bytes <br/> <br/>User: All Users <br/> <br/>User: Default User <br/>->Temp folder emptied: 0 bytes <br/>->Temporary Internet Files folder emptied: 67 bytes <br/> <br/>User: LocalService <br/>->Temp folder emptied: 66016 bytes <br/>File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. <br/>->Temporary Internet Files folder emptied: 32902 bytes <br/>->FireFox cache emptied: 1698641 bytes <br/> <br/>User: Louise <br/>->Temp folder emptied: 61214528 bytes <br/>->Temporary Internet Files folder emptied: 78991 bytes <br/>->Java cache emptied: 108323 bytes <br/>->FireFox cache emptied: 24276318 bytes <br/> <br/>User: NetworkService <br/>->Temp folder emptied: 0 bytes <br/>->Temporary Internet Files folder emptied: 67 bytes <br/> <br/>User: Tom <br/>->Temp folder emptied: 55499 bytes <br/>->Temporary Internet Files folder emptied: 67 bytes <br/>->FireFox cache emptied: 1698641 bytes <br/> <br/>User: User <br/>->Temp folder emptied: 5345386 bytes <br/>->Temporary Internet Files folder emptied: 32902 bytes <br/>->Java cache emptied: 0 bytes <br/>->FireFox cache emptied: 24686220 bytes <br/>->Apple Safari cache emptied: 81000 bytes <br/>->Opera cache emptied: 157588 bytes <br/> <br/>%systemdrive% .tmp files removed: 0 bytes <br/>C:\WINDOWS\NV700704.TMP folder deleted successfully. <br/>%systemroot% .tmp files removed: 6632200 bytes <br/>%systemroot%\System32 .tmp files removed: 7415037 bytes <br/>Windows Temp folder emptied: 32768 bytes <br/>RecycleBin emptied: 563971 bytes <br/> <br/>Total Files Cleaned = 127.96 mb <br/> <br/> <br/>OTM by OldTimer - Version 3.0.0.5 log created on 08012009_213253 <br/> <br/>Files moved on Reboot... <br/> <br/>Registry entries deleted on Reboot... <br/> <br/> <br/> <br/> <br/>RSIT <br/> <br/> <br/> <br/> <br/>Logfile of random's system information tool 1.06 (written by random/random) <br/>Run by User at 2009-08-01 21:44:59 <br/>Microsoft Windows XP Home Edition Service Pack 3 <br/>System drive C: has 88 GB (37%) free of 238 GB <br/>Total RAM: 1022 MB (64% free) <br/> <br/>Logfile of Trend Micro HijackThis v2.0.2 <br/>Scan saved at 21:45:01, on 01/08/2009 <br/>Platform: Windows XP SP3 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v7.00 SP3 (7.00.6000.16850) <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\spoolsv.exe <br/>C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe <br/>C:\WINDOWS\system32\nvsvc32.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe <br/>C:\Program Files\QuickTime\qttask.exe <br/>C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe <br/>C:\Program Files\Common Files\AOL\1241988343\ee\AOLSoftware.exe <br/>C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe <br/>C:\WINDOWS\system32\CTHELPER.EXE <br/>C:\WINDOWS\system32\ctfmon.exe <br/>C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe <br/>C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe <br/>C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe <br/>C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe <br/>C:\Program Files\Creative Professional\E-MU PatchMix DSP\EmuPMixDSP.exe <br/>C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe <br/>C:\Program Files\PC Connectivity Solution\ServiceLayer.exe <br/>C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe <br/>C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe <br/>C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe <br/>E:\RSIT.exe <br/>C:\Program Files\Trend Micro\HijackThis\User.exe <br/> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 <br/>O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll <br/>O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll <br/>O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll <br/>O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll <br/>O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) <br/>O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll <br/>O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll <br/>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll <br/>O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll <br/>O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll <br/>O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll <br/>O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) <br/>O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup <br/>O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime <br/>O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" <br/>O4 - HKLM\..\Run: [nwiz] nwiz.exe /install <br/>O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" <br/>O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot <br/>O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1241988343\ee\AOLSoftware.exe <br/>O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe <br/>O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE <br/>O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe <br/>O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe <br/>O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray <br/>O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background <br/>O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden <br/>O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" <br/>O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM') <br/>O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user') <br/>O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ? <br/>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll <br/>O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll <br/>O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll <br/>O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll <br/>O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab <br/>O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 <br/>O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll <br/>O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab <br/>O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab <br/>O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238448251250 <br/>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab <br/>O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab <br/>O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe <br/>O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe <br/>O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe <br/>O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe <br/>O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <br/>O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe <br/>O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe <br/>O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe <br/>O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe <br/>O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe <br/>O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe <br/>O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe <br/>O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe <br/> <br/>-- <br/>End of file - 9106 bytes <br/> <br/>======Scheduled tasks folder====== <br/> <br/>C:\WINDOWS\tasks\AppleSoftwareUpdate.job <br/> <br/>======Registry dump====== <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] <br/>&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] <br/>Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}] <br/>Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] <br/>SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-05-26 320920] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] <br/>Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] <br/>Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-11-10 657904] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] <br/>Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-26 35840] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] <br/>JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-26 73728] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] <br/>{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504] <br/>{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! ¤u¨ã¦C - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936] <br/>{CCC7A320-B3CA-4199-B1A6-9F516DD69829} <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <br/>"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776] <br/>"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-12-07 30208] <br/>"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696] <br/>"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152] <br/>"nwiz"=nwiz.exe /install [] <br/>"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-05-18 49152] <br/>"JMB36X Configure"=C:\WINDOWS\system32\JMRaidTool.exe [2006-08-14 352256] <br/>"HostManager"=C:\Program Files\Common Files\AOL\1241988343\ee\AOLSoftware.exe [2006-11-14 50736] <br/>"H2O"=C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2005-10-23 385024] <br/>"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2007-12-12 23040] <br/> <br/>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <br/>"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] <br/>"SetDefaultMIDI"=C:\WINDOWS\system32\MIDIDef.exe [2007-12-12 31232] <br/>"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [2008-03-28 1079296] <br/>"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184] <br/>"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-05-15 484904] <br/>"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-01 153136] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] <br/>"vsmon"=2 <br/> <br/>C:\Documents and Settings\All Users\Start Menu\Programs\Startup <br/>WG111v2 Smart Wizard Wireless Setting.lnk - C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <br/>WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] <br/>"dontdisplaylastusername"=0 <br/>"legalnoticecaption"= <br/>"legalnoticetext"= <br/>"shutdownwithoutlogon"=1 <br/>"undockwithoutlogon"=1 <br/> <br/>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] <br/>"NoDriveTypeAutoRun"=323 <br/>"NoDriveAutoRun"=67108863 <br/>"NoDrives"=0 <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] <br/>"HonorAutoRunSetting"= <br/>"NoDriveAutoRun"= <br/>"NoDriveTypeAutoRun"= <br/>"NoDrives"= <br/> <br/>[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] <br/>"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" <br/>"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard" <br/>"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL" <br/>"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL" <br/>"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" <br/>"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire" <br/>"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" <br/>"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" <br/>"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server" <br/>"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" <br/>"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console" <br/>"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" <br/>"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" <br/>"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" <br/>"C:\Program Files\AOL 9.0 VR\waol.exe"="C:\Program Files\AOL 9.0 VR\waol.exe:*:Enabled:AOL" <br/>"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed" <br/>"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader" <br/>"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information" <br/>"C:\Program Files\AOL 9.0 VR\aol.exe"="C:\Program Files\AOL 9.0 VR\aol.exe:*:Enabled:AOL 9.0 VR" <br/>"C:\Program Files\AOL 9.0 VR\AOLphx.exe"="C:\Program Files\AOL 9.0 VR\AOLphx.exe:*:Enabled:AOLphx.exe" <br/>"C:\Program Files\AOL 9.0 VR\AOLphxex.exe"="C:\Program Files\AOL 9.0 VR\AOLphxex.exe:*:Enabled:AOLphxex.exe" <br/>"C:\Program Files\AOL 9.0 VR\shellrestart.exe"="C:\Program Files\AOL 9.0 VR\shellrestart.exe:*:Enabled:shellrestart.exe" <br/>"C:\Program Files\AOL 9.0 VR\shellmon.exe"="C:\Program Files\AOL 9.0 VR\shellmon.exe:*:Enabled:shellmon.exe" <br/>"C:\Program Files\Common Files\AOL\1241988343\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1241988343\ee\aolsoftware.exe:*:Enabled:AOL Shared Components" <br/>"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer" <br/> <br/>[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] <br/>"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" <br/>"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL" <br/>"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL" <br/>"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" <br/>"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL" <br/>"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" <br/>"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" <br/>"C:\Program Files\AOL 9.0a\waol.exe"="C:\Program Files\AOL 9.0a\waol.exe:*:Enabled:AOL" <br/> <br/>======List of files/folders created in the last 1 months====== <br/> <br/>2009-07-30 21:13:30 ----D---- C:\rsit <br/>2009-07-30 21:07:06 ----SHD---- C:\RECYCLER <br/>2009-07-29 17:01:58 ----A---- C:\ComboFix.txt <br/>2009-07-29 16:45:01 ----A---- C:\Boot.bak <br/>2009-07-29 16:44:57 ----RASHD---- C:\cmdcons <br/>2009-07-29 16:40:11 ----A---- C:\WINDOWS\zip.exe <br/>2009-07-29 16:40:11 ----A---- C:\WINDOWS\SWXCACLS.exe <br/>2009-07-29 16:40:11 ----A---- C:\WINDOWS\SWSC.exe <br/>2009-07-29 16:40:11 ----A---- C:\WINDOWS\SWREG.exe <br/>2009-07-29 16:40:11 ----A---- C:\WINDOWS\sed.exe <br/>2009-07-29 16:40:11 ----A---- C:\WINDOWS\PEV.exe <br/>2009-07-29 16:40:11 ----A---- C:\WINDOWS\NIRCMD.exe <br/>2009-07-29 16:40:11 ----A---- C:\WINDOWS\grep.exe <br/>2009-07-29 16:40:06 ----D---- C:\WINDOWS\ERDNT <br/>2009-07-29 16:39:08 ----D---- C:\Qoobox <br/>2009-07-29 16:38:41 ----HD---- C:\WINDOWS\PIF <br/>2009-07-29 03:12:30 ----D---- C:\Program Files\Trend Micro <br/>2009-07-29 03:09:35 ----D---- C:\Documents and Settings\User\Application Data\Malwarebytes <br/>2009-07-29 03:09:20 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes <br/>2009-07-29 03:09:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware <br/>2009-07-27 22:08:22 ----A---- C:\WINDOWS\SchedLgU.Txt <br/>2009-07-16 12:38:26 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$ <br/>2009-07-16 12:38:14 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$ <br/>2009-07-16 12:33:45 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$ <br/>2009-07-11 00:25:15 ----D---- C:\Program Files\Common Files\Wise Installation Wizard <br/> <br/>======List of files/folders modified in the last 1 months====== <br/> <br/>2009-08-01 21:36:54 ----D---- C:\WINDOWS\Temp <br/>2009-08-01 21:33:32 ----D---- C:\WINDOWS\system32 <br/>2009-08-01 21:33:32 ----D---- C:\WINDOWS <br/>2009-08-01 21:33:25 ----RD---- C:\Program Files <br/>2009-08-01 21:32:30 ----D---- C:\WINDOWS\Prefetch <br/>2009-07-31 13:53:53 ----D---- C:\Program Files\Mozilla Firefox <br/>2009-07-31 13:47:57 ----RASH---- C:\boot.ini <br/>2009-07-31 13:47:57 ----A---- C:\WINDOWS\win.ini <br/>2009-07-31 13:47:57 ----A---- C:\WINDOWS\system.ini <br/>2009-07-31 13:47:56 ----D---- C:\WINDOWS\pss <br/>2009-07-30 20:58:10 ----D---- C:\WINDOWS\system32\drivers <br/>2009-07-30 20:43:42 ----SD---- C:\Documents and Settings\User\Application Data\Microsoft <br/>2009-07-30 20:42:57 ----HD---- C:\$AVG8.VAULT$ <br/>2009-07-29 17:00:03 ----RSHDC---- C:\WINDOWS\system32\dllcache <br/>2009-07-29 16:49:15 ----D---- C:\WINDOWS\AppPatch <br/>2009-07-29 16:49:12 ----D---- C:\Program Files\Common Files <br/>2009-07-29 16:46:29 ----D---- C:\WINDOWS\system32\CatRoot2 <br/>2009-07-29 16:44:31 ----D---- C:\Program Files\BitComet <br/>2009-07-29 16:07:07 ----D---- C:\Program Files\Internet Explorer <br/>2009-07-29 03:46:10 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP <br/>2009-07-29 03:03:50 ----D---- C:\WINDOWS\system32\CatRoot <br/>2009-07-29 03:03:05 ----HD---- C:\WINDOWS\inf <br/>2009-07-29 03:01:38 ----SHD---- C:\WINDOWS\Installer <br/>2009-07-29 03:01:36 ----D---- C:\WINDOWS\WinSxS <br/>2009-07-29 02:33:08 ----D---- C:\WINDOWS\Help <br/>2009-07-28 18:50:47 ----D---- C:\WINDOWS\ie7updates <br/>2009-07-28 18:28:09 ----HD---- C:\WINDOWS\$hf_mig$ <br/>2009-07-28 07:19:36 ----A---- C:\WINDOWS\NeroDigital.ini <br/>2009-07-27 23:00:14 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ <br/>2009-07-27 22:23:02 ----D---- C:\Downloads <br/>2009-07-27 22:16:12 ----SD---- C:\WINDOWS\Tasks <br/>2009-07-26 18:04:17 ----D---- C:\Documents and Settings <br/>2009-07-26 16:24:51 ----D---- C:\WINDOWS\Debug <br/>2009-07-26 16:17:42 ----D---- C:\Documents and Settings\All Users\Application Data\AOL <br/>2009-07-18 00:32:18 ----D---- C:\Documents and Settings\User\Application Data\OpenOffice.org2 <br/>2009-07-13 18:10:58 ----A---- C:\VETlog.txt <br/>2009-07-12 03:53:04 ----A---- C:\WINDOWS\PhotoSnapViewer.INI <br/>2009-07-11 01:02:13 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy <br/>2009-07-11 00:25:35 ----D---- C:\Program Files\Lavasoft <br/>2009-07-11 00:21:53 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft <br/>2009-07-10 13:24:37 ----SD---- C:\WINDOWS\Downloaded Program Files <br/>2009-07-07 16:10:56 ----A---- C:\WINDOWS\system32\MRT.exe <br/> <br/>======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== <br/> <br/>R1 Asapi;Asapi; C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 11264] <br/>R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2002-07-17 16877] <br/>R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] <br/>R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2008-01-27 8552] <br/>R2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2005-04-01 66048] <br/>R2 Nsynas32;Nsynas32; C:\WINDOWS\system32\drivers\Nsynas32.sys [2001-04-09 17784] <br/>R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys [] <br/>R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] <br/>R3 CLEDX;Team H2O CLEDX service; C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-10-23 33792] <br/>R3 COMMONFX.SYS;COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [2007-12-12 98328] <br/>R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2007-12-12 511000] <br/>R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2007-12-12 524824] <br/>R3 CTEDSPIO.SYS;CTEDSPIO.SYS; C:\WINDOWS\System32\drivers\CTEDSPIO.SYS [2007-12-12 134168] <br/>R3 CTEDSPSY.SYS;CTEDSPSY.SYS; C:\WINDOWS\System32\drivers\CTEDSPSY.SYS [2007-12-12 309784] <br/>R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2007-12-12 14360] <br/>R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2007-12-12 159256] <br/>R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2007-12-12 95768] <br/>R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168] <br/>R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\System32\drivers\ha10kx2k.sys [2007-12-12 802840] <br/>R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] <br/>R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810] <br/>R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] <br/>R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392] <br/>R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-02-17 34176] <br/>R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-02-17 13056] <br/>R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2007-12-12 129560] <br/>R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] <br/>R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] <br/>R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] <br/>R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] <br/>R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588] <br/>S3 BRIDGE;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552] <br/>S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552] <br/>S3 catchme;catchme; \??\C:\DOCUME~1\User\LOCALS~1\Temp\catchme.sys [] <br/>S3 COMMONFX;COMMONFX; C:\WINDOWS\system32\drivers\COMMONFX.SYS [2007-12-12 98328] <br/>S3 CT20XUT.SYS;CT20XUT.SYS; C:\WINDOWS\System32\drivers\CT20XUT.SYS [2007-12-12 171032] <br/>S3 CT20XUT;CT20XUT; C:\WINDOWS\system32\drivers\CT20XUT.SYS [2007-12-12 171032] <br/>S3 CTAUDFX.SYS;CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [2007-12-12 528920] <br/>S3 CTAUDFX;CTAUDFX; C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2007-12-12 528920] <br/>S3 CTEAPSFX.SYS;CTEAPSFX.SYS; C:\WINDOWS\System32\drivers\CTEAPSFX.SYS [2007-12-12 163352] <br/>S3 CTEAPSFX;CTEAPSFX; C:\WINDOWS\system32\drivers\CTEAPSFX.SYS [2007-12-12 163352] <br/>S3 CTEDSPFX.SYS;CTEDSPFX.SYS; C:\WINDOWS\System32\drivers\CTEDSPFX.SYS [2007-12-12 259096] <br/>S3 CTEDSPFX;CTEDSPFX; C:\WINDOWS\system32\drivers\CTEDSPFX.SYS [2007-12-12 259096] <br/>S3 CTEDSPIO;CTEDSPIO; C:\WINDOWS\system32\drivers\CTEDSPIO.SYS [2007-12-12 134168] <br/>S3 CTEDSPSY;CTEDSPSY; C:\WINDOWS\system32\drivers\CTEDSPSY.SYS [2007-12-12 309784] <br/>S3 CTERFXFX.SYS;CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [2007-12-12 99352] <br/>S3 CTERFXFX;CTERFXFX; C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2007-12-12 99352] <br/>S3 CTEXFIFX.SYS;CTEXFIFX.SYS; C:\WINDOWS\System32\drivers\CTEXFIFX.SYS [2007-12-12 1324056] <br/>S3 CTEXFIFX;CTEXFIFX; C:\WINDOWS\system32\drivers\CTEXFIFX.SYS [2007-12-12 1324056] <br/>S3 CTHWIUT.SYS;CTHWIUT.SYS; C:\WINDOWS\System32\drivers\CTHWIUT.SYS [2007-12-12 72728] <br/>S3 CTHWIUT;CTHWIUT; C:\WINDOWS\system32\drivers\CTHWIUT.SYS [2007-12-12 72728] <br/>S3 CTSBLFX.SYS;CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [2007-12-12 534040] <br/>S3 CTSBLFX;CTSBLFX; C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2007-12-12 534040] <br/>S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS [] <br/>S3 Freedom;FREEDOM Miniport; C:\WINDOWS\system32\DRIVERS\FREEDOM.SYS [] <br/>S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2007-12-12 163864] <br/>S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] <br/>S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [] <br/>S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160] <br/>S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2007-11-29 16896] <br/>S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2007-11-29 19328] <br/>S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632] <br/>S3 PPPoEWin;PPPoEWin Miniport; C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS [] <br/>S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 8064] <br/>S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-01-15 30464] <br/>S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] <br/>S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] <br/>S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] <br/>S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] <br/>S3 usbser;Nokia USB Serial Port; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112] <br/>S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 8064] <br/>S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] <br/>S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688] <br/>S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] <br/>S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032] <br/> <br/>======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== <br/> <br/>R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640] <br/>R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716] <br/>R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] <br/>R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] <br/>R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920] <br/>R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592] <br/>S3 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664] <br/>S3 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-01-15 110592] <br/>S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] <br/>S3 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376] <br/>S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] <br/>S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] <br/>S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-10 168432] <br/>S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] <br/>S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-03-30 504104] <br/>S3 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-26 152984] <br/>S3 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-05-15 79400] <br/>S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112] <br/>S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] <br/>S3 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2005-08-08 167936] <br/>S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] <br/>S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] <br/>S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] <br/>S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] <br/> <br/>-----------------EOF-----------------
Posted 8/1/2009 10:23 PM
#75623
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
No malware and no instances of IE (iexplore.exe) running showing now. It would be good now if you did do the net access and ran the BitDefender scan.
Posted 8/1/2009 11:58 PM
#75624
User avatar

LordBTY Advanced member

Date Joined Nov 2016
Total Posts: 35
Ok... I'm going to try completely removing AOL and reconnecting.. <br/> <br/>Thankyou very much :)
Posted 8/2/2009 12:20 AM
#75625
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
If you need help just ask here.
Posted 8/3/2009 4:21 PM
#75666
User avatar

LordBTY Advanced member

Date Joined Nov 2016
Total Posts: 35
Well, right now the disc is refusing to recognise the modem. <br/> <br/>Also, when I log in: <br/> <br/>---- <br/> <br/>Data Execution Prevention - Microsoft Windows <br/> <br/>To help protect the computer, windows has closed this program. <br/> <br/>Name: Generic Host Process For Win32 Services <br/> <br/>Publisher: Microsoft Corporation <br/> <br/>[Close Message] <br/> <br/>---- <br/> <br/>Also, in my network connections, there are 3 locations. This is when the modem is unplugged. <br/> <br/>1394 Connection 7 - Connected <br/> <br/>Local Area Connection - Network Connection Unplugged <br/> <br/>1394 Connection 6 - Connected <br/> <br/>I can't seem to disable them or delete them either... do you think the virus is responsible?
Posted 8/3/2009 7:02 PM
#75670
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
1394 Connection's are "firewire" connections, and can refer to any devices connected via that method. So may not necessarily actually be network connections. The Local Area Connection suggests your ethernet port. You don't mention a Dial-up connection there though, and may need to recreate that. However, the logs indicate AOL, so if you use that for dial-up I am not quite sure how connections might be accessed - I assume though AOL's software.
Posted 8/3/2009 7:32 PM
#75671
User avatar

LordBTY Advanced member

Date Joined Nov 2016
Total Posts: 35
I have recently uninstalled AOL in an attempt to re-install AOL along with the modem. <br/> <br/>Also, in the virus removal process I seem to have lost IE... <br/> <br/>And I think it's had a negative effect <br/> <br/>When trying to reinstall IE.. I'm told that it doubts the integrity of Update.Inf and the Cryptographic Service isn't running <br/> <br/>I did not have a cryptographic service, so I have downloaded one. <br/> <br/>Now it refuses to start... <br/> <br/>Help :(
Posted 8/4/2009 2:28 AM
#75675
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Crypto service isn't really something to be downloaded, and as an essential system service you likely have one, but a damaged one. I sense your situation is similar to a few other threads I am aware of, and it is actually three services affected, and maybe some important system files. Let's check all that, then correct what needs correcting. <br/> <br/> <br/>[code]@ECHO OFF <br/>if exist Checkit.txt del /q Checkit.txt <br/>sc query Cryptsvc > Checkit.txt <br/>sc query seclogon > Checkit1.txt <br/>sc query spooler > Checkit2.txt <br/>dir /s "c:\*null*.*" > Checkit3.txt <br/>dir /s "c:\*beep*.*" > Checkit4.txt <br/>Type Checkit*.txt > Results.txt <br/>del /q Checkit*.txt <br/>Notepad Results.txt[/code] <br/>Open Notepad (Start - Run, type notepad and press Enter). <br/> <br/>Copy/paste the above text (inside the box) into the open text box, then save this to your desktop as "3serv.bat" <br/> <br/>Be sure to include the "" quotes in the name. Then click on 3serv.bat. When the scan completes a textbox will open - copy/paste those contents back here please.
Posted 8/4/2009 2:42 AM
#75676
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
If your situation is very similar to others one other area that needs checking is part of your Registry there. <br/> <br/> <br/>Download & and click to install - [URL="http://www.derfisch.de/lars/erunt-setup.exe"]ERUNT[/URL]. <br/> <br/>When prompted, uncheck the desktop icon options, and also decline to have Erunt create an entry in your Startup folder. When the install is finished, click the Finish button to launch ERUNT. Then just click OK to each of the next prompts, and allow Erunt to create a Registry backup. <br/> <br/> <br/>Then I would like to check a Registry backup file Erunt created there, to check if any other unwanted changes have been made we need to address. <br/> <br/>Right click My Computer, left click Explore, and use the plus + symbols to navigate to the following hilighted file: <br/> <br/>C:\WINDOWS\ERDNT\(date backup was made)\system <br/> <br/>Zip a copy of that (using any zip program you have, or right click the file and select Send To - Compressed (zipped) Folder), then go here, press new topic, fill in the needed details and just give a link to your post back here (see the "Instructions for uploading files" there for help, if needed). Then press the browse button and then navigate to & select the file on your computer.
Posted 8/4/2009 4:20 PM
#75694
User avatar

LordBTY Advanced member

Date Joined Nov 2016
Total Posts: 35
Fantastic :) <br/> <br/>I shall do that momentarily <br/> <br/>However, on this laptop, there was a small windows update running for about 20seconds that decided to run without asking me. This is exactly what the virus on my PC did... given that the only way I've been able to get downloaded files to me PC- what with it's internet being down and all- is via a USB stick, the same virus is probably on the laptop. What do you reccomend I do before it infects further?
Posted 8/4/2009 4:48 PM
#75696
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
You can create a special folder, named autorun.inf, that will thwart the infection creating that same named file. It uses this to autostart it's infection processes. <br/> <br/> <br/> To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. <br/> <br/> <br/>Click here and download Flash_Disinfector.exe and save it to your desktop. <br/> <br/>Doubleclick on Flash_Disinfector.exe to run it and follow the prompts. Wait until it has finished scanning and then exit the program. <br/> <br/>The utility may ask you to insert your flash drive and/or other external/removable drives. Please do so and allow the utility to clean up those drives as well. <br/> <br/>Then leave any drives installed until all repairs here have been completed. <br/> <br/>This will also create autorun.inf folders on all drives there, which serves to block autoloading infection from creating some of their bad files they need to infect other drives and systems.
Posted 8/4/2009 6:36 PM
#75697
User avatar

LordBTY Advanced member

Date Joined Nov 2016
Total Posts: 35
Ok, where should I put autorun.inf? <br/> <br/>I've put it on my laptop desktop <br/> <br/>I've tried to put it on the USB stick, but apparently the folder already exists.
Posted 8/4/2009 7:10 PM
#75698
User avatar

LordBTY Advanced member

Date Joined Nov 2016
Total Posts: 35
Here's my ERUNT upload <br/> <br/>http://thespykiller.co.uk/index.php/topic,8668.0.html <br/> <br/> <br/>And the 3serv.bat results <br/> <br/> <br/>SERVICE_NAME: Cryptsvc <br/> TYPE : 20 WIN32_SHARE_PROCESS <br/> STATE : 1 STOPPED <br/> (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> <br/>SERVICE_NAME: seclogon <br/> TYPE : 120 WIN32_SHARE_PROCESS (interactive) <br/> STATE : 4 RUNNING <br/> (STOPPABLE,PAUSABLE,IGNORES_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> <br/>SERVICE_NAME: spooler <br/> TYPE : 110 WIN32_OWN_PROCESS (interactive) <br/> STATE : 4 RUNNING <br/> (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) <br/> WIN32_EXIT_CODE : 0 (0x0) <br/> SERVICE_EXIT_CODE : 0 (0x0) <br/> CHECKPOINT : 0x0 <br/> WAIT_HINT : 0x0 <br/> Volume in drive C has no label. <br/> Volume Serial Number is 083F-6DF9 <br/> <br/> Directory of c:\Documents and Settings\User\Local Settings\Temp <br/> <br/>04/08/2009 19:41 62 null <br/> 1 File(s) 62 bytes <br/> <br/> Directory of c:\Program Files\Common Files <br/> <br/>27/01/2008 17:25 <DIR> Nullsoft <br/> 0 File(s) 0 bytes <br/> <br/> Directory of c:\WINDOWS\system32\dllcache <br/> <br/>28/02/2006 13:00 2,944 null.sys <br/> 1 File(s) 2,944 bytes <br/> <br/> Directory of c:\WINDOWS\system32\drivers <br/> <br/>28/02/2006 13:00 2,944 null.sys <br/> 1 File(s) 2,944 bytes <br/> <br/> Total Files Listed: <br/> 3 File(s) 5,950 bytes <br/> 1 Dir(s) 91,824,848,896 bytes free <br/> Volume in drive C has no label. <br/> Volume Serial Number is 083F-6DF9 <br/> <br/> Directory of c:\Program Files\Game Maker\Game_Maker4\Sounds <br/> <br/>22/10/1999 11:51 800 beep1.wav <br/>22/10/1999 11:47 1,078 beep2.wav <br/>22/10/1999 11:46 1,126 beep3.wav <br/>22/10/1999 11:46 6,584 beep4.wav <br/>22/10/1999 11:47 2,334 beep5.wav <br/>22/10/1999 11:47 2,974 beep6.wav <br/>22/10/1999 11:45 3,584 beep7.wav <br/> 7 File(s) 18,480 bytes <br/> <br/> Directory of c:\Program Files\Game Maker\Game_Maker5\Sounds <br/> <br/>22/10/1999 11:51 800 beep1.wav <br/>22/10/1999 11:47 1,078 beep2.wav <br/>22/10/1999 11:46 1,126 beep3.wav <br/>22/10/1999 11:46 6,584 beep4.wav <br/>22/10/1999 11:47 2,334 beep5.wav <br/>22/10/1999 11:47 2,974 beep6.wav <br/>22/10/1999 11:45 3,584 beep7.wav <br/> 7 File(s) 18,480 bytes <br/> <br/> Directory of c:\Program Files\Game Maker\Game_Maker6\Sounds <br/> <br/>22/10/1999 12:51 800 beep1.wav <br/>22/10/1999 12:47 1,078 beep2.wav <br/>22/10/1999 12:46 1,126 beep3.wav <br/>22/10/1999 12:46 6,584 beep4.wav <br/>22/10/1999 12:47 2,334 beep5.wav <br/>22/10/1999 12:47 2,974 beep6.wav <br/>22/10/1999 12:45 3,584 beep7.wav <br/> 7 File(s) 18,480 bytes <br/> <br/> Directory of c:\Program Files\MeldaProduction MDrummer 2 Small\Drumsets\Components\Toms\Synth <br/> <br/>02/05/2009 18:04 832 Beep 3.mdDrumset <br/> 1 File(s) 832 bytes <br/> <br/> Directory of c:\Program Files\MeldaProduction MDrummer 2 Small\Layers\Tom <br/> <br/>02/05/2009 18:04 556 Beep 1.mdLayer <br/>02/05/2009 18:04 531 Beep 2.mdLayer <br/>02/05/2009 18:04 544 Beep 3.mdLayer <br/>02/05/2009 18:04 566 Beep 4.mdLayer <br/> 4 File(s) 2,197 bytes <br/> <br/> Directory of c:\WINDOWS\system32\dllcache <br/> <br/>28/02/2006 13:00 4,224 beep.sys <br/> 1 File(s) 4,224 bytes <br/> <br/> Directory of c:\WINDOWS\system32\drivers <br/> <br/>28/02/2006 13:00 4,224 beep.sys <br/> 1 File(s) 4,224 bytes <br/> <br/> Total Files Listed: <br/> 28 File(s) 66,917 bytes <br/> 0 Dir(s) 91,824,844,800 bytes free <br/> <br/> <br/> <br/> <br/>----------- <br/> <br/> <br/>Thank you :)
Posted 8/4/2009 10:25 PM
#75701
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
For that autorun.inf on the drive, did you run FlashDisinfector first? It would have created an autorun.inf folder, so you would not be able to duplicate that name. <br/> <br/>SpyKiller seems to be down temporarily, so I will check that upload when timing permits that. The batch results look good. The right files in the right places, and just the Cryptsvc stopped right now. <br/> <br/>In looking at your recent comments usually one does not "lose" IE, though things like shortcuts might fail to work. <br/> <br/> <br/> <br/>Go to Start - Run, type services.msc (and OK). <br/> <br/>On the list locate and double-click on the following item. <br/> <br/>CryptSvc <br/> <br/>Using the dropdown box, make sure the Startup type is set to Automatic. <br/> <br/>Under Service Status, make sure it is Started (click Start if not). <br/> <br/>Apply/OK and exit. <br/> <br/>-------------- <br/> <br/>Reboot, and check that CryptSvc again to make sure it is now staying Started. <br/> <br/> <br/>Then go to your Network Connections, and see if you can create a new Dial-Up connection now. Ask if you have any specific questions I can help with for that. <br/> <br/> <br/>Then to open IE, go to Start - Run, type iexplore.exe and press OK. <br/> <br/>For now just post back an update on how you did with all that please.
Posted 8/4/2009 10:50 PM
#75702
User avatar

LordBTY Advanced member

Date Joined Nov 2016
Total Posts: 35
CryptSvc won't start. <br/> <br/>I click start and I get <br/> <br/>"Could not start the CryptSvc service on Local Compter. <br/> <br/>Error 1290: 0x50a" <br/> <br/>:/ <br/> <br/>And I don't have iexplore on my pc anymore :/ <br/> <br/>And I can't reinstall because it says it doubts the integrity of Update.inf and has some trouble with the cryptographic service.
Posted 8/4/2009 11:09 PM
#75705
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Do you know what happened to the iexplore.exe file itself? I will need to get a look at the upload you did, so there might be a delay while I wait to get SpyKiller access for that. <br/> <br/> <br/>Go to Start > Run and type: <br/> <br/>cmd.exe <br/> <br/>and ok. Copy and paste the below string after the prompt, then press Enter > <br/> <br/>dir /s /a "c:\*iexplore*.*" > c:\find.txt && notepad c:\find.txt <br/> <br/>Your drive will be scanned and when finished, Notepad will pop up with some information. Copy and paste it in this thread please. <br/> <br/>Once that Notepad textbox opens, also click at the prompt in the still open command console window and type exit to close that. <br/> <br/>----------------- <br/> <br/>[CODE]@ECHO OFF <br/>if exist Regsearch1.txt del /q Regsearch1.txt <br/>regedit /e Regsearch1.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cryptsvc" <br/>Notepad Regsearch1.txt[/CODE] <br/> <br/>Open Notepad (Start - Run, type notepad and press Enter). <br/> <br/>Copy/paste the above text (inside the Code box) into the open Notepad text box, then save this to your desktop as "cfgcheck.bat" <br/> <br/>Be sure to include the "" quotes in the name. Then click on cfgcheck.bat. When the scan completes a textbox will open - copy/paste those contents back here please.
Posted 8/5/2009 1:59 AM
#75708
User avatar

LordBTY Advanced member

Date Joined Nov 2016
Total Posts: 35
Ok :) <br/> <br/>Here's the find file: <br/> <br/> Volume in drive C has no label. <br/> Volume Serial Number is 083F-6DF9 <br/> <br/> Directory of c:\4bac1b979898353db5fea19d <br/> <br/>01/09/2006 07:43 503,758 iexplore.chm <br/>17/10/2006 12:04 622,080 iexplore.exe <br/>17/10/2006 12:04 573,440 iexplore.exe.mui <br/> 3 File(s) 1,699,278 bytes <br/> <br/> Directory of c:\Program Files\Internet Explorer <br/> <br/>25/04/2009 06:27 636,088 iexplore.exe <br/> 1 File(s) 636,088 bytes <br/> <br/> Directory of c:\WINDOWS\Prefetch <br/> <br/>03/08/2009 21:17 34,042 IEXPLORE.EXE-27122324.pf <br/>03/08/2009 21:17 46,218 IEXPLORE.EXE-3936AF2F.pf <br/> 2 File(s) 80,260 bytes <br/> <br/> Directory of c:\WINDOWS\system32\dllcache <br/> <br/>25/04/2009 06:27 636,088 iexplore.exe <br/> 1 File(s) 636,088 bytes <br/> <br/> Total Files Listed: <br/> 7 File(s) 3,051,714 bytes <br/> 0 Dir(s) 91,755,573,248 bytes free <br/> <br/> <br/> <br/> <br/>And here's the cfgcheck.bat file: <br/> <br/>Windows Registry Editor Version 5.00 <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cryptsvc] <br/>"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00 <br/>"Description"="@%SystemRoot%\\system32\\cryptsvc.dll,-1002" <br/>"DisplayName"="CryptSvc" <br/>"ErrorControl"=dword:00000001 <br/>"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ <br/> 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ <br/> 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ <br/> 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 <br/>"ObjectName"="LocalSystem" <br/>"Start"=dword:00000002 <br/>"Type"=dword:00000020 <br/>"ServiceSidType"=dword:00000001 <br/>"RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\ <br/> 00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\ <br/> 67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,00,6c,\ <br/> 00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\ <br/> 65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,\ <br/> 00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\ <br/> 00,00 <br/>"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\ <br/> 00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cryptsvc\Parameters] <br/>"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ <br/> 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ <br/> 63,00,72,00,79,00,70,00,74,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,\ <br/> 00 <br/>"ServiceMain"="CryptServiceMain" <br/>"ServiceDllUnloadOnStop"=dword:00000001 <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cryptsvc\Security] <br/>"Security"=hex:00,00,0e,00,01 <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cryptsvc\Enum] <br/>"0"="Root\\LEGACY_CRYPTSVC\\0000" <br/>"Count"=dword:00000001 <br/>"NextInstance"=dword:00000001
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Thursday, December 8, 2016, 7:05 AM (GMT +1)
There are a total of 61,161 posts in 13,450 threads.
In the last 3 days there were 1 new threads and 1 reply posts.

Who's online

This forum has 37,968 registered members. Please welcome our newest member, Crawlerz.
There are currently no users on-line.