Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Popup & program installation problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Popup & program installation problem

Unread postby philiph » January 11th, 2009, 12:19 pm

Problems Experienced:
1 I am getting a flood of popups that I have never experienced before
2 I installed Brain Workshop and got an Access Violation Error writing to XXXXX

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:15:39, on 11/01/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
C:\Program Files\FSC\WebCam HotKey Utility\Webcam_HotKey.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\regsvr32.exe
C:\Users\Philip\AppData\Local\dtsdespp\dtsdespp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe
C:\Program Files\Clickatell Messenger-PRO 3\MessengerPRO.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\ppcbooster\ppcb_32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\RegCure\RegCure.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hitechniques.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: TBSB05288 - {6714ADBD-C6C1-42A8-BD84-9C9339059421} - C:\Program Files\IEToolbar\ECO Bar\ecobar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: adsoftinc browser enhancer - {C31E4847-DFE6-3923-7875-C7A6F60F81D2} - C:\Windows\system32\lrjhfvrimnt.dll
O2 - BHO: adsoftinc - {d86d9dfe-b5f4-c9eb-9202-3ea0fcbd9a15} - C:\Windows\system32\nsh940.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ECO Bar - {10000000-1000-1000-1000-100000000000} - C:\Program Files\IEToolbar\ECO Bar\ecobar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [TouchPadHotKey] C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
O4 - HKLM\..\Run: [WebCamHotKey] C:\Program Files\FSC\WebCam HotKey Utility\WebCam_HotKey.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [kddrhhkufkylsvsei] C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\lrjhfvrimnt.dll"
O4 - HKLM\..\Run: [dtsdespp] "C:\Users\Philip\AppData\Local\dtsdespp\dtsdespp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Messenger-PRO 3.lnk = C:\Program Files\Clickatell Messenger-PRO 3\MessengerPRO.exe
O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WirelessSelector.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O13 - Gopher Prefix:
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/ins ... sVista.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GtFix - OptionNV - C:\Program Files\Option\GlobeTrotter Connect\GtFix.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9536 bytes
philiph
Active Member
 
Posts: 7
Joined: January 11th, 2009, 12:12 pm
Advertisement
Register to Remove

Re: Popup & program installation problem

Unread postby muuli » January 11th, 2009, 12:57 pm

Hi,

Welcome to the MWR forums. My name is muuli. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research. Please be patient and I'd be grateful if you would note the following:

1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic. Please stay at one forum for help.
3. Please continue reading posts until I give the All Clear. It is important to note this, as a clean looking HijackThis is not always a sign your system is clean.

Note: I am still in training here at Malware Removal, however I will be working under the direct supervision of one of our Malware Experts. Any recommendations will first be approved before being given to you. Because of this, there may be a short delay in getting our responses to you, however be assured that we will be working diligently on your problem.
muuli
Regular Member
 
Posts: 690
Joined: February 8th, 2007, 4:01 pm
Location: Finland

Re: Popup & program installation problem

Unread postby muuli » January 13th, 2009, 9:24 am

Hi,

  1. Please download random's system information tool (RSIT) and save it to your desktop.
  2. Right click on RSIT.exe and select Run As Administrator to run it. If Windows UAC prompts you, please allow it.
  3. Select 3 months from the drop-down list and click on Continue.
  4. RSIT will start running. When done, 2 logs will be produced. The first one, log.txt, will be maximized, the second one, info.txt, will be minimized.
  5. Please post both logs in your next reply. 1 log per reply please.
muuli
Regular Member
 
Posts: 690
Joined: February 8th, 2007, 4:01 pm
Location: Finland

Re: Popup & program installation problem - log.txt

Unread postby philiph » January 13th, 2009, 2:05 pm

Logfile of random's system information tool 1.05 (written by random/random)
Run by Philip at 2009-01-13 18:02:07
Microsoft® Windows Vista™ Business
System drive C: has 34 GB (46%) free of 74 GB
Total RAM: 2038 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:02:09, on 13/01/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
C:\Program Files\FSC\WebCam HotKey Utility\Webcam_HotKey.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\regsvr32.exe
C:\Users\Philip\AppData\Local\dtsdespp\dtsdespp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe
C:\Program Files\Clickatell Messenger-PRO 3\MessengerPRO.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\ppcbooster\ppcb_32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Windows\System32\mobsync.exe
C:\Users\Philip\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Philip.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hitechniques.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: TBSB05288 - {6714ADBD-C6C1-42A8-BD84-9C9339059421} - C:\Program Files\IEToolbar\ECO Bar\ecobar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: adsoftinc browser enhancer - {C31E4847-DFE6-3923-7875-C7A6F60F81D2} - C:\Windows\system32\lrjhfvrimnt.dll
O2 - BHO: adsoftinc - {d86d9dfe-b5f4-c9eb-9202-3ea0fcbd9a15} - C:\Windows\system32\nsh940.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ECO Bar - {10000000-1000-1000-1000-100000000000} - C:\Program Files\IEToolbar\ECO Bar\ecobar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [TouchPadHotKey] C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
O4 - HKLM\..\Run: [WebCamHotKey] C:\Program Files\FSC\WebCam HotKey Utility\WebCam_HotKey.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [kddrhhkufkylsvsei] C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\lrjhfvrimnt.dll"
O4 - HKLM\..\Run: [dtsdespp] "C:\Users\Philip\AppData\Local\dtsdespp\dtsdespp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Messenger-PRO 3.lnk = C:\Program Files\Clickatell Messenger-PRO 3\MessengerPRO.exe
O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WirelessSelector.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O13 - Gopher Prefix:
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/ins ... sVista.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GtFix - OptionNV - C:\Program Files\Option\GlobeTrotter Connect\GtFix.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9650 bytes

======Scheduled tasks folder======

C:\Windows\tasks\RegCure Program Check.job
C:\Windows\tasks\RegCure.job
C:\Windows\tasks\User_Feed_Synchronization-{ABDE84A1-8CA4-42B3-857E-46A1B346C483}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-09-02 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6714ADBD-C6C1-42A8-BD84-9C9339059421}]
TBSB05288 Class - C:\Program Files\IEToolbar\ECO Bar\ecobar.dll [2008-08-14 2484224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-07 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-10-19 2549368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-19 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C31E4847-DFE6-3923-7875-C7A6F60F81D2}]
adsoftinc browser enhancer - C:\Windows\system32\lrjhfvrimnt.dll [2008-12-24 387584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d86d9dfe-b5f4-c9eb-9202-3ea0fcbd9a15}]
adsoftinc - C:\Windows\system32\nsh940.dll [2009-01-06 683520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-07 2055960]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-10-19 2549368]
{10000000-1000-1000-1000-100000000000} - ECO Bar - C:\Program Files\IEToolbar\ECO Bar\ecobar.dll [2008-08-14 2484224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-09-07 1006264]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-05-10 869936]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-06-13 4489216]
"Skytel"=C:\Windows\Skytel.exe [2007-05-28 1826816]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784]
"TouchPadHotKey"=C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe [2007-06-26 360448]
"WebCamHotKey"=C:\Program Files\FSC\WebCam HotKey Utility\WebCam_HotKey.exe [2007-06-26 376832]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-02 1261336]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-10 136600]
"kddrhhkufkylsvsei"=C:\Windows\System32\regsvr32.exe [2006-11-02 14336]
"dtsdespp"=C:\Users\Philip\AppData\Local\dtsdespp\dtsdespp.exe [2009-01-11 446464]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-04-05 1232896]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-19 39408]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe [2008-06-17 1249280]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-10-02 1124352]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
WirelessSelector.lnk - C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe

C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Messenger-PRO 3.lnk - C:\Program Files\Clickatell Messenger-PRO 3\MessengerPRO.exe
Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 3 months======

2009-01-13 18:00:49 ----D---- C:\rsit
2009-01-11 15:53:52 ----D---- C:\Program Files\Trend Micro
2009-01-11 15:02:42 ----D---- C:\Program Files\Brain Workshop A
2009-01-11 14:33:44 ----A---- C:\Windows\dtadb5800.exe
2009-01-11 14:33:37 ----D---- C:\Program Files\VnrBlock
2009-01-11 14:33:37 ----D---- C:\Program Files\iCheck
2009-01-11 14:33:33 ----A---- C:\Windows\jpog00468.exe
2009-01-11 14:33:28 ----A---- C:\Windows\qrqsf4022.exe
2009-01-11 14:33:27 ----D---- C:\Program Files\IEToolbar
2009-01-11 14:33:11 ----D---- C:\Program Files\ppcbooster
2009-01-11 14:33:11 ----A---- C:\Windows\rebx4718.exe
2009-01-11 14:33:10 ----A---- C:\Windows\system32\cont_adsoftinc-remove.exe
2009-01-11 14:33:09 ----A---- C:\Windows\uwej07504.exe
2009-01-11 14:33:07 ----D---- C:\Program Files\runit
2009-01-11 14:33:03 ----A---- C:\Windows\kaefe8785.exe
2009-01-11 14:33:00 ----A---- C:\Windows\system32\vdkeqavhlfgpzhupb.exe
2009-01-11 14:32:53 ----A---- C:\Windows\gonx7881.exe
2009-01-11 14:32:36 ----A---- C:\Windows\kdiue732.txt
2009-01-10 22:54:27 ----D---- C:\Users\Philip\AppData\Roaming\LimeWire
2009-01-10 22:53:37 ----A---- C:\Windows\system32\javaws.exe
2009-01-10 22:53:37 ----A---- C:\Windows\system32\deploytk.dll
2009-01-10 22:53:36 ----A---- C:\Windows\system32\javaw.exe
2009-01-10 22:53:36 ----A---- C:\Windows\system32\java.exe
2009-01-10 22:53:13 ----D---- C:\Program Files\Java
2009-01-10 22:50:57 ----D---- C:\Program Files\LimeWire
2009-01-10 22:45:36 ----D---- C:\Program Files\Windows Installer Clean Up
2009-01-10 22:29:11 ----D---- C:\Program Files\RegCure
2009-01-06 16:56:26 ----A---- C:\Windows\system32\nsh940.dll
2009-01-02 16:11:17 ----A---- C:\Windows\system32\mshtml.dll
2009-01-02 16:09:52 ----A---- C:\Windows\system32\tzres.dll
2009-01-02 16:06:30 ----A---- C:\Windows\system32\urlmon.dll
2009-01-02 16:06:30 ----A---- C:\Windows\system32\ieframe.dll
2009-01-02 16:06:29 ----A---- C:\Windows\system32\wininet.dll
2009-01-02 16:06:29 ----A---- C:\Windows\system32\mstime.dll
2009-01-02 16:06:29 ----A---- C:\Windows\system32\mshtmled.dll
2009-01-02 16:06:29 ----A---- C:\Windows\system32\ieui.dll
2009-01-02 16:06:29 ----A---- C:\Windows\system32\iernonce.dll
2009-01-02 16:06:29 ----A---- C:\Windows\system32\ieapfltr.dll
2009-01-02 16:06:29 ----A---- C:\Windows\system32\ie4uinit.exe
2009-01-02 16:06:29 ----A---- C:\Windows\system32\dxtrans.dll
2009-01-02 16:06:29 ----A---- C:\Windows\system32\advpack.dll
2009-01-02 16:06:28 ----A---- C:\Windows\system32\pngfilt.dll
2009-01-02 16:06:28 ----A---- C:\Windows\system32\jsproxy.dll
2009-01-02 16:06:28 ----A---- C:\Windows\system32\ieUnatt.exe
2009-01-02 16:06:28 ----A---- C:\Windows\system32\iesetup.dll
2009-01-02 16:06:28 ----A---- C:\Windows\system32\iertutil.dll
2009-01-02 16:06:28 ----A---- C:\Windows\system32\icardie.dll
2009-01-02 16:06:28 ----A---- C:\Windows\system32\dxtmsft.dll
2009-01-02 16:06:18 ----A---- C:\Windows\system32\gameux.dll
2009-01-02 16:06:17 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-01-02 16:06:17 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-01-02 16:06:05 ----A---- C:\Windows\system32\shell32.dll
2009-01-02 16:04:20 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-01-02 16:04:20 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-01-02 16:04:20 ----A---- C:\Windows\system32\mf.dll
2009-01-02 16:04:19 ----A---- C:\Windows\system32\rrinstaller.exe
2009-01-02 16:04:19 ----A---- C:\Windows\system32\mfps.dll
2009-01-02 16:04:19 ----A---- C:\Windows\system32\mfpmp.exe
2009-01-02 16:04:19 ----A---- C:\Windows\system32\mferror.dll
2009-01-02 16:04:19 ----A---- C:\Windows\system32\logagent.exe
2009-01-02 16:04:16 ----A---- C:\Windows\system32\gdi32.dll
2009-01-02 16:04:12 ----A---- C:\Windows\explorer.exe
2008-12-16 16:19:34 ----A---- C:\Windows\system32\lrjhfvrimnt.dll
2008-12-05 22:42:55 ----A---- C:\Windows\system32\perf-ReportServer$SQLEXPRESS-rsctr.dll
2008-12-05 22:40:24 ----A---- C:\Windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2008-12-05 22:40:00 ----A---- C:\Windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2008-12-05 22:38:18 ----D---- C:\Program Files\Microsoft Analysis Services
2008-12-05 22:34:11 ----D---- C:\Program Files\Common Files\Merge Modules
2008-12-05 22:29:11 ----D---- C:\Program Files\Microsoft SDKs
2008-12-05 22:28:47 ----D---- C:\Program Files\Microsoft Synchronization Services
2008-12-05 22:26:20 ----D---- C:\Windows\system32\RsFx
2008-12-05 22:25:59 ----D---- C:\Program Files\Microsoft Sync Framework
2008-12-05 22:25:39 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2008-12-05 22:24:52 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2008-12-05 22:24:30 ----D---- C:\Windows\system32\1033
2008-12-05 22:24:04 ----D---- C:\Program Files\Microsoft.NET
2008-12-05 19:28:02 ----D---- C:\Windows\PCHEALTH
2008-12-05 19:26:12 ----D---- C:\Program Files\Microsoft SQL Server
2008-12-05 19:23:00 ----D---- C:\Windows\system32\WindowsPowerShell
2008-12-05 19:11:57 ----A---- C:\Windows\system32\msimsg.dll
2008-12-05 19:11:57 ----A---- C:\Windows\system32\msihnd.dll
2008-12-05 19:11:57 ----A---- C:\Windows\system32\msiexec.exe
2008-12-05 19:11:57 ----A---- C:\Windows\system32\msi.dll
2008-12-05 18:20:13 ----A---- C:\Windows\system32\infocardapi.dll
2008-12-05 18:20:12 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2008-12-05 18:20:11 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2008-12-05 18:20:11 ----A---- C:\Windows\system32\icardres.dll
2008-12-05 18:20:11 ----A---- C:\Windows\system32\icardagt.exe
2008-12-05 18:20:08 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2008-12-05 18:20:03 ----A---- C:\Windows\system32\PresentationHost.exe
2008-12-05 18:09:31 ----A---- C:\Windows\system32\dfshim.dll
2008-12-05 18:09:26 ----A---- C:\Windows\system32\mscoree.dll
2008-12-05 18:09:25 ----A---- C:\Windows\system32\netfxperf.dll
2008-12-05 18:09:12 ----A---- C:\Windows\system32\mscorier.dll
2008-12-05 18:09:08 ----A---- C:\Windows\system32\mscories.dll
2008-11-30 17:27:00 ----D---- C:\Users\Philip\AppData\Roaming\Netscape
2008-11-30 17:27:00 ----D---- C:\Program Files\Photodex Presenter
2008-11-29 16:54:48 ----D---- C:\Users\Philip\AppData\Roaming\PC Suite
2008-11-29 16:54:33 ----D---- C:\Users\Philip\AppData\Roaming\Nokia
2008-11-29 16:54:33 ----D---- C:\ProgramData\PC Suite
2008-11-29 16:53:09 ----D---- C:\Program Files\Common Files\PCSuite
2008-11-29 16:53:09 ----D---- C:\Program Files\Common Files\Nokia
2008-11-29 16:52:50 ----D---- C:\Program Files\DIFX
2008-11-29 16:50:36 ----D---- C:\Program Files\PC Connectivity Solution
2008-11-29 16:47:02 ----D---- C:\Program Files\Nokia
2008-11-29 16:47:02 ----A---- C:\Windows\system32\nmwcdcls.dll
2008-11-29 16:46:13 ----D---- C:\ProgramData\Installations
2008-11-27 21:29:12 ----D---- C:\Program Files\MSECACHE
2008-11-27 21:18:18 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2008-11-27 21:18:18 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2008-11-27 21:18:18 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-27 21:17:41 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-27 21:17:41 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-27 21:17:41 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-27 21:16:30 ----A---- C:\Windows\system32\connect.dll
2008-11-26 16:01:16 ----D---- C:\Program Files\Adobe
2008-11-25 17:46:54 ----A---- C:\Windows\system32\wups2.dll
2008-11-25 17:46:54 ----A---- C:\Windows\system32\wucltux.dll
2008-11-25 17:46:54 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-25 17:46:54 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-25 17:46:28 ----A---- C:\Windows\system32\wups.dll
2008-11-25 17:46:28 ----A---- C:\Windows\system32\wudriver.dll
2008-11-25 17:46:28 ----A---- C:\Windows\system32\wuapi.dll
2008-11-25 17:46:16 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-25 17:46:16 ----A---- C:\Windows\system32\wuapp.exe
2008-11-20 13:44:30 ----A---- C:\Windows\system32\gpprefcl.dll
2008-11-18 10:04:01 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-11-18 10:04:01 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-11-18 10:02:56 ----A---- C:\Windows\system32\msxml3.dll
2008-11-18 10:02:55 ----A---- C:\Windows\system32\msxml3r.dll
2008-11-18 10:02:42 ----A---- C:\Windows\system32\netapi32.dll
2008-11-18 10:02:16 ----A---- C:\Windows\system32\win32spl.dll
2008-11-18 10:02:16 ----A---- C:\Windows\system32\printcom.dll
2008-11-18 10:02:13 ----A---- C:\Windows\system32\msxml6r.dll
2008-11-18 10:02:13 ----A---- C:\Windows\system32\msxml6.dll
2008-11-06 15:52:43 ----D---- C:\ProgramData\HP Product Assistant
2008-11-04 15:41:56 ----D---- C:\Program Files\Clickatell Messenger-PRO 3
2008-10-25 21:35:41 ----D---- C:\Users\Philip\AppData\Roaming\KeePass
2008-10-25 21:27:19 ----D---- C:\Program Files\KeePass Password Safe
2008-10-19 13:12:45 ----D---- C:\Users\Philip\AppData\Roaming\Google
2008-10-19 13:10:49 ----D---- C:\ProgramData\Google
2008-10-19 13:10:20 ----D---- C:\ProgramData\Google Updater
2008-10-19 13:10:16 ----D---- C:\Program Files\Google

======List of files/folders modified in the last 3 months======

2009-01-13 18:02:08 ----D---- C:\Windows\Temp
2009-01-13 18:01:22 ----D---- C:\Windows\Prefetch
2009-01-11 17:15:55 ----D---- C:\System Volume Information
2009-01-11 15:53:52 ----RD---- C:\Program Files
2009-01-11 14:54:07 ----D---- C:\Windows\Tasks
2009-01-11 14:54:07 ----D---- C:\Windows\system32\Tasks
2009-01-11 14:53:51 ----D---- C:\Windows\System32
2009-01-11 14:53:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-01-11 14:53:50 ----D---- C:\Windows\inf
2009-01-11 14:40:31 ----D---- C:\Windows
2009-01-11 14:36:58 ----HD---- C:\$AVG8.VAULT$
2009-01-10 22:53:57 ----SHD---- C:\Windows\Installer
2009-01-06 21:46:26 ----SD---- C:\Users\Philip\AppData\Roaming\Microsoft
2009-01-03 18:02:05 ----D---- C:\Windows\winsxs
2009-01-03 18:01:58 ----D---- C:\Windows\system32\catroot
2009-01-03 18:01:52 ----ASH---- C:\Program Files\desktop.ini
2009-01-03 17:59:35 ----D---- C:\Program Files\Windows Mail
2009-01-03 17:59:34 ----D---- C:\Windows\AppPatch
2009-01-03 17:59:33 ----D---- C:\Windows\system32\en-US
2009-01-03 17:59:32 ----D---- C:\Program Files\Internet Explorer
2009-01-03 17:59:31 ----D---- C:\Windows\system32\migration
2009-01-02 16:10:31 ----D---- C:\Windows\system32\catroot2
2008-12-09 23:24:37 ----A---- C:\Windows\system32\mrt.exe
2008-12-05 23:46:20 ----D---- C:\Windows\Microsoft.NET
2008-12-05 23:46:14 ----RSD---- C:\Windows\assembly
2008-12-05 22:40:57 ----SD---- C:\ProgramData\Microsoft
2008-12-05 22:37:38 ----D---- C:\ProgramData\Microsoft Help
2008-12-05 22:34:36 ----D---- C:\Program Files\Common Files\microsoft shared
2008-12-05 22:34:11 ----D---- C:\Program Files\Common Files
2008-12-05 22:32:21 ----D---- C:\Program Files\Microsoft Office
2008-12-05 22:26:20 ----D---- C:\Windows\system32\drivers
2008-12-05 19:17:47 ----D---- C:\Windows\system32\uk-UA
2008-12-05 19:17:47 ----D---- C:\Windows\system32\pt-PT
2008-12-05 19:17:47 ----D---- C:\Windows\system32\pt-BR
2008-12-05 19:17:47 ----D---- C:\Windows\system32\pl-PL
2008-12-05 19:17:47 ----D---- C:\Windows\system32\ko-KR
2008-12-05 19:17:47 ----D---- C:\Windows\system32\it-IT
2008-12-05 19:17:47 ----D---- C:\Windows\system32\he-IL
2008-12-05 19:17:47 ----D---- C:\Windows\system32\bg-BG
2008-12-05 19:17:46 ----D---- C:\Windows\system32\zh-TW
2008-12-05 19:17:46 ----D---- C:\Windows\system32\zh-CN
2008-12-05 19:17:46 ----D---- C:\Windows\system32\tr-TR
2008-12-05 19:17:46 ----D---- C:\Windows\system32\th-TH
2008-12-05 19:17:46 ----D---- C:\Windows\system32\sv-SE
2008-12-05 19:17:46 ----D---- C:\Windows\system32\sr-Latn-CS
2008-12-05 19:17:46 ----D---- C:\Windows\system32\sl-SI
2008-12-05 19:17:46 ----D---- C:\Windows\system32\sk-SK
2008-12-05 19:17:46 ----D---- C:\Windows\system32\ru-RU
2008-12-05 19:17:46 ----D---- C:\Windows\system32\ro-RO
2008-12-05 19:17:46 ----D---- C:\Windows\system32\nl-NL
2008-12-05 19:17:46 ----D---- C:\Windows\system32\nb-NO
2008-12-05 19:17:46 ----D---- C:\Windows\system32\lv-LV
2008-12-05 19:17:46 ----D---- C:\Windows\system32\lt-LT
2008-12-05 19:17:46 ----D---- C:\Windows\system32\ja-JP
2008-12-05 19:17:46 ----D---- C:\Windows\system32\hu-HU
2008-12-05 19:17:46 ----D---- C:\Windows\system32\hr-HR
2008-12-05 19:17:46 ----D---- C:\Windows\system32\fr-FR
2008-12-05 19:17:46 ----D---- C:\Windows\system32\fi-FI
2008-12-05 19:17:46 ----D---- C:\Windows\system32\et-EE
2008-12-05 19:17:46 ----D---- C:\Windows\system32\es-ES
2008-12-05 19:17:46 ----D---- C:\Windows\system32\el-GR
2008-12-05 19:17:46 ----D---- C:\Windows\system32\de-DE
2008-12-05 19:17:46 ----D---- C:\Windows\system32\da-DK
2008-12-05 19:17:46 ----D---- C:\Windows\system32\cs-CZ
2008-12-05 19:17:46 ----D---- C:\Windows\system32\ar-SA
2008-12-05 18:45:16 ----D---- C:\Windows\system32\XPSViewer
2008-12-05 18:45:16 ----D---- C:\Windows\system32\wbem
2008-11-30 17:27:14 ----RSD---- C:\Windows\Fonts
2008-11-30 17:27:03 ----SD---- C:\Windows\Downloaded Program Files
2008-11-30 17:27:00 ----D---- C:\Users\Philip\AppData\Roaming\Mozilla
2008-11-30 17:14:13 ----D---- C:\Program Files\Mozilla Firefox
2008-11-29 16:54:33 ----HD---- C:\ProgramData
2008-11-29 16:52:48 ----DC---- C:\Windows\system32\DRVSTORE
2008-11-27 21:47:11 ----A---- C:\Windows\win.ini
2008-11-27 19:55:28 ----D---- C:\Windows\ShellNew
2008-11-27 17:44:47 ----D---- C:\Program Files\Common Files\System
2008-11-26 16:01:20 ----D---- C:\ProgramData\Adobe
2008-11-26 16:01:16 ----D---- C:\Program Files\Common Files\Adobe
2008-11-20 13:33:35 ----D---- C:\Program Files\Microsoft Silverlight
2008-10-29 22:56:21 ----D---- C:\Windows\Minidump
2008-10-19 16:24:01 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2008-09-02 97928]
R1 AvgMfx86;AVG Minifilter x86 Resident Driver; C:\Windows\System32\Drivers\avgmfx86.sys [2008-07-07 26824]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2007-09-07 320000]
R1 RsFx0102;RsFx0102 Driver; C:\Windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R2 Sentinel;Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [2007-04-27 90688]
R2 zntport;NTPort Library Driver; \??\C:\Windows\system32\drivers\zntport.sys [2001-01-22 6080]
R3 acpi_contactor;acpi_contactor Driver; C:\Windows\system32\DRIVERS\acpi_contactor_vista.sys [2007-04-13 7680]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-05-07 767488]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-04-29 19456]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-04-05 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-06-12 1787816]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-22 982272]
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2006-11-02 9216]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-05-10 187320]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-05-03 245248]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2008-03-13 57536]
S3 FTSER2K;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys [2008-03-13 72000]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 Ser2pl;%Serial.SVCDESC%; C:\Windows\system32\DRIVERS\ser2pl.sys [2003-02-19 41344]
S3 SNTNLUSB;SafeNet USB SuperPro/UltraPro/HardwareKey; C:\Windows\system32\DRIVERS\SNTNLUSB.SYS [2007-04-27 35328]
S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2007-02-22 113920]
S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]
S3 tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2007-02-28 41344]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S4 toshidpt;Bluetooth HID Port; C:\Windows\system32\drivers\toshidpt.sys [2005-07-11 3712]
S4 tosporte;Bluetooth COM Port; C:\Windows\system32\drivers\tosporte.sys [2006-10-10 41600]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-02 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 GtFix;GtFix; C:\Program Files\Option\GlobeTrotter Connect\GtFix.exe [2007-07-13 114688]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-19 168432]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-08-11 40999448]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 ReportServer$SQLEXPRESS;SQL Server Reporting Services (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSRS10.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2008-07-10 1106968]
R2 SentinelKeysServer;Sentinel Keys Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2007-04-27 316992]
R2 SentinelProtectionServer;Sentinel Protection Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2007-04-27 206400]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
R3 MSSQLFDLauncher$SQLEXPRESS;SQL Full-text Filter Daemon Launcher (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [2008-07-10 31256]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S2 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-08-11 369688]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2006-11-02 521216]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-08-11 47128]
S3 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2007-09-07 562176]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2008-07-29 3201024]

-----------------EOF-----------------
philiph
Active Member
 
Posts: 7
Joined: January 11th, 2009, 12:12 pm

Re: Popup & program installation problem - info.txt

Unread postby philiph » January 13th, 2009, 2:06 pm

info.txt logfile of random's system information tool 1.05 2009-01-13 18:01:19

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Auction Client-->"C:\Program Files\Auction Client\AMSAuctionInstaller.exe" /u
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Brain Workshop 4.3-->"C:\Program Files\Brain Workshop A\unins000.exe"
Contextual Platform Adsoftinc-->C:\Windows\system32\cont_adsoftinc-remove.exe
Design to Field Importers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6C52B8A-D324-4BF6-91FF-589FB8E483B7}\setup.exe" -l0x9 -removeonly
DivX Author 1.5-->C:\Program Files\DivX\DivX Author 1.5\DivXAuthorUninstall.exe /DIVX_AUTHOR
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DPS-->"C:\Users\Philip\AppData\Local\dtsdespp\dtsdespp.exe" -u
ECO Bar-->regsvr32 /u /s "C:\Program Files\IEToolbar\ECO Bar\ecobar.dll"
GlobeTrotter Connect-->MsiExec.exe /X{70693B6C-EA67-450E-80A3-C7EF325C7817}
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GPL Ghostscript 8.61-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.61\uninstal.txt"
GPL Ghostscript Fonts-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\fonts\uninstal.txt"
GSview 4.9-->C:\Program Files\Ghostgum\gsview\uninstgs.exe "C:\Program Files\Ghostgum\gsview\uninstal.txt"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)-->C:\Windows\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)-->C:\Windows\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)-->C:\Windows\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)-->C:\Windows\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)-->C:\Windows\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""
HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Driver Diagnostics-->MsiExec.exe /I{ED3F469E-D9EC-4DF1-968F-5812CE2F30F8}
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B-->C:\Program Files\HP\Digital Imaging\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}\setup\hpzscr01.exe -datfile hposcr19.dat -onestop -showdisconnect -forcereboot
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
IKEA Home Planner-->MsiExec.exe /I{E7310F2E-C551-4FAB-BA07-EAC2E158B1BB}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Internet Speed Monitor-->C:\Program Files\iCheck\Uninstall.exe
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
KeePass Password Safe 1.14-->"C:\Program Files\KeePass Password Safe\unins000.exe"
LEICA Geo Office Tools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10111CD0-05C5-432D-8620-361AC7686877}\Setup.exe" anything
LEICA Geo Office-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2D4FCA7A-C099-4150-BEBF-E579D360F34D}\SETUP.EXE" anything
LimeWire 5.0.4-->"C:\Program Files\LimeWire\uninstall.exe"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90120000-00A4-0409-0000-0000000FF1CE}
Microsoft Office XP Professional-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Publisher 2002-->MsiExec.exe /I{91190409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2008 AdventureWorks Databases Refresh 1 Samples (x86)-->MsiExec.exe /X{41704DC5-9E69-43F3-B2C7-AC1DB1D9ECCE}
Microsoft SQL Server 2008 BI Development Studio-->MsiExec.exe /I{275ABBA2-4817-4443-9AB8-ED43CA9AAA17}
Microsoft SQL Server 2008 BI Development Studio-->MsiExec.exe /I{AC54DC1F-EDA7-448C-BA4C-218A92F5E985}
Microsoft SQL Server 2008 Browser-->MsiExec.exe /X{C688457E-03FD-4941-923B-A27F4D42A7DD}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{4A6F34E2-09E5-4616-B227-4A26A488A6F9}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{4815BD99-96A4-49FE-A885-DCF06E9E4E78}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{F3494AB6-6900-41C6-AF57-823626827ED8}
Microsoft SQL Server 2008 Full text search-->MsiExec.exe /I{06A7EA72-0F00-4D53-A81C-A5D925711141}
Microsoft SQL Server 2008 Management Studio-->MsiExec.exe /I{2020045B-8DCF-4449-8D5C-EB5BA37440F1}
Microsoft SQL Server 2008 Management Studio-->MsiExec.exe /I{FA9C3624-C693-4423-8A8B-2BC2B9F607AB}
Microsoft SQL Server 2008 Native Client-->MsiExec.exe /I{D9D937B0-E842-4130-9588-B948E876904A}
Microsoft SQL Server 2008 Policies-->MsiExec.exe /I{01C5A10F-AD9B-405B-853A-6659841A1242}
Microsoft SQL Server 2008 Reporting Services-->MsiExec.exe /I{23F70562-02F4-4805-ACF5-6E52BAD167C2}
Microsoft SQL Server 2008 Reporting Services-->MsiExec.exe /I{49E98741-B7A4-4A44-A536-6AFCA23106FE}
Microsoft SQL Server 2008 RsFx Driver-->MsiExec.exe /I{F1DC7648-8623-442F-92B7-E118DF61872E}
Microsoft SQL Server 2008 Setup Support Files (English)-->MsiExec.exe /X{6F7F59D5-12F6-4571-9935-A2921AA17F78}
Microsoft SQL Server 2008-->"c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /X86
Microsoft SQL Server 2008-->"c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /x86
Microsoft SQL Server Compact 3.5 SP1 English-->MsiExec.exe /I{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}
Microsoft SQL Server Compact 3.5 SP1 Query Tools English-->MsiExec.exe /I{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}
Microsoft Sync Framework Runtime v1.0 (x86)-->MsiExec.exe /I{A8BD5A60-E843-46DC-8271-ABF20756BE0F}
Microsoft Sync Services for ADO.NET v2.0 (x86)-->MsiExec.exe /I{C89B00A2-B72A-4935-96FC-38796E9554EC}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU-->MsiExec.exe /I{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}
Microsoft Visual Studio Tools for Applications 2.0 - ENU-->MsiExec.exe /X{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}
MiKTeX 2.7-->"C:\Program Files\MiKTeX 2.7\miktex\bin\copystart_admin.exe" "C:\Program Files\MiKTeX 2.7\miktex\config\uninstall.dat"
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Motorola SM56 Data Fax Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
n4ce 1.07-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B73E4F4-B4F5-4615-A600-8C07FA04D044}\SETUP.EXE" -l0x9
n4ce 1.11-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9BBD1B2F-3622-49FC-BD6E-344D51124546}\SETUP.EXE" -l0x9
Nikon Message Center-->MsiExec.exe /X{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}
Nikon Transfer-->MsiExec.exe /X{E9757890-7EC5-46C8-99AB-B00F07B6525C}
nLogger 2.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{50F53F80-E9DB-4E9C-90FA-7D0858FDEFB2}\Setup.exe" -l0x9
Nokia Connectivity Cable Driver-->MsiExec.exe /X{B3164E9E-BE08-4F3B-94BC-C6D09C0205E1}
Nokia PC Suite-->C:\ProgramData\Installations\{D5577624-0626-4C4B-87AA-D966DA1739D6}\Nokia_PC_Suite_rel_7_0_9_2_eng_web.exe
Nokia PC Suite-->MsiExec.exe /I{D5577624-0626-4C4B-87AA-D966DA1739D6}
PC Connectivity Solution-->MsiExec.exe /I{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}
Photodex Presenter-->C:\Program Files\Photodex Presenter\uninst.exe
PPC Booster-->"C:\Program Files\ppcbooster\ppcbu_32.exe"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RegCure 1.5.0.0-->C:\Program Files\RegCure\uninst.exe
RON Tool Adsoftinc-->C:\Windows\system32\vdkeqavhlfgpzhupb.exe
Run It-->"C:\Program Files\runit\runitu_32.exe"
Sentinel Protection Installer 7.4.0-->MsiExec.exe /I{5A180ED5-0AC1-410A-B790-5E0319CD0A93}
Shop for HP Supplies-->C:\Program Files\
philiph
Active Member
 
Posts: 7
Joined: January 11th, 2009, 12:12 pm

Re: Popup & program installation problem

Unread postby muuli » January 14th, 2009, 10:47 am

Hi,

Step 1

Disable Windows Defender...
  1. Go to Start > All Programs > Windows Defender.
  2. Click on Tools at the top.
  3. Under Settings, click on Options.
  4. Under Automatic scanning, uncheck (untick) Automatically scan my computer (recommended) box.
  5. Under Real-time protection options, uncheck (untick) Use real-time protection (recommended) box.
  6. Click on the Save button at the bottom right hand corner.

Step 2

Please remove via Add or Remove Programs (press Start -> Controlpanel -> Add or Remove Programs):
Contextual Platform Adsoftinc
DPS
ECO Bar
Internet Speed Monitor
PPC Booster
RON Tool Adsoftinc
Run It


Please check Malware Removal's P2P Programs Policy. Therefor you have to also remove LimeWire 5.0.4 from Add or Remove Programs.

Step 3

Open HijackThis, press Do a system scan only, checkmark these entries:
O2 - BHO: TBSB05288 - {6714ADBD-C6C1-42A8-BD84-9C9339059421} - C:\Program Files\IEToolbar\ECO Bar\ecobar.dll
O2 - BHO: adsoftinc browser enhancer - {C31E4847-DFE6-3923-7875-C7A6F60F81D2} - C:\Windows\system32\lrjhfvrimnt.dll
O2 - BHO: adsoftinc - {d86d9dfe-b5f4-c9eb-9202-3ea0fcbd9a15} - C:\Windows\system32\nsh940.dll
O3 - Toolbar: ECO Bar - {10000000-1000-1000-1000-100000000000} - C:\Program Files\IEToolbar\ECO Bar\ecobar.dll
O4 - HKLM\..\Run: [kddrhhkufkylsvsei] C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\lrjhfvrimnt.dll"
O4 - HKLM\..\Run: [dtsdespp] "C:\Users\Philip\AppData\Local\dtsdespp\dtsdespp.exe"
Close all other windows including browser and press Fix checked.

Step 4

Download OTMoveIt3 by Old Timer and save it to your Desktop.
  • Right click on OTMoveIt3.exe and select Run As Administrator to run it. When Windows prompts, please allow it.
  • Copy the lines in the codebox below.
Code: Select all
:Files
C:\Windows\dtadb5800.exe
C:\Program Files\VnrBlock
C:\Program Files\iCheck
C:\Windows\jpog00468.exe
C:\Windows\qrqsf4022.exe
C:\Program Files\IEToolbar
C:\Program Files\ppcbooster
C:\Windows\rebx4718.exe
C:\Windows\system32\cont_adsoftinc-remove.exe
C:\Windows\uwej07504.exe
C:\Program Files\runit
C:\Windows\kaefe8785.exe
C:\Windows\system32\vdkeqavhlfgpzhupb.exe
C:\Windows\gonx7881.exe
C:\Windows\kdiue732.txt
C:\Users\Philip\AppData\Roaming\LimeWire
C:\Program Files\LimeWire
C:\Windows\system32\nsh940.dll
C:\Windows\system32\lrjhfvrimnt.dll
C:\Users\Philip\AppData\Local\dtsdespp

  • Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3

Step 5

Please run RSIT again...
  1. Right click on RSIT.exe and select Run As Administrator to run it. If Windows UAC prompts you, please allow it.
  2. Select 3 months from the drop-down list and click on Continue.
  3. RSIT will start running. When done, a log will be produced.
  4. Please post that log in your next reply.

Step 6

Please post RSIT log and OTMoveIt3 log.
muuli
Regular Member
 
Posts: 690
Joined: February 8th, 2007, 4:01 pm
Location: Finland

Re: Popup & program installation problem - OTMoveIT3 Result

Unread postby philiph » January 14th, 2009, 2:46 pm

========== FILES ==========
File/Folder C:\Windows\dtadb5800.exe not found.
File/Folder C:\Program Files\VnrBlock not found.
File/Folder C:\Program Files\iCheck not found.
File/Folder C:\Windows\jpog00468.exe not found.
File/Folder C:\Windows\qrqsf4022.exe not found.
File/Folder C:\Program Files\IEToolbar not found.
File/Folder C:\Program Files\ppcbooster not found.
File/Folder C:\Windows\rebx4718.exe not found.
File/Folder C:\Windows\system32\cont_adsoftinc-remove.exe not found.
File/Folder C:\Windows\uwej07504.exe not found.
File/Folder C:\Program Files\runit not found.
File/Folder C:\Windows\kaefe8785.exe not found.
File/Folder C:\Windows\system32\vdkeqavhlfgpzhupb.exe not found.
File/Folder C:\Windows\gonx7881.exe not found.
File/Folder C:\Windows\kdiue732.txt not found.
File/Folder C:\Users\Philip\AppData\Roaming\LimeWire not found.
File/Folder C:\Program Files\LimeWire not found.
File/Folder C:\Windows\system32\nsh940.dll not found.
File/Folder C:\Windows\system32\lrjhfvrimnt.dll not found.
File/Folder C:\Users\Philip\AppData\Local\dtsdespp not found.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01142009_184528
philiph
Active Member
 
Posts: 7
Joined: January 11th, 2009, 12:12 pm

Re: Popup & program installation problem - RSIT log

Unread postby philiph » January 14th, 2009, 2:49 pm

Logfile of random's system information tool 1.05 (written by random/random)
Run by Philip at 2009-01-14 18:48:37
Microsoft® Windows Vista™ Business
System drive C: has 34 GB (46%) free of 74 GB
Total RAM: 2038 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:48:40, on 14/01/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
C:\Program Files\FSC\WebCam HotKey Utility\Webcam_HotKey.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe
C:\Program Files\Clickatell Messenger-PRO 3\MessengerPRO.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.EXE
C:\Users\Philip\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Philip.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hitechniques.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [TouchPadHotKey] C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
O4 - HKLM\..\Run: [WebCamHotKey] C:\Program Files\FSC\WebCam HotKey Utility\WebCam_HotKey.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Messenger-PRO 3.lnk = C:\Program Files\Clickatell Messenger-PRO 3\MessengerPRO.exe
O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WirelessSelector.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O13 - Gopher Prefix:
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/ins ... sVista.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GtFix - OptionNV - C:\Program Files\Option\GlobeTrotter Connect\GtFix.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8641 bytes

======Scheduled tasks folder======

C:\Windows\tasks\RegCure Program Check.job
C:\Windows\tasks\RegCure.job
C:\Windows\tasks\User_Feed_Synchronization-{ABDE84A1-8CA4-42B3-857E-46A1B346C483}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-09-02 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-07 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-10-19 2549368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-19 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-07-07 2055960]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-10-19 2549368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-09-07 1006264]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-05-10 869936]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-06-13 4489216]
"Skytel"=C:\Windows\Skytel.exe [2007-05-28 1826816]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784]
"TouchPadHotKey"=C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe [2007-06-26 360448]
"WebCamHotKey"=C:\Program Files\FSC\WebCam HotKey Utility\WebCam_HotKey.exe [2007-06-26 376832]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-02 1261336]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-10 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-04-05 1232896]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-19 39408]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe [2008-06-17 1249280]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-10-02 1124352]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
WirelessSelector.lnk - C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe

C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Messenger-PRO 3.lnk - C:\Program Files\Clickatell Messenger-PRO 3\MessengerPRO.exe
Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 3 months======

2009-01-14 18:43:26 ----D---- C:\_OTMoveIt
2009-01-13 18:00:49 ----D---- C:\rsit
2009-01-11 15:53:52 ----D---- C:\Program Files\Trend Micro
2009-01-11 15:02:42 ----D---- C:\Program Files\Brain Workshop A
2009-01-10 22:53:37 ----A---- C:\Windows\system32\javaws.exe
2009-01-10 22:53:37 ----A---- C:\Windows\system32\deploytk.dll
2009-01-10 22:53:36 ----A---- C:\Windows\system32\javaw.exe
2009-01-10 22:53:36 ----A---- C:\Windows\system32\java.exe
2009-01-10 22:53:13 ----D---- C:\Program Files\Java
2009-01-10 22:45:36 ----D---- C:\Program Files\Windows Installer Clean Up
2009-01-10 22:29:11 ----D---- C:\Program Files\RegCure
2009-01-02 16:11:17 ----A---- C:\Windows\system32\mshtml.dll
2009-01-02 16:09:52 ----A---- C:\Windows\system32\tzres.dll
2009-01-02 16:06:30 ----A---- C:\Windows\system32\urlmon.dll
2009-01-02 16:06:30 ----A---- C:\Windows\system32\ieframe.dll
2009-01-02 16:06:29 ----A---- C:\Windows\system32\wininet.dll
2009-01-02 16:06:29 ----A---- C:\Windows\system32\mstime.dll
2009-01-02 16:06:29 ----A---- C:\Windows\system32\mshtmled.dll
2009-01-02 16:06:29 ----A---- C:\Windows\system32\ieui.dll
2009-01-02 16:06:29 ----A---- C:\Windows\system32\iernonce.dll
2009-01-02 16:06:29 ----A---- C:\Windows\system32\ieapfltr.dll
2009-01-02 16:06:29 ----A---- C:\Windows\system32\ie4uinit.exe
2009-01-02 16:06:29 ----A---- C:\Windows\system32\dxtrans.dll
2009-01-02 16:06:29 ----A---- C:\Windows\system32\advpack.dll
2009-01-02 16:06:28 ----A---- C:\Windows\system32\pngfilt.dll
2009-01-02 16:06:28 ----A---- C:\Windows\system32\jsproxy.dll
2009-01-02 16:06:28 ----A---- C:\Windows\system32\ieUnatt.exe
2009-01-02 16:06:28 ----A---- C:\Windows\system32\iesetup.dll
2009-01-02 16:06:28 ----A---- C:\Windows\system32\iertutil.dll
2009-01-02 16:06:28 ----A---- C:\Windows\system32\icardie.dll
2009-01-02 16:06:28 ----A---- C:\Windows\system32\dxtmsft.dll
2009-01-02 16:06:18 ----A---- C:\Windows\system32\gameux.dll
2009-01-02 16:06:17 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-01-02 16:06:17 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-01-02 16:06:05 ----A---- C:\Windows\system32\shell32.dll
2009-01-02 16:04:20 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-01-02 16:04:20 ----A---- C:\Windows\system32\WMNetMgr.dll
2009-01-02 16:04:20 ----A---- C:\Windows\system32\mf.dll
2009-01-02 16:04:19 ----A---- C:\Windows\system32\rrinstaller.exe
2009-01-02 16:04:19 ----A---- C:\Windows\system32\mfps.dll
2009-01-02 16:04:19 ----A---- C:\Windows\system32\mfpmp.exe
2009-01-02 16:04:19 ----A---- C:\Windows\system32\mferror.dll
2009-01-02 16:04:19 ----A---- C:\Windows\system32\logagent.exe
2009-01-02 16:04:16 ----A---- C:\Windows\system32\gdi32.dll
2009-01-02 16:04:12 ----A---- C:\Windows\explorer.exe
2008-12-05 22:42:55 ----A---- C:\Windows\system32\perf-ReportServer$SQLEXPRESS-rsctr.dll
2008-12-05 22:40:24 ----A---- C:\Windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2008-12-05 22:40:00 ----A---- C:\Windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2008-12-05 22:38:18 ----D---- C:\Program Files\Microsoft Analysis Services
2008-12-05 22:34:11 ----D---- C:\Program Files\Common Files\Merge Modules
2008-12-05 22:29:11 ----D---- C:\Program Files\Microsoft SDKs
2008-12-05 22:28:47 ----D---- C:\Program Files\Microsoft Synchronization Services
2008-12-05 22:26:20 ----D---- C:\Windows\system32\RsFx
2008-12-05 22:25:59 ----D---- C:\Program Files\Microsoft Sync Framework
2008-12-05 22:25:39 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2008-12-05 22:24:52 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2008-12-05 22:24:30 ----D---- C:\Windows\system32\1033
2008-12-05 22:24:04 ----D---- C:\Program Files\Microsoft.NET
2008-12-05 19:28:02 ----D---- C:\Windows\PCHEALTH
2008-12-05 19:26:12 ----D---- C:\Program Files\Microsoft SQL Server
2008-12-05 19:23:00 ----D---- C:\Windows\system32\WindowsPowerShell
2008-12-05 19:11:57 ----A---- C:\Windows\system32\msimsg.dll
2008-12-05 19:11:57 ----A---- C:\Windows\system32\msihnd.dll
2008-12-05 19:11:57 ----A---- C:\Windows\system32\msiexec.exe
2008-12-05 19:11:57 ----A---- C:\Windows\system32\msi.dll
2008-12-05 18:20:13 ----A---- C:\Windows\system32\infocardapi.dll
2008-12-05 18:20:12 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2008-12-05 18:20:11 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2008-12-05 18:20:11 ----A---- C:\Windows\system32\icardres.dll
2008-12-05 18:20:11 ----A---- C:\Windows\system32\icardagt.exe
2008-12-05 18:20:08 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2008-12-05 18:20:03 ----A---- C:\Windows\system32\PresentationHost.exe
2008-12-05 18:09:31 ----A---- C:\Windows\system32\dfshim.dll
2008-12-05 18:09:26 ----A---- C:\Windows\system32\mscoree.dll
2008-12-05 18:09:25 ----A---- C:\Windows\system32\netfxperf.dll
2008-12-05 18:09:12 ----A---- C:\Windows\system32\mscorier.dll
2008-12-05 18:09:08 ----A---- C:\Windows\system32\mscories.dll
2008-11-30 17:27:00 ----D---- C:\Users\Philip\AppData\Roaming\Netscape
2008-11-30 17:27:00 ----D---- C:\Program Files\Photodex Presenter
2008-11-29 16:54:48 ----D---- C:\Users\Philip\AppData\Roaming\PC Suite
2008-11-29 16:54:33 ----D---- C:\Users\Philip\AppData\Roaming\Nokia
2008-11-29 16:54:33 ----D---- C:\ProgramData\PC Suite
2008-11-29 16:53:09 ----D---- C:\Program Files\Common Files\PCSuite
2008-11-29 16:53:09 ----D---- C:\Program Files\Common Files\Nokia
2008-11-29 16:52:50 ----D---- C:\Program Files\DIFX
2008-11-29 16:50:36 ----D---- C:\Program Files\PC Connectivity Solution
2008-11-29 16:47:02 ----D---- C:\Program Files\Nokia
2008-11-29 16:47:02 ----A---- C:\Windows\system32\nmwcdcls.dll
2008-11-29 16:46:13 ----D---- C:\ProgramData\Installations
2008-11-27 21:29:12 ----D---- C:\Program Files\MSECACHE
2008-11-27 21:18:18 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2008-11-27 21:18:18 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2008-11-27 21:18:18 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-27 21:17:41 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-27 21:17:41 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-27 21:17:41 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-27 21:16:30 ----A---- C:\Windows\system32\connect.dll
2008-11-26 16:01:16 ----D---- C:\Program Files\Adobe
2008-11-25 17:46:54 ----A---- C:\Windows\system32\wups2.dll
2008-11-25 17:46:54 ----A---- C:\Windows\system32\wucltux.dll
2008-11-25 17:46:54 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-25 17:46:54 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-25 17:46:28 ----A---- C:\Windows\system32\wups.dll
2008-11-25 17:46:28 ----A---- C:\Windows\system32\wudriver.dll
2008-11-25 17:46:28 ----A---- C:\Windows\system32\wuapi.dll
2008-11-25 17:46:16 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-25 17:46:16 ----A---- C:\Windows\system32\wuapp.exe
2008-11-20 13:44:30 ----A---- C:\Windows\system32\gpprefcl.dll
2008-11-18 10:04:01 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-11-18 10:04:01 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-11-18 10:02:56 ----A---- C:\Windows\system32\msxml3.dll
2008-11-18 10:02:55 ----A---- C:\Windows\system32\msxml3r.dll
2008-11-18 10:02:42 ----A---- C:\Windows\system32\netapi32.dll
2008-11-18 10:02:16 ----A---- C:\Windows\system32\win32spl.dll
2008-11-18 10:02:16 ----A---- C:\Windows\system32\printcom.dll
2008-11-18 10:02:13 ----A---- C:\Windows\system32\msxml6r.dll
2008-11-18 10:02:13 ----A---- C:\Windows\system32\msxml6.dll
2008-11-06 15:52:43 ----D---- C:\ProgramData\HP Product Assistant
2008-11-04 15:41:56 ----D---- C:\Program Files\Clickatell Messenger-PRO 3
2008-10-25 21:35:41 ----D---- C:\Users\Philip\AppData\Roaming\KeePass
2008-10-25 21:27:19 ----D---- C:\Program Files\KeePass Password Safe
2008-10-19 13:12:45 ----D---- C:\Users\Philip\AppData\Roaming\Google
2008-10-19 13:10:49 ----D---- C:\ProgramData\Google
2008-10-19 13:10:20 ----D---- C:\ProgramData\Google Updater
2008-10-19 13:10:16 ----D---- C:\Program Files\Google

======List of files/folders modified in the last 3 months======

2009-01-14 18:48:39 ----D---- C:\Windows\Temp
2009-01-14 18:47:45 ----D---- C:\Windows\Prefetch
2009-01-14 18:43:28 ----RD---- C:\Program Files
2009-01-14 18:43:26 ----D---- C:\Windows
2009-01-14 18:35:08 ----D---- C:\Windows\system32\catroot
2009-01-14 18:35:05 ----D---- C:\Windows\winsxs
2009-01-14 18:30:59 ----D---- C:\Windows\System32
2009-01-14 09:03:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-01-14 09:03:54 ----D---- C:\Windows\inf
2009-01-13 20:03:31 ----D---- C:\System Volume Information
2009-01-11 14:54:07 ----D---- C:\Windows\Tasks
2009-01-11 14:54:07 ----D---- C:\Windows\system32\Tasks
2009-01-11 14:36:58 ----HD---- C:\$AVG8.VAULT$
2009-01-10 22:53:57 ----SHD---- C:\Windows\Installer
2009-01-06 21:46:26 ----SD---- C:\Users\Philip\AppData\Roaming\Microsoft
2009-01-03 18:01:52 ----ASH---- C:\Program Files\desktop.ini
2009-01-03 17:59:35 ----D---- C:\Program Files\Windows Mail
2009-01-03 17:59:34 ----D---- C:\Windows\AppPatch
2009-01-03 17:59:33 ----D---- C:\Windows\system32\en-US
2009-01-03 17:59:32 ----D---- C:\Program Files\Internet Explorer
2009-01-03 17:59:31 ----D---- C:\Windows\system32\migration
2009-01-02 16:10:31 ----D---- C:\Windows\system32\catroot2
2008-12-09 23:24:37 ----A---- C:\Windows\system32\mrt.exe
2008-12-05 23:46:20 ----D---- C:\Windows\Microsoft.NET
2008-12-05 23:46:14 ----RSD---- C:\Windows\assembly
2008-12-05 22:40:57 ----SD---- C:\ProgramData\Microsoft
2008-12-05 22:37:38 ----D---- C:\ProgramData\Microsoft Help
2008-12-05 22:34:36 ----D---- C:\Program Files\Common Files\microsoft shared
2008-12-05 22:34:11 ----D---- C:\Program Files\Common Files
2008-12-05 22:32:21 ----D---- C:\Program Files\Microsoft Office
2008-12-05 22:26:20 ----D---- C:\Windows\system32\drivers
2008-12-05 19:17:47 ----D---- C:\Windows\system32\uk-UA
2008-12-05 19:17:47 ----D---- C:\Windows\system32\pt-PT
2008-12-05 19:17:47 ----D---- C:\Windows\system32\pt-BR
2008-12-05 19:17:47 ----D---- C:\Windows\system32\pl-PL
2008-12-05 19:17:47 ----D---- C:\Windows\system32\ko-KR
2008-12-05 19:17:47 ----D---- C:\Windows\system32\it-IT
2008-12-05 19:17:47 ----D---- C:\Windows\system32\he-IL
2008-12-05 19:17:47 ----D---- C:\Windows\system32\bg-BG
2008-12-05 19:17:46 ----D---- C:\Windows\system32\zh-TW
2008-12-05 19:17:46 ----D---- C:\Windows\system32\zh-CN
2008-12-05 19:17:46 ----D---- C:\Windows\system32\tr-TR
2008-12-05 19:17:46 ----D---- C:\Windows\system32\th-TH
2008-12-05 19:17:46 ----D---- C:\Windows\system32\sv-SE
2008-12-05 19:17:46 ----D---- C:\Windows\system32\sr-Latn-CS
2008-12-05 19:17:46 ----D---- C:\Windows\system32\sl-SI
2008-12-05 19:17:46 ----D---- C:\Windows\system32\sk-SK
2008-12-05 19:17:46 ----D---- C:\Windows\system32\ru-RU
2008-12-05 19:17:46 ----D---- C:\Windows\system32\ro-RO
2008-12-05 19:17:46 ----D---- C:\Windows\system32\nl-NL
2008-12-05 19:17:46 ----D---- C:\Windows\system32\nb-NO
2008-12-05 19:17:46 ----D---- C:\Windows\system32\lv-LV
2008-12-05 19:17:46 ----D---- C:\Windows\system32\lt-LT
2008-12-05 19:17:46 ----D---- C:\Windows\system32\ja-JP
2008-12-05 19:17:46 ----D---- C:\Windows\system32\hu-HU
2008-12-05 19:17:46 ----D---- C:\Windows\system32\hr-HR
2008-12-05 19:17:46 ----D---- C:\Windows\system32\fr-FR
2008-12-05 19:17:46 ----D---- C:\Windows\system32\fi-FI
2008-12-05 19:17:46 ----D---- C:\Windows\system32\et-EE
2008-12-05 19:17:46 ----D---- C:\Windows\system32\es-ES
2008-12-05 19:17:46 ----D---- C:\Windows\system32\el-GR
2008-12-05 19:17:46 ----D---- C:\Windows\system32\de-DE
2008-12-05 19:17:46 ----D---- C:\Windows\system32\da-DK
2008-12-05 19:17:46 ----D---- C:\Windows\system32\cs-CZ
2008-12-05 19:17:46 ----D---- C:\Windows\system32\ar-SA
2008-12-05 18:45:16 ----D---- C:\Windows\system32\XPSViewer
2008-12-05 18:45:16 ----D---- C:\Windows\system32\wbem
2008-11-30 17:27:14 ----RSD---- C:\Windows\Fonts
2008-11-30 17:27:03 ----SD---- C:\Windows\Downloaded Program Files
2008-11-30 17:27:00 ----D---- C:\Users\Philip\AppData\Roaming\Mozilla
2008-11-30 17:14:13 ----D---- C:\Program Files\Mozilla Firefox
2008-11-29 16:54:33 ----HD---- C:\ProgramData
2008-11-29 16:52:48 ----DC---- C:\Windows\system32\DRVSTORE
2008-11-27 21:47:11 ----A---- C:\Windows\win.ini
2008-11-27 19:55:28 ----D---- C:\Windows\ShellNew
2008-11-27 17:44:47 ----D---- C:\Program Files\Common Files\System
2008-11-26 16:01:20 ----D---- C:\ProgramData\Adobe
2008-11-26 16:01:16 ----D---- C:\Program Files\Common Files\Adobe
2008-11-20 13:33:35 ----D---- C:\Program Files\Microsoft Silverlight
2008-10-29 22:56:21 ----D---- C:\Windows\Minidump
2008-10-19 16:24:01 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2008-09-02 97928]
R1 AvgMfx86;AVG Minifilter x86 Resident Driver; C:\Windows\System32\Drivers\avgmfx86.sys [2008-07-07 26824]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2007-09-07 320000]
R1 RsFx0102;RsFx0102 Driver; C:\Windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R2 Sentinel;Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [2007-04-27 90688]
R2 zntport;NTPort Library Driver; \??\C:\Windows\system32\drivers\zntport.sys [2001-01-22 6080]
R3 acpi_contactor;acpi_contactor Driver; C:\Windows\system32\DRIVERS\acpi_contactor_vista.sys [2007-04-13 7680]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-05-07 767488]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-04-29 19456]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-04-05 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-06-12 1787816]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-22 982272]
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2006-11-02 9216]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-05-10 187320]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2006-11-02 132352]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-05-03 245248]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2008-03-13 57536]
S3 FTSER2K;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys [2008-03-13 72000]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 Ser2pl;%Serial.SVCDESC%; C:\Windows\system32\DRIVERS\ser2pl.sys [2003-02-19 41344]
S3 SNTNLUSB;SafeNet USB SuperPro/UltraPro/HardwareKey; C:\Windows\system32\DRIVERS\SNTNLUSB.SYS [2007-04-27 35328]
S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2007-02-22 113920]
S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]
S3 tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2007-02-28 41344]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S4 toshidpt;Bluetooth HID Port; C:\Windows\system32\drivers\toshidpt.sys [2005-07-11 3712]
S4 tosporte;Bluetooth COM Port; C:\Windows\system32\drivers\tosporte.sys [2006-10-10 41600]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-02 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 GtFix;GtFix; C:\Program Files\Option\GlobeTrotter Connect\GtFix.exe [2007-07-13 114688]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-19 168432]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-08-11 40999448]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 ReportServer$SQLEXPRESS;SQL Server Reporting Services (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSRS10.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2008-07-10 1106968]
R2 SentinelKeysServer;Sentinel Keys Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2007-04-27 316992]
R2 SentinelProtectionServer;Sentinel Protection Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2007-04-27 206400]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
R3 MSSQLFDLauncher$SQLEXPRESS;SQL Full-text Filter Daemon Launcher (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [2008-07-10 31256]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S2 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-08-11 369688]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2006-11-02 521216]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-08-11 47128]
S3 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2007-09-07 562176]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2008-07-29 3201024]

-----------------EOF-----------------
philiph
Active Member
 
Posts: 7
Joined: January 11th, 2009, 12:12 pm

Re: Popup & program installation problem

Unread postby muuli » January 15th, 2009, 3:23 pm

Hi,

How your computer running now?

Step 1

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Step 2

Please post a fresh HijackThis log and Malwarebytes' Anti-Malware log.
muuli
Regular Member
 
Posts: 690
Joined: February 8th, 2007, 4:01 pm
Location: Finland

Re: Popup & program installation problem - mbam log

Unread postby philiph » January 16th, 2009, 2:30 pm

PC running much better, and popups have stopped. Many thanks.

Malwarebytes' Anti-Malware 1.33
Database version: 1656
Windows 6.0.6000

16/01/2009 18:27:47
mbam-log-2009-01-16 (18-27-47).txt

Scan type: Full Scan (C:\|F:\|G:\|)
Objects scanned: 167392
Time elapsed: 3 hour(s), 53 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
philiph
Active Member
 
Posts: 7
Joined: January 11th, 2009, 12:12 pm

Re: Popup & program installation problem - Hijackthis Log

Unread postby philiph » January 16th, 2009, 2:41 pm

Do you have any idea why AVG did not recognise the trojan in Regcure?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:39:24, on 16/01/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
C:\Program Files\FSC\WebCam HotKey Utility\Webcam_HotKey.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe
C:\Program Files\Clickatell Messenger-PRO 3\MessengerPRO.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hitechniques.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [TouchPadHotKey] C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
O4 - HKLM\..\Run: [WebCamHotKey] C:\Program Files\FSC\WebCam HotKey Utility\WebCam_HotKey.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Messenger-PRO 3.lnk = C:\Program Files\Clickatell Messenger-PRO 3\MessengerPRO.exe
O4 - Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WirelessSelector.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O13 - Gopher Prefix:
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/ins ... sVista.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GtFix - OptionNV - C:\Program Files\Option\GlobeTrotter Connect\GtFix.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8514 bytes
philiph
Active Member
 
Posts: 7
Joined: January 11th, 2009, 12:12 pm

Re: Popup & program installation problem

Unread postby muuli » January 16th, 2009, 3:31 pm

Hi,

philiph wrote:Do you have any idea why AVG did not recognise the trojan in Regcure?

Because Regcure is a clean software...

Step 1

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo (Uncheck during installation "Install COMODO Antivirus (Recommended)"!, "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor
3) PC Tools
4) Sunbelt/Kerio
5) ZoneAlarm (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Step 2

Update Adobe Reader

  1. Please uninstall Adobe Reader 8.1.3 before installing the latest version by going to Start > Control Panel and double clicking on Add/Remove Programs. Locate Adobe Reader 8.1.3 and click on Change/Remove to uninstall it.
  2. Click here to download the latest version of Adobe Acrobat Reader.
  3. Select your Windows version and click on Download. If you are using Internet Explorer, you will receive prompts. Allow the installation to be ran and it will be installed automatically for you.

    If you are using other browsers, it will prompt you to save a file. Save this file to your desktop and run it to install the latest version of Adobe Reader.
  4. Close your Internet browser and open it again.

If you don't like Adobe Reader, you can try Foxit PDF Reader. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Step 3

Please post a fresh HijackThis log.
muuli
Regular Member
 
Posts: 690
Joined: February 8th, 2007, 4:01 pm
Location: Finland

Re: Popup & program installation problem

Unread postby muuli » January 20th, 2009, 12:38 pm

Hello!

Do you still need help?

It has been three days since my last post.

Do you still need help with this?
Do you need more time?
Are you having problems following my instructions?

Note: If after 48hrs you have not replied to this thread then it will have to be CLOSED!
muuli
Regular Member
 
Posts: 690
Joined: February 8th, 2007, 4:01 pm
Location: Finland

Re: Popup & program installation problem

Unread postby Shaba » January 23rd, 2009, 7:04 am

Due to lack of Response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 91 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware