Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

RV HOST HELP>> how to remove RVHOST

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

RV HOST HELP>> how to remove RVHOST

Unread postby pebbels » March 13th, 2009, 2:08 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:03:22 PM, on 3/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\XpertVision\TBPanel.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\PROGRA~1\SYMANT~1\VPTray.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
D:\Program Files\dvd43\dvd43_tray.exe
D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
D:\PROGRA~1\AVG\AVG8\avgtray.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\DNA\btdna.exe
D:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
D:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
D:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\PROGRA~1\AVG\AVG8\aAvgApi.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\LimeWire\LimeWire.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=Explorer.exe RVHOST.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Gainward] D:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [D-Link AirPlus G] D:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] D:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [dvd43] D:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "D:\Program Files\DNA\btdna.exe"
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = D:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: D:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll D:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - D:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - D:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - D:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - D:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 11003 bytes
pebbels
Regular Member
 
Posts: 26
Joined: March 13th, 2009, 2:04 am
Advertisement
Register to Remove

Re: RV HOST HELP>> how to remove RVHOST

Unread postby peku006 » March 16th, 2009, 2:23 pm

Hello and welcome to Malware Removal.

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:

  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Please continue to respond until I give you the "All Clear"

If you follow these instructions, everything should go smoothly.

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitTorrent DNA

I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).NOW

1 - download and run RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

2 - Status Check
Please reply with

1.the logs from RSIT (log.txt ,info.txt)

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: RV HOST HELP>> how to remove RVHOST

Unread postby pebbels » March 17th, 2009, 2:57 am

the logs from RSIT (log.txt ,info.txt)

info.txt logfile of random's system information tool 1.05 2009-03-17 17:56:12

======Uninstall list======

-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->MsiExec.exe /I{71EEA108-09C9-4D81-8FA2-D48C70681242}
-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9
-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{21B6F79B-2286-4BB0-B1E3-BA6B9498D110}\setup.exe" -l0x9
-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9
-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{6504C153-A24C-4C10-A5B6-FE5CEF9141D9}\Setup.exe" -l0x9
-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9
-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9
-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{D3568156-59C3-42DF-A520-2C25B6706C91}\setup.exe" -l0x9
-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0-->D:\WINDOWS\ISUNINST.EXE -f"D:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"D:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 ActiveX-->D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->D:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->D:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Ahead InCD EasyWrite Reader-->D:\WINDOWS\UNMrw.exe /UNINSTALL
Ahead InCD-->D:\WINDOWS\NuNInst.exe /UNINSTALL
Ahead NeroMediaPlayer-->D:\WINDOWS\UNNMP.exe /UNINSTALL
AirPlus G-->D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{2B7E4354-0492-460A-BDB1-1F59EE141025} /l1033
ANIO Service-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe"
ANIWZCS2 Service-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe"
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoImpression-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{6C5D7191-140A-11D6-B5A0-0050DA208A93}\setup.exe" -l0x9 -uninst
ArcSoft PhotoImpression-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{E142615E-5ED8-4511-9BF0-0284BFA25766}\Setup.exe" -l0x9 -uninst
ArcSoft VideoImpression 1.6-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{ED10343F-D30A-4200-9B00-665FC45F52B4}\Setup.exe" -l0x9 -uninst
ASUSDVD-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
AVG Free 8.0-->D:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AviSynth 2.5-->"D:\Program Files\AviSynth 2.5\Uninstall.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Cell Phone Video Converter 1.5-->"D:\Program Files\AnMing\cellphonevideo\unins000.exe"
Cheetah DVD Burner-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}\Setup.exe"
CIF USB CAMERA-->D:\WINDOWS\CleanDev.exe D:\WINDOWS\DC3110.txt
ClassPad OS Update-->MsiExec.exe /X{FEF2CDCC-8ECE-4B65-AAD9-BD42E654A78B}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Condition Zero-->D:\WINDOWS\Condition Zero Uninstaller.exe
Critical Update for Windows Media Player 11 (KB959772)-->"D:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DealBook 360-->MsiExec.exe /X{E56B8E1D-8E90-46DC-AE55-EBA87ED69A5F}
Defraggler (remove only)-->"D:\Program Files\Defraggler\uninst.exe"
DVD Shrink 3.2-->"D:\Program Files\DVD Shrink\unins000.exe"
DVD43 v4.4.0-->"D:\Program Files\dvd43\unins000.exe"
EPSON Copy Utility-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" -l0x9 ADDREMOVEDLG
EPSON Photo Print-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{9391F2BC-B6F3-4AAC-82CC-5A74A4ED388E}\setup.exe" -l0x9 MyUninstall
EPSON PhotoQuicker3.2-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{B2EFE303-A594-11D5-95EB-005004BC1C65}\setup.exe" uninst
EPSON Printer Software-->D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Smart Panel-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\setup.exe" -l0x9 Uninstall
EPSON TWAIN 5-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\setup.exe" -l0x9 UNINSTALL
Far Cry 2-->"D:\Program Files\InstallShield Installation Information\{F2835483-37F2-4123-B4FE-0E77D58447F2}\setup.exe" -runfromtemp -l0x0009 -removeonly
FLV Player 2.0 (build 25)-->D:\Program Files\FLV Player\uninst.exe
GenieSoft Overture v4.0.2-->"D:\Program Files\GenieSoft\Overture 4.0\Uninstall\unins000.exe"
Gogo DVD To 3gp Converter-->"D:\Program Files\Gogo DVD to 3gp Converter\unins000.exe"
Google Desktop-->D:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
High Definition Audio Driver Package - KB888111-->"D:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"D:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"D:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"D:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel(R) Management Engine Interface-->D:\WINDOWS\system32\heciudlg.exe -uninstall
Intel(R) PRO Network Connections 12.1.2.9-->MsiExec.exe /i{777CA40C-0206-4EF6-A0FC-618BF06BF8D0} ARPREMOVE=1
iPhone/iTouch/iPod to Computer Transfer 3.9.2-->"D:\Program Files\Cucusoft\iPod to Computer\unins000.exe"
iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LimeWire 5.0.11-->"D:\Program Files\LimeWire\uninstall.exe"
Little Fighter 2 1.9c-->D:\Program Files\LittleFighter2\LF2_v1.9c\uninst.exe
LiveUpdate 2.0 (Symantec Corporation)-->D:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
MessengerDiscovery 1.5.0800-->"D:\Program Files\MessengerDiscovery\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"D:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"D:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"D:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"D:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MobileMe Control Panel-->MsiExec.exe /I{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}
Mozilla Firefox (3.0.7)-->D:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
muvee autoProducer 3.5 magicMoments-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{68AD6F25-07A0-4CFE-9555-A30633329B08}\Setup.exe" -l0x9
Nero - Burning Rom-->MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
NVIDIA Drivers-->D:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA WDM Drivers-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}\setup.exe"
OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}
Overture 3.1.0-->MsiExec.exe /I{C051FA6B-9A66-4AB9-A89A-7DC7559FF547}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Photo Manager-->D:\PROGRA~1\PHOTOM~1\UNWISE.EXE D:\PROGRA~1\PHOTOM~1\INSTALL.LOG
PowerDirector-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" -uninstall
PunkBuster Services-->D:\WINDOWS\system32\pbsvc.exe -u
QuickBooks EasyStart Lite 2008-09-->msiexec.exe /I {71EEA108-09C9-4D81-8FA2-D48C70681242} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks EasyStart Lite 2008-09" ADDREMOVE=1
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek High Definition Audio Driver-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
ScanToWeb-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB938127)-->"D:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"D:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"D:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"D:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"D:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"D:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"D:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"D:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"D:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"D:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"D:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"D:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"D:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"D:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"D:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"D:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"D:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"D:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"D:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"D:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"D:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"D:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"D:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"D:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"D:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"D:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"D:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"D:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"D:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"D:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"D:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"D:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"D:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"D:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"D:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"D:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"D:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"D:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
SupportSoft Assisted Service-->MsiExec.exe /I{5A3F6A80-7913-475E-8B96-477A952CFA43}
Symantec AntiVirus-->MsiExec.exe /I{848AC794-8B81-440A-81AE-6474337DB527}
The Sims 2 Open For Business-->D:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
The Sims 2-->D:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims™ 2 Bon Voyage-->D:\Program Files\EA GAMES\The Sims 2 Bon Voyage\EAUninstall.exe
The Sims™ 2 Kitchen & Bath Interior Design Stuff-->D:\Program Files\EA GAMES\The Sims 2 Kitchen & Bath Interior Design Stuff\EAUninstall.exe
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Update for Windows XP (KB951072-v2)-->"D:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"D:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"D:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"D:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VeohTV BETA-->D:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
Videora iPod Converter 4.03-->D:\Program Files\Red Kawa\Video Converter App\uninstaller.exe
VSO CopyToDVD 4-->"D:\Program Files\VSO\unins000.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Media Format 11 runtime-->"D:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"D:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"D:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"D:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"D:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->D:\Program Files\WinRAR\uninstall.exe
XpertVision 5.1-->"D:\Program Files\XpertVision\unins000.exe"
Xvid 1.1.3 final uninstall-->"D:\Program Files\Xvid\unins000.exe"

======Security center information======

AV: AVG Anti-Virus Free

System event log

Computer Name: 8F9F7E36E6E1426
Event Code: 7036
Message: The Remote Access Connection Manager service entered the running state.

Record Number: 5
Source Name: Service Control Manager
Time Written: 20090317075316.000000+660
Event Type: information
User:

Computer Name: 8F9F7E36E6E1426
Event Code: 7035
Message: The Remote Access Connection Manager service was successfully sent a start control.

Record Number: 4
Source Name: Service Control Manager
Time Written: 20090317075316.000000+660
Event Type: information
User: 8F9F7E36E6E1426\flying saucer

Computer Name: 8F9F7E36E6E1426
Event Code: 7036
Message: The Telephony service entered the running state.

Record Number: 3
Source Name: Service Control Manager
Time Written: 20090317075316.000000+660
Event Type: information
User:

Computer Name: 8F9F7E36E6E1426
Event Code: 7036
Message: The Office Source Engine service entered the running state.

Record Number: 2
Source Name: Service Control Manager
Time Written: 20090317075258.000000+660
Event Type: information
User:

Computer Name: 8F9F7E36E6E1426
Event Code: 7035
Message: The Office Source Engine service was successfully sent a start control.

Record Number: 1
Source Name: Service Control Manager
Time Written: 20090317075258.000000+660
Event Type: information
User: 8F9F7E36E6E1426\flying saucer

Application event log

Computer Name: 8F9F7E36E6E1426
Event Code: 1
Message:
Record Number: 5
Source Name: Bonjour Service
Time Written: 20090317174300.000000+660
Event Type: information
User:

Computer Name: 8F9F7E36E6E1426
Event Code: 1
Message: Application started

Record Number: 4
Source Name: ccEvtMgr
Time Written: 20090317174228.000000+660
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: 8F9F7E36E6E1426
Event Code: 26
Message: Application starting

Record Number: 3
Source Name: ccEvtMgr
Time Written: 20090317174228.000000+660
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: 8F9F7E36E6E1426
Event Code: 1
Message: Application started

Record Number: 2
Source Name: ccSetMgr
Time Written: 20090317174228.000000+660
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: 8F9F7E36E6E1426
Event Code: 26
Message: Application starting

Record Number: 1
Source Name: ccSetMgr
Time Written: 20090317174228.000000+660
Event Type: information
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;D:\Program Files\Intel\DMIX;D:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0f02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;D:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=D:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
Logfile of random's system information tool 1.05 (written by random/random)
Run by flying saucer at 2009-03-17 17:55:58
Microsoft Windows XP Professional Service Pack 3
System drive D: has 293 GB (77%) free of 382 GB
Total RAM: 2030 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:56:10 PM, on 3/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\XpertVision\TBPanel.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\PROGRA~1\SYMANT~1\VPTray.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
D:\Program Files\dvd43\dvd43_tray.exe
D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
D:\PROGRA~1\AVG\AVG8\avgtray.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\DNA\btdna.exe
D:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
D:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
D:\Program Files\iPod\bin\iPodService.exe
D:\PROGRA~1\AVG\AVG8\aAvgApi.exe
D:\Program Files\AVG\AVG8\avgcsrvx.exe
D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
D:\Program Files\AVG\AVG8\avgcsrvx.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\WINDOWS\system32\msiexec.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\flying saucer\My Documents\RSIT.exe
D:\Program Files\Trend Micro\HijackThis\flying saucer.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: Shell=Explorer.exe RVHOST.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Gainward] D:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [D-Link AirPlus G] D:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] D:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [dvd43] D:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "D:\Program Files\DNA\btdna.exe"
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = D:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: D:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll D:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - D:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - D:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - D:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - D:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 10579 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\1-Click Maintenance.job
D:\WINDOWS\tasks\AppleSoftwareUpdate.job
D:\WINDOWS\tasks\OGADaily.job
D:\WINDOWS\tasks\OGALogon.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - D:\Program Files\AVG\AVG8\avgssie.dll [2009-02-05 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - D:\Program Files\Java\jre6\bin\ssv.dll [2008-12-29 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-02-05 1968920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-29 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-29 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - D:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-09-26 352256]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2009-02-05 1968920]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"PHIME2002ASync"=D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"RTHDCPL"=D:\WINDOWS\RTHDCPL.EXE [2007-04-01 16125440]
"SkyTel"=D:\WINDOWS\SkyTel.EXE [2007-04-01 2879488]
"Alcmtr"=D:\WINDOWS\ALCMTR.EXE [2007-04-01 69632]
"Gainward"=D:\Program Files\XpertVision\TBPanel.exe [2007-04-23 2165520]
"NvCplDaemon"=D:\WINDOWS\system32\NvCpl.dll [2007-04-13 8429568]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=D:\WINDOWS\system32\NvMcTray.dll [2007-04-13 81920]
"D-Link AirPlus G"=D:\Program Files\D-Link\AirPlus G\AirGCFG.exe [2005-11-23 1544192]
"ANIWZCS2Service"=D:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [2005-10-19 49152]
"NeroCheck"=D:\WINDOWS\system32\NeroCheck.exe [2002-10-08 155648]
"ccApp"=D:\Program Files\Common Files\Symantec Shared\ccApp.exe [2004-02-29 66680]
"vptray"=D:\PROGRA~1\SYMANT~1\VPTray.exe [2004-03-12 124128]
"SunJavaUpdateSched"=D:\Program Files\Java\jre6\bin\jusched.exe [2008-12-29 136600]
"RemoteControl"=D:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe [2004-11-02 32768]
"AppleSyncNotifier"=D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]
"dvd43"=D:\Program Files\dvd43\dvd43_tray.exe [2008-11-17 827904]
"Google Desktop Search"=D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-01-25 240640]
"AVG8_TRAY"=D:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-02-05 1601304]
"QuickTime Task"=D:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"iTunesHelper"=D:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"MsnMsgr"=D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BitTorrent DNA"=D:\Program Files\DNA\btdna.exe [2008-12-18 342848]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office\OSA9.EXE
QuickBooks Update Agent.lnk - D:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="D:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll D:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
D:\WINDOWS\system32\avgrsstx.dll [2009-02-05 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
D:\WINDOWS\system32\NavLogon.dll [2004-03-12 83176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
D:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NofolderOptions"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="D:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"D:\Program Files\Messenger\msmsgs.exe"="D:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire"
"D:\Sierra\Empire Earth - The Art of Conquest\EE-AOC.exe"="D:\Sierra\Empire Earth - The Art of Conquest\EE-AOC.exe:*:Enabled:EE-AOC"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\LimeWire\LimeWire.exe"="D:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\Program Files\Windows Live\Messenger\livecall.exe"="D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\Program Files\LittleFighter2\LF2_v1.9c\lf2.exe"="D:\Program Files\LittleFighter2\LF2_v1.9c\lf2.exe:*:Enabled:lf2"
"D:\Program Files\DNA\btdna.exe"="D:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"D:\Program Files\BitComet\BitComet.exe"="D:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"D:\Program Files\Intuit\QuickBooks 2008-09\QBDBMgrN.exe"="D:\Program Files\Intuit\QuickBooks 2008-09\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager"
"D:\Program Files\AVG\AVG8\avgupd.exe"="D:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Valve\Condition Zero\hl.exe"="C:\Valve\Condition Zero\hl.exe:*:Enabled:Half-Life Launcher"
"D:\WINDOWS\system32\PnkBstrA.exe"="D:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"D:\WINDOWS\system32\PnkBstrB.exe"="D:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\Program Files\DealBook 360\DealBook 360.exe"="D:\Program Files\DealBook 360\DealBook 360.exe:*:Enabled:DealBook 360"
"D:\Program Files\Goiceasoft Studios\Counter Strike 1.8 Goiceasoft\cstrike.exe"="D:\Program Files\Goiceasoft Studios\Counter Strike 1.8 Goiceasoft\cstrike.exe:*:Enabled:CS 1.8 Goiceasoft"
"D:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe"="D:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"
"D:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe"="D:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"D:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe"="D:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor"
"D:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2 3.exe"="D:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2 3.exe:*:Enabled:Far Cry® 2"
"D:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2..exe"="D:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2..exe:*:Enabled:Far Cry® 2"
"D:\Program Files\Bonjour\mDNSResponder.exe"="D:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\Program Files\Ubisoft\Far Cry 2\bin\FC2ServerLauncher.exe"="D:\Program Files\Ubisoft\Far Cry 2\bin\FC2ServerLauncher.exe:*:Enabled:Far Cry® 2 Server Launcher"
"D:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe"="D:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe:*:Enabled:MessengerDiscovery Live the Windows Live Messenger addon"
"D:\Program Files\iTunes\iTunes.exe"="D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Sierra\Empire Earth\Empire Earth.exe"="C:\Program Files\Sierra\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth"
"C:\Program Files\Sierra\Empire Earth - The Art of Conquest\EE-AOC.exe"="C:\Program Files\Sierra\Empire Earth - The Art of Conquest\EE-AOC.exe:*:Enabled:EE-AOC"
"C:\Valve\Condition Zero\hltv.exe"="C:\Valve\Condition Zero\hltv.exe:*:Enabled:HLTV Launcher"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Windows Live\Messenger\msnmsgr.exe"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\Program Files\Windows Live\Messenger\livecall.exe"="D:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35ad4827-7c6c-11dd-b699-001cf09244ed}]
shell\AutoRun\command - bo1dhu.bat
shell\explore\command - bo1dhu.bat
shell\open\command - bo1dhu.bat


======List of files/folders created in the last 1 months======

2009-03-17 17:55:58 ----D---- D:\rsit
2009-03-13 08:04:39 ----D---- D:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2009-03-11 17:06:34 ----HDC---- D:\WINDOWS\$NtUninstallKB960225$
2009-03-11 17:06:31 ----HDC---- D:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-11 17:06:26 ----HDC---- D:\WINDOWS\$NtUninstallKB958690$
2009-03-11 17:06:14 ----HDC---- D:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-09 12:27:43 ----D---- D:\Program Files\LittleFighter2
2009-03-06 17:09:19 ----D---- D:\Program Files\iPod
2009-03-06 17:09:16 ----D---- D:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-03-06 16:50:28 ----D---- D:\mums ipod
2009-03-06 16:01:55 ----D---- D:\WINDOWS\pss
2009-03-06 15:56:33 ----D---- D:\Program Files\Trend Micro
2009-03-06 08:04:23 ----HDC---- D:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-03-04 18:16:43 ----D---- D:\Eric Homework
2009-03-01 12:15:53 ----D---- D:\Program Files\Gogo DVD to 3gp Converter
2009-03-01 12:00:44 ----D---- D:\Program Files\FLV Player
2009-02-28 11:45:40 ----A---- D:\WINDOWS\system32\WNASPI32.DLL
2009-02-28 11:45:38 ----A---- D:\WINDOWS\system32\pthreadGC1.dll
2009-02-28 11:45:38 ----A---- D:\WINDOWS\system32\pncrt.dll
2009-02-28 11:45:38 ----A---- D:\WINDOWS\system32\drv43260.dll
2009-02-28 11:45:37 ----A---- D:\WINDOWS\system32\v2vcovt.dll
2009-02-28 11:45:36 ----D---- D:\Program Files\AnMing
2009-02-28 11:45:36 ----A---- D:\WINDOWS\system32\cellphoneConverter.exe
2009-02-26 18:17:54 ----D---- D:\Program Files\MessengerDiscovery
2009-02-26 18:14:58 ----A---- D:\MDL_1.5.0800.exe
2009-02-25 07:51:23 ----HDC---- D:\WINDOWS\$NtUninstallKB967715$
2009-02-24 19:57:45 ----A---- D:\WINDOWS\GCARD.INI
2009-02-24 16:38:48 ----D---- D:\Canberra
2009-02-22 12:23:50 ----D---- D:\Program Files\LimeWire
2009-02-22 10:23:54 ----D---- D:\Program Files\Ubisoft
2009-02-22 10:15:44 ----HDC---- D:\WINDOWS\$NtUninstallKB929399$
2009-02-22 10:15:25 ----HDC---- D:\WINDOWS\$NtUninstallKB939683$
2009-02-22 10:15:02 ----HDC---- D:\WINDOWS\$NtUninstallKB954154_WM11$
2009-02-22 10:14:53 ----HDC---- D:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-02-21 15:35:20 ----N---- D:\WINDOWS\system32\spmsg.dll
2009-02-21 15:35:19 ----HDC---- D:\WINDOWS\$NtUninstallMSCompPackV1$
2009-02-21 15:35:03 ----D---- D:\Program Files\Windows Media Connect 2
2009-02-21 15:34:53 ----HDC---- D:\WINDOWS\$NtUninstallwmp11$
2009-02-21 15:34:07 ----HDC---- D:\WINDOWS\$NtUninstallWMFDist11$
2009-02-21 15:33:43 ----D---- D:\b699fdd472f7b79be3d7df8870dc3d
2009-02-21 15:33:35 ----HDC---- D:\WINDOWS\$NtUninstallWudf01000$
2009-02-21 15:33:05 ----D---- D:\32b3accbb44f80a59fd4b4

======List of files/folders modified in the last 1 months======

2009-03-17 17:55:38 ----D---- D:\WINDOWS\Prefetch
2009-03-17 17:53:12 ----A---- D:\WINDOWS\DFC.INI
2009-03-17 17:53:05 ----D---- D:\Program Files\BitComet
2009-03-17 17:52:43 ----D---- D:\Documents and Settings\flying saucer\Application Data\DNA
2009-03-17 17:49:53 ----SHD---- D:\WINDOWS\Installer
2009-03-17 17:43:43 ----A---- D:\WINDOWS\SchedLgU.Txt
2009-03-17 17:43:42 ----D---- D:\WINDOWS\Temp
2009-03-17 17:43:37 ----D---- D:\Program Files\Symantec AntiVirus
2009-03-17 17:42:37 ----D---- D:\Program Files\DNA
2009-03-17 07:54:34 ----D---- D:\Program Files\Mozilla Firefox
2009-03-17 07:53:51 ----D---- D:\WINDOWS\system32\CatRoot2
2009-03-17 07:52:34 ----D---- D:\WINDOWS\system32\config
2009-03-16 19:21:29 ----D---- D:\2008-2009 holiday
2009-03-16 18:05:19 ----D---- D:\Documents and Settings\flying saucer\Application Data\LimeWire
2009-03-15 12:44:55 ----HD---- D:\$AVG8.VAULT$
2009-03-13 07:56:04 ----SD---- D:\WINDOWS\Tasks
2009-03-13 07:56:03 ----D---- D:\WINDOWS\system32
2009-03-12 08:01:21 ----D---- D:\ash,eric and dad b'day and city and random
2009-03-11 17:26:22 ----D---- D:\WINDOWS
2009-03-11 17:06:37 ----HD---- D:\WINDOWS\inf
2009-03-11 17:06:36 ----RSHDC---- D:\WINDOWS\system32\dllcache
2009-03-11 17:06:33 ----A---- D:\WINDOWS\imsins.BAK
2009-03-11 17:06:31 ----D---- D:\WINDOWS\WinSxS
2009-03-11 16:37:04 ----HD---- D:\WINDOWS\$hf_mig$
2009-03-09 12:27:43 ----D---- D:\Program Files
2009-03-07 15:20:41 ----D---- D:\My Games
2009-03-06 17:43:40 ----AT---- D:\WINDOWS\system32\SIntfNT.dll
2009-03-06 17:43:40 ----AT---- D:\WINDOWS\system32\SIntf32.dll
2009-03-06 17:43:40 ----AT---- D:\WINDOWS\system32\SIntf16.dll
2009-03-06 17:31:09 ----D---- D:\Warcraft maps
2009-03-06 17:18:29 ----D---- D:\Program Files\TuneUp Utilities 2008
2009-03-06 17:09:43 ----D---- D:\Program Files\iTunes
2009-03-06 17:09:18 ----D---- D:\Program Files\Common Files\Apple
2009-03-06 17:07:57 ----D---- D:\Program Files\QuickTime
2009-03-06 16:55:01 ----SHD---- D:\RECYCLER
2009-03-05 21:50:27 ----SD---- D:\Documents and Settings\All Users\Application Data\Microsoft
2009-03-05 21:50:27 ----D---- D:\Program Files\Common Files\Microsoft Shared
2009-03-03 17:23:14 ----D---- D:\piano sheets
2009-03-01 21:43:27 ----D---- D:\Homework
2009-03-01 12:03:57 ----RD---- D:\My Received Files
2009-03-01 12:03:51 ----D---- D:\CARTOONS
2009-03-01 12:03:20 ----D---- D:\pearly's images
2009-03-01 12:02:55 ----D---- D:\My muvees
2009-02-28 11:45:40 ----D---- D:\WINDOWS\system32\drivers
2009-02-27 23:41:00 ----D---- D:\Documents and Settings\flying saucer\Application Data\Apple Computer
2009-02-27 08:02:53 ----D---- D:\Music
2009-02-27 07:59:23 ----D---- D:\Documents and Settings
2009-02-26 16:40:09 ----D---- D:\WINDOWS\network diagnostic
2009-02-25 18:11:33 ----D---- D:\Documents and Settings\flying saucer\Application Data\Adobe
2009-02-25 06:49:44 ----RSD---- D:\WINDOWS\Fonts
2009-02-25 06:49:44 ----D---- D:\WINDOWS\system
2009-02-24 16:43:24 ----D---- D:\nds games
2009-02-23 19:58:54 ----D---- D:\Program Files\Bonjour
2009-02-22 15:08:04 ----D---- D:\WINDOWS\Microsoft.NET
2009-02-22 10:32:42 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2009-02-22 10:32:38 ----RSD---- D:\WINDOWS\assembly
2009-02-22 10:31:51 ----D---- D:\Program Files\Internet Explorer
2009-02-22 10:30:54 ----D---- D:\WINDOWS\system32\DirectX
2009-02-22 10:28:38 ----A---- D:\WINDOWS\system32\PnkBstrB.exe
2009-02-22 10:28:27 ----A---- D:\WINDOWS\system32\PnkBstrA.exe
2009-02-22 10:28:25 ----A---- D:\WINDOWS\system32\pbsvc.exe
2009-02-22 10:23:52 ----HD---- D:\Program Files\InstallShield Installation Information
2009-02-22 10:16:13 ----D---- D:\WINDOWS\system32\CatRoot
2009-02-21 16:28:01 ----D---- D:\Program Files\Windows Media Player
2009-02-21 15:35:10 ----A---- D:\WINDOWS\win.ini
2009-02-21 15:34:59 ----D---- D:\WINDOWS\Help
2009-02-21 15:33:39 ----D---- D:\WINDOWS\system32\LogFiles

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; D:\WINDOWS\System32\Drivers\avgldx86.sys [2009-02-05 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; D:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-02-05 27656]
R1 incdrm;InCD EasyWrite Reader; D:\WINDOWS\system32\drivers\incdrm.sys [2002-10-08 7582]
R1 intelppm;Intel Processor Driver; D:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; D:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SAVRT;SAVRT; \??\D:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SYMTDI;SYMTDI; D:\WINDOWS\System32\Drivers\SYMTDI.SYS [2004-03-11 263616]
R2 ANIO;ANIO Service; \??\D:\WINDOWS\system32\ANIO.SYS []
R2 Aspi32;Aspi32; D:\WINDOWS\System32\drivers\aspi32.sys [2005-11-21 16512]
R2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys []
R2 SAVRTPEL;SAVRTPEL; \??\D:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R2 TBPanel;TBPanel; D:\WINDOWS\system32\drivers\TBPanel.sys [2007-03-16 12256]
R3 Arp1394;1394 ARP Client Protocol; D:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 CIF USB CAMERA Service;CIF USB CAMERA; D:\WINDOWS\system32\DRIVERS\pfc027.sys [2003-09-18 112380]
R3 dvd43llh;dvd43llh; D:\WINDOWS\System32\DRIVERS\dvd43llh.sys [2008-11-26 18816]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; D:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-04-01 254872]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; D:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HECI;Intel(R) Management Engine Interface; D:\WINDOWS\system32\DRIVERS\HECI.sys [2007-03-13 44672]
R3 hidusb;Microsoft HID Class Driver; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); D:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-01 4484608]
R3 mouhid;Mouse HID Driver; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NAVENG;NAVENG; \??\D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090312.019\naveng.sys []
R3 NAVEX15;NAVEX15; \??\D:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090312.019\navex15.sys []
R3 NIC1394;1394 Net Driver; D:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 npkcusb;npkcusb; \??\C:\Nexon\MapleStory\npkcusb.sys []
R3 nv;nv; D:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-04-13 6738656]
R3 pcouffin;VSO Software pcouffin; D:\WINDOWS\System32\Drivers\pcouffin.sys [2008-11-26 47360]
R3 pfc;Padus ASPI Shell; D:\WINDOWS\system32\drivers\pfc.sys [2003-07-01 9856]
R3 RT73;D-Link USB Wireless LAN Card Driver; D:\WINDOWS\system32\DRIVERS\Dr71WU.sys [2005-11-03 245504]
R3 SymEvent;SymEvent; \??\D:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; D:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2004-03-11 16288]
R3 usbccgp;Microsoft USB Generic Parent Driver; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; D:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;USB Mass Storage Driver; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 Cardex;Cardex; \??\D:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 CCDECODE;Closed Caption Decoder; D:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; D:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 USBAAPL;Apple Mobile USB Driver; D:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbprint;Microsoft USB PRINTER Class; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WpdUsb;WpdUsb; D:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; D:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 BsUDF;InCD UDF Driver; D:\WINDOWS\system32\drivers\BsUDF.sys [2003-02-12 389504]
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 avg8wd;AVG Free8 WatchDog; D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-02-05 298264]
R2 Bonjour Service;Bonjour Service; D:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ccEvtMgr;Symantec Event Manager; D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2004-02-29 255096]
R2 ccSetMgr;Symantec Settings Manager; D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2004-02-29 242808]
R2 DefWatch;Symantec AntiVirus Definition Watcher; D:\Program Files\Symantec AntiVirus\DefWatch.exe [2004-03-12 29928]
R2 EpsonBidirectionalService;EpsonBidirectionalService; D:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [2002-01-29 77824]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [2002-07-17 94208]
R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2008-12-29 152984]
R2 NVSvc;NVIDIA Display Driver Service; D:\WINDOWS\system32\nvsvc32.exe [2007-04-13 163908]
R2 PnkBstrA;PnkBstrA; D:\WINDOWS\system32\PnkBstrA.exe [2009-02-22 66872]
R2 PnkBstrB;PnkBstrB; D:\WINDOWS\system32\PnkBstrB.exe [2009-02-22 107832]
R2 Symantec AntiVirus;Symantec AntiVirus; D:\Program Files\Symantec AntiVirus\Rtvscan.exe [2004-03-12 1221864]
R2 UxTuneUp;TuneUp Theme Extension; D:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; D:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; D:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 ANIWZCSdService;ANIWZCSd Service; D:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [2005-10-19 49152]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 ccPwdSvc;Symantec Password Validation; D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2004-02-29 87160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-25 654848]
S3 GoogleDesktopManager;GoogleDesktopManager; D:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe [2009-01-25 81408]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SavRoam;SAVRoam; D:\Program Files\Symantec AntiVirus\SavRoam.exe [2004-03-12 169192]
S3 SNDSrvc;Symantec Network Drivers Service; D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2004-03-11 193760]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; D:\WINDOWS\System32\TuneUpDefragService.exe [2008-11-23 355584]
S3 usprserv;User Privilege Service; D:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WLSetupSvc;Windows Live Setup Service; D:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; D:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 QBCFMonitorService;QBCFMonitorService; D:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [2008-03-10 20480]
S4 QBFCService;Intuit QuickBooks FCS; D:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [2008-03-11 68672]

-----------------EOF-----------------
pebbels
Regular Member
 
Posts: 26
Joined: March 13th, 2009, 2:04 am

Re: RV HOST HELP>> how to remove RVHOST

Unread postby peku006 » March 17th, 2009, 10:50 am

Hi pebbels

1 - Scan With ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to Temporarily Disable Anti-virus

Please include the C:\ComboFix.txt in your next reply for further review.

2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

3 - Status Check
Please reply with


1. the ComboFix log(C:\ComboFix.txt)
2. a fresh HijackThis log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: RV HOST HELP>> how to remove RVHOST

Unread postby pebbels » March 18th, 2009, 2:27 am

the ComboFix log(C:\ComboFix.txt)

ComboFix 09-03-15.01 - flying saucer 2009-03-18 17:16:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2030.1351 [GMT 11:00]
Running from: d:\documents and settings\flying saucer\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf
d:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
d:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
d:\documents and settings\flying saucer\Application Data\inst.exe
d:\windows\system32\pthreadGC1.dll
d:\windows\system32\setting.ini

----- BITS: Possible infected sites -----

hxxp://sunmicro.ht.rd.llnw.net
.
((((((((((((((((((((((((( Files Created from 2009-02-18 to 2009-03-18 )))))))))))))))))))))))))))))))
.

2009-03-17 17:55 . 2009-03-17 17:56 <DIR> d-------- D:\rsit
2009-03-13 08:04 . 2009-03-13 08:04 <DIR> d-------- d:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-03-09 12:27 . 2009-03-09 12:27 <DIR> d-------- d:\program files\LittleFighter2
2009-03-07 15:27 . 2009-03-07 15:27 60,259 --a------ D:\Old lady.jpg
2009-03-06 17:09 . 2009-03-06 17:09 <DIR> d-------- d:\program files\iPod
2009-03-06 17:09 . 2009-03-06 17:09 <DIR> d-------- d:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-03-06 16:50 . 2009-03-06 17:01 <DIR> d-------- D:\mums ipod
2009-03-06 16:37 . 2009-03-06 16:37 <DIR> d-------- d:\documents and settings\mum and da\Application Data\AVGTOOLBAR
2009-03-06 15:56 . 2009-03-06 15:56 <DIR> d-------- d:\program files\Trend Micro
2009-03-06 08:04 . 2009-03-06 08:04 <DIR> d--h-c--- d:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-03-04 18:16 . 2009-03-04 18:37 <DIR> d-------- D:\Eric Homework
2009-03-01 12:15 . 2009-03-01 12:15 <DIR> d-------- d:\program files\Gogo DVD to 3gp Converter
2009-03-01 12:08 . 2009-03-01 12:08 <DIR> d-------- d:\documents and settings\flying saucer\.dvdcss
2009-03-01 12:00 . 2009-03-01 12:00 <DIR> d-------- d:\program files\FLV Player
2009-02-28 11:45 . 2009-02-28 11:45 <DIR> d-------- d:\program files\AnMing
2009-02-28 11:45 . 2007-10-05 09:27 12,332,032 --a------ d:\windows\system32\v2vcovt.dll
2009-02-28 11:45 . 2002-12-10 10:27 217,127 --a------ d:\windows\system32\drv43260.dll
2009-02-28 11:45 . 2007-10-07 08:51 110,592 --a------ d:\windows\system32\cellphoneConverter.exe
2009-02-28 11:45 . 2005-11-21 13:48 45,056 --a------ d:\windows\system32\WNASPI32.DLL
2009-02-28 11:45 . 2005-11-21 13:48 16,512 --a------ d:\windows\system32\drivers\ASPI32.SYS
2009-02-26 18:17 . 2009-03-04 17:19 <DIR> d-------- d:\program files\MessengerDiscovery
2009-02-26 18:17 . 2004-03-09 01:00 124,688 --a------ d:\windows\system32\MSWINSCK.ocx
2009-02-26 18:14 . 2009-02-26 18:16 2,174,128 --a------ D:\MDL_1.5.0800.exe
2009-02-24 19:57 . 2000-01-13 11:20 1,221 --------- d:\windows\system\UKSETUP.CFG
2009-02-24 19:57 . 2009-02-24 19:59 337 --a------ d:\windows\GCARD.INI
2009-02-24 16:38 . 2009-02-24 16:39 <DIR> d-------- D:\Canberra
2009-02-22 12:23 . 2009-02-22 12:24 <DIR> d-------- d:\program files\LimeWire
2009-02-22 10:23 . 2009-02-22 10:23 <DIR> d-------- d:\program files\Ubisoft
2009-02-21 15:35 . 2009-02-21 15:35 <DIR> d-------- d:\program files\Windows Media Connect 2
2009-02-21 15:33 . 2009-02-21 15:34 <DIR> d-------- d:\windows\system32\drivers\UMDF
2009-02-21 15:33 . 2009-02-21 15:34 <DIR> d-------- D:\b699fdd472f7b79be3d7df8870dc3d
2009-02-21 15:33 . 2009-02-21 15:33 <DIR> d-------- D:\32b3accbb44f80a59fd4b4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-18 06:19 --------- d-----w d:\program files\Symantec AntiVirus
2009-03-18 06:19 --------- d-----w d:\program files\DNA
2009-03-18 06:19 --------- d-----w d:\documents and settings\flying saucer\Application Data\DNA
2009-03-17 08:49 --------- d-----w d:\documents and settings\flying saucer\Application Data\LimeWire
2009-03-17 07:19 --------- d-----w d:\program files\BitComet
2009-03-06 06:18 --------- d-----w d:\program files\TuneUp Utilities 2008
2009-03-06 06:09 --------- d-----w d:\program files\iTunes
2009-03-06 06:09 --------- d-----w d:\program files\Common Files\Apple
2009-03-06 06:07 --------- d-----w d:\program files\QuickTime
2009-02-27 12:41 --------- d-----w d:\documents and settings\flying saucer\Application Data\Apple Computer
2009-02-23 08:58 --------- d-----w d:\program files\Bonjour
2009-02-21 23:28 22,328 ----a-w d:\windows\system32\drivers\PnkBstrK.sys
2009-02-21 23:28 22,328 ----a-w d:\documents and settings\flying saucer\Application Data\PnkBstrK.sys
2009-02-21 23:23 --------- d--h--w d:\program files\InstallShield Installation Information
2009-02-15 01:26 --------- d-----w d:\documents and settings\flying saucer\Application Data\FrostWire
2009-02-15 01:22 --------- d-----w d:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-02-15 00:33 --------- d-----w d:\program files\EA GAMES
2009-02-13 07:51 657,020 ----a-w d:\windows\Condition Zero Uninstaller.exe
2009-02-13 06:41 --------- d-----w d:\documents and settings\flying saucer\Application Data\AVGTOOLBAR
2009-02-13 05:27 --------- d--h--r d:\documents and settings\flying saucer\Application Data\SecuROM
2009-02-12 07:29 748,080 ----a-w D:\dfsetup107.exe
2009-02-12 07:29 --------- d-----w d:\program files\Defraggler
2009-02-04 20:33 --------- d-----w d:\documents and settings\All Users\Application Data\avg8
2009-02-04 20:32 325,128 ----a-w d:\windows\system32\drivers\avgldx86.sys
2009-01-25 08:39 --------- d-----w d:\program files\AVG
2009-01-25 07:39 --------- d-----w d:\program files\Google
2009-01-25 07:39 --------- d-----w d:\program files\Common Files\supportsoft
2009-01-25 07:38 --------- d-----w d:\documents and settings\All Users\Application Data\Intuit
2009-01-25 07:37 --------- d-----w d:\program files\Common Files\Intuit
2009-01-25 07:36 --------- d-----w d:\program files\Intuit
2009-01-25 07:36 --------- d-----w d:\program files\Common Files\AnswerWorks 4.0
2009-01-25 07:35 --------- d-----w d:\documents and settings\All Users\Application Data\COMMON FILES
2009-01-20 22:15 --------- d-----w d:\program files\OWLGST
2008-11-27 13:14 0 -c--a-w d:\documents and settings\flying saucer\Application Data\itunesoption.bin
2008-11-26 08:57 47,360 ----a-w d:\documents and settings\flying saucer\Application Data\pcouffin.sys
2009-01-25 07:39 156,672 ----a-w d:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-10-16 05:29 32,768 --sha-w d:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092920081006\index.dat
2008-10-16 05:29 32,768 --sha-w d:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008101620081017\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="d:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="d:\program files\DNA\btdna.exe" [2008-12-18 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="d:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="d:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="d:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Gainward"="d:\program files\XpertVision\TBPanel.exe" [2007-04-23 2165520]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2007-04-13 8429568]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2007-04-13 81920]
"D-Link AirPlus G"="d:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 1544192]
"ANIWZCS2Service"="d:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 49152]
"NeroCheck"="d:\windows\system32\NeroCheck.exe" [2002-10-08 155648]
"ccApp"="d:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 66680]
"vptray"="d:\progra~1\SYMANT~1\VPTray.exe" [2004-03-12 124128]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2008-12-29 136600]
"RemoteControl"="d:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768]
"AppleSyncNotifier"="d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"dvd43"="d:\program files\dvd43\dvd43_tray.exe" [2008-11-17 827904]
"Google Desktop Search"="d:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-01-25 240640]
"AVG8_TRAY"="d:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-05 1601304]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-01 d:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-04-01 d:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2007-04-13 d:\windows\system32\nwiz.exe]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - d:\program files\Microsoft Office\Office\OSA9.EXE [1999-03-22 65588]
QuickBooks Update Agent.lnk - d:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-03-11 969792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-05 07:32 10520 d:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"d:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"d:\\Program Files\\LittleFighter2\\LF2_v1.9c\\lf2.exe"=
"d:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\Intuit\\QuickBooks 2008-09\\QBDBMgrN.exe"=
"d:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Valve\\Condition Zero\\hl.exe"=
"d:\\WINDOWS\\system32\\PnkBstrA.exe"=
"d:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program Files\\DealBook 360\\DealBook 360.exe"=
"d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2..exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2ServerLauncher.exe"=
"d:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Sierra\\Empire Earth\\Empire Earth.exe"=
"c:\\Program Files\\Sierra\\Empire Earth - The Art of Conquest\\EE-AOC.exe"=
"c:\\Valve\\Condition Zero\\hltv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7908:TCP"= 7908:TCP:BitComet 7908 TCP
"7908:UDP"= 7908:UDP:BitComet 7908 UDP

R0 BsStor;InCD Storage Helper Driver;d:\windows\system32\drivers\bsstor.sys [2008-10-03 9344]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [2009-01-25 325128]
R2 avg8wd;AVG Free8 WatchDog;d:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-25 298264]
R3 CIF USB CAMERA Service;CIF USB CAMERA;d:\windows\system32\drivers\pfc027.sys [2008-10-12 112380]
S3 SavRoam;SAVRoam;d:\program files\Symantec AntiVirus\SavRoam.exe [2004-03-12 169192]
S4 BsUDF;InCD UDF Driver;d:\windows\system32\drivers\bsudf.sys [2008-10-03 389504]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35ad4827-7c6c-11dd-b699-001cf09244ed}]
\Shell\AutoRun\command - bo1dhu.bat
\Shell\explore\Command - bo1dhu.bat
\Shell\open\Command - bo1dhu.bat
.
Contents of the 'Scheduled Tasks' folder

2009-03-13 d:\windows\Tasks\1-Click Maintenance.job
- d:\program files\TuneUp Utilities 2008\OneClick.exe [2008-06-20 09:09]

2008-11-18 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-12 d:\windows\Tasks\OGADaily.job
- d:\windows\system32\OGAVerify.exe [2008-12-31 17:04]

2009-03-18 d:\windows\Tasks\OGALogon.job
- d:\windows\system32\OGAVerify.exe [2008-12-31 17:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - d:\documents and settings\flying saucer\Application Data\Mozilla\Firefox\Profiles\6ebyr18h.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - component: d:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: d:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: d:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
FF - plugin: d:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-18 17:19:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-299502267-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b4,f4,a8,1c,a2,c2,11,b0,e8,b1,df,e7,9a,6e,c5,c7,4f,1b,00,74,d7,67,4c,
34,d9,93,df,72,ff,dd,32,1b,28,a8,0f,aa,ba,c9,e7,88,19,9d,82,b3,4e,7b,2f,d9,\
"??"=hex:72,b8,f7,37,f4,f1,48,8d,55,e5,6c,67,32,4a,8b,5d

[HKEY_USERS\S-1-5-21-1644491937-299502267-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:ce,57,08,1f,e7,79,f7,87,9a,3e,49,07,9b,1d,8b,20,1e,85,d0,07,5c,
ad,e3,ba,48,ca,55,e8,d9,1e,9d,a2,3d,d9,c9,60,5d,cf,e5,71,0f,8b,d6,7e,34,8e,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
------------------------ Other Running Processes ------------------------
.
d:\program files\Common Files\Symantec Shared\ccSetMgr.exe
d:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
d:\windows\system32\rundll32.exe
d:\program files\Common Files\EPSON\EBAPI\eEBSvc.exe
d:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\program files\AVG\AVG8\avgrsx.exe
d:\program files\Symantec AntiVirus\DefWatch.exe
d:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\windows\system32\nvsvc32.exe
d:\windows\system32\PnkBstrA.exe
d:\windows\system32\PnkBstrB.exe
d:\program files\Symantec AntiVirus\Rtvscan.exe
d:\program files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
d:\program files\MessengerDiscovery\MessengerDiscovery Live.exe
d:\windows\system32\wscntfy.exe
d:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-03-18 17:22:41 - machine was rebooted [flying saucer]
ComboFix-quarantined-files.txt 2009-03-18 06:22:38

Pre-Run: 308,817,170,432 bytes free
Post-Run: 306,649,022,464 bytes free

252 --- E O F --- 2009-03-12 20:56:05
pebbels
Regular Member
 
Posts: 26
Joined: March 13th, 2009, 2:04 am

Re: RV HOST HELP>> how to remove RVHOST

Unread postby pebbels » March 18th, 2009, 2:28 am

a fresh HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:28:28 PM, on 3/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\XpertVision\TBPanel.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\PROGRA~1\SYMANT~1\VPTray.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
D:\Program Files\dvd43\dvd43_tray.exe
D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
D:\PROGRA~1\AVG\AVG8\avgtray.exe
D:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\DNA\btdna.exe
D:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
D:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\PROGRA~1\AVG\AVG8\aAvgApi.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Gainward] D:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [D-Link AirPlus G] D:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] D:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [dvd43] D:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "D:\Program Files\DNA\btdna.exe"
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = D:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - D:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - D:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - D:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - D:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 10086 bytes
pebbels
Regular Member
 
Posts: 26
Joined: March 13th, 2009, 2:04 am

Re: RV HOST HELP>> how to remove RVHOST

Unread postby peku006 » March 18th, 2009, 5:05 am

Hi pebbels

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

LimeWire
BitComet


I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).NOW

Make an uninstall list using HijackThis

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: RV HOST HELP>> how to remove RVHOST

Unread postby pebbels » March 18th, 2009, 6:03 am

Adobe Acrobat 5.0
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Setup
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Ahead InCD
Ahead InCD EasyWrite Reader
Ahead NeroMediaPlayer
AirPlus G
ANIO Service
ANIWZCS2 Service
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression
ArcSoft PhotoImpression
ArcSoft VideoImpression 1.6
ASUSDVD
AVG Free 8.0
AviSynth 2.5
Bonjour
Cell Phone Video Converter 1.5
Cheetah DVD Burner
CIF USB CAMERA
ClassPad OS Update
Compatibility Pack for the 2007 Office system
Condition Zero
Critical Update for Windows Media Player 11 (KB959772)
DealBook 360
Defraggler (remove only)
DVD Shrink 3.2
DVD43 v4.4.0
EPSON Copy Utility
EPSON Photo Print
EPSON PhotoQuicker3.2
EPSON Printer Software
EPSON Smart Panel
EPSON TWAIN 5
Far Cry 2
FLV Player 2.0 (build 25)
GenieSoft Overture v4.0.2
Gogo DVD To 3gp Converter
Google Desktop
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel(R) Management Engine Interface
Intel(R) PRO Network Connections 12.1.2.9
iPhone/iTouch/iPod to Computer Transfer 3.9.2
iTunes
Java(TM) 6 Update 11
Java(TM) 6 Update 7
Little Fighter 2 1.9c
LiveUpdate 2.0 (Symantec Corporation)
MessengerDiscovery 1.5.0800
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mozilla Firefox (3.0.7)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
muvee autoProducer 3.5 magicMoments
Nero - Burning Rom
NVIDIA Drivers
NVIDIA WDM Drivers
OGA Notifier 1.7.0105.35.0
Overture 3.1.0
PDF Settings
Photo Manager
PowerDirector
PunkBuster Services
QuickBooks EasyStart Lite 2008-09
QuickTime
Realtek High Definition Audio Driver
ScanToWeb
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
SupportSoft Assisted Service
Symantec AntiVirus
The Sims 2
The Sims 2 Open For Business
The Sims™ 2 Bon Voyage
The Sims™ 2 Kitchen & Bath Interior Design Stuff
TuneUp Utilities 2008
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VeohTV BETA
Videora iPod Converter 4.03
VSO CopyToDVD 4
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
XpertVision 5.1
Xvid 1.1.3 final uninstall



i would also like to ask u . are there any other programs i can download free music safely. as i have just unistalled limewire-.. thank you
pebbels
Regular Member
 
Posts: 26
Joined: March 13th, 2009, 2:04 am

Re: RV HOST HELP>> how to remove RVHOST

Unread postby peku006 » March 18th, 2009, 7:03 am

Hi pebbels
are there any other programs i can download free music safely

I'm not sure I have to ask others :oops:

1 - Remove bad HijackThis entries
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

2 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform full scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found here:

    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

4 - Status Check
Please reply with

1. the Malwarebytes' Anti-Malware Log
2. a fresh HijackThis log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: RV HOST HELP>> how to remove RVHOST

Unread postby pebbels » March 19th, 2009, 2:38 am

Malwarebytes' Anti-Malware 1.34
Database version: 1868
Windows 5.1.2600 Service Pack 3

3/19/2009 5:36:33 PM
mbam-log-2009-03-19 (17-36-33).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 221567
Time elapsed: 1 hour(s), 6 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.
C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
pebbels
Regular Member
 
Posts: 26
Joined: March 13th, 2009, 2:04 am

Re: RV HOST HELP>> how to remove RVHOST

Unread postby pebbels » March 19th, 2009, 2:39 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:39:00 PM, on 3/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\XpertVision\TBPanel.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\PROGRA~1\SYMANT~1\VPTray.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
D:\PROGRA~1\AVG\AVG8\avgtray.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
D:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\DNA\btdna.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
D:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\PROGRA~1\AVG\AVG8\aAvgApi.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Gainward] D:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [D-Link AirPlus G] D:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] D:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [dvd43] D:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "D:\Program Files\DNA\btdna.exe"
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = D:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: D:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - D:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - D:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - D:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - D:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 10175 bytes
pebbels
Regular Member
 
Posts: 26
Joined: March 13th, 2009, 2:04 am

Re: RV HOST HELP>> how to remove RVHOST

Unread postby peku006 » March 19th, 2009, 5:09 am

Hi pebbels

1 - Clean temp files

    Download and Run ATF Cleaner
    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.Double-click ATF Cleaner.exe to open it.

    Under Main choose:
      Windows Temp
      Current User Temp
      All Users Temp
      Temporary Internet Files
      Prefetch
      Java Cache

      *The other boxes are optional*
      Then click the Empty Selected button.
    if you use Firefox:
      Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
    if you use Opera:
      Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program

2 - Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

4 - Status Check
Please reply with

1. the Kaspersky online scanner report
2. a fresh HijackThis log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: RV HOST HELP>> how to remove RVHOST

Unread postby pebbels » March 20th, 2009, 7:43 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:09 PM, on 3/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\XpertVision\TBPanel.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\PROGRA~1\SYMANT~1\VPTray.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
D:\PROGRA~1\AVG\AVG8\avgtray.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\DNA\btdna.exe
D:\Program Files\AVG\AVG8\avgui.exe
D:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\PROGRA~1\AVG\AVG8\aAvgApi.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Gainward] D:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [D-Link AirPlus G] D:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] D:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [dvd43] D:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "D:\Program Files\DNA\btdna.exe"
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = D:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: D:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - D:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - D:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - D:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - D:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - D:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9775 bytes
pebbels
Regular Member
 
Posts: 26
Joined: March 13th, 2009, 2:04 am

Re: RV HOST HELP>> how to remove RVHOST

Unread postby pebbels » March 20th, 2009, 7:45 am

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, March 20, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, March 20, 2009 06:35:03
Records in database: 1937139
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 133881
Threat name: 4
Infected objects: 43
Suspicious objects: 0
Duration of the scan: 01:51:01


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A480000.VBN Infected: Trojan-Downloader.WMA.GetCodec.b 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03040000.VBN Infected: IM-Worm.Win32.Sohanad.bm 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03040001.VBN Infected: IM-Worm.Win32.Sohanad.bm 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04580000.VBN Infected: IM-Worm.Win32.Sohanad.bm 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05C00000.VBN Infected: Exploit.Win32.Pidief.rh 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07C80000.VBN Infected: Trojan-Downloader.WMA.GetCodec.c 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07F00000.VBN Infected: IM-Worm.Win32.Sohanad.bm 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08840000.VBN Infected: IM-Worm.Win32.Sohanad.bm 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08840001.VBN Infected: IM-Worm.Win32.Sohanad.bm 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08840002.VBN Infected: IM-Worm.Win32.Sohanad.bm 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08840003.VBN Infected: IM-Worm.Win32.Sohanad.bm 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08840004.VBN Infected: IM-Worm.Win32.Sohanad.bm 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08840005.VBN Infected: IM-Worm.Win32.Sohanad.bm 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08F00000.VBN Infected: Trojan-Downloader.WMA.GetCodec.c 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\090C0000.VBN Infected: IM-Worm.Win32.Sohanad.bm 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09500000.VBN Infected: IM-Worm.Win32.Sohanad.bm 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09500001.VBN Infected: IM-Worm.Win32.Sohanad.bm 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09700000.VBN Infected: IM-Worm.Win32.Sohanad.bm 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09700001.VBN Infected: IM-Worm.Win32.Sohanad.bm 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09700002.VBN Infected: IM-Worm.Win32.Sohanad.bm 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09700003.VBN Infected: IM-Worm.Win32.Sohanad.bm 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09940000.VBN Infected: IM-Worm.Win32.Sohanad.bm 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09940001.VBN Infected: IM-Worm.Win32.Sohanad.bm 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09940002.VBN Infected: IM-Worm.Win32.Sohanad.bm 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09940003.VBN Infected: Exploit.Win32.Pidief.rh 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A240000.VBN Infected: IM-Worm.Win32.Sohanad.bm 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A240001.VBN Infected: IM-Worm.Win32.Sohanad.bm 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A240002.VBN Infected: IM-Worm.Win32.Sohanad.bm 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A240003.VBN Infected: IM-Worm.Win32.Sohanad.bm 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A240004.VBN Infected: IM-Worm.Win32.Sohanad.bm 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A4C0000.VBN Infected: IM-Worm.Win32.Sohanad.bm 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A4C0001.VBN Infected: IM-Worm.Win32.Sohanad.bm 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B680000.VBN Infected: IM-Worm.Win32.Sohanad.bm 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BE80000.VBN Infected: IM-Worm.Win32.Sohanad.bm 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C280000.VBN Infected: IM-Worm.Win32.Sohanad.bm 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CC40000.VBN Infected: IM-Worm.Win32.Sohanad.bm 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D680000.VBN Infected: IM-Worm.Win32.Sohanad.bm 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D680002.VBN Infected: IM-Worm.Win32.Sohanad.bm 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D680003.VBN Infected: IM-Worm.Win32.Sohanad.bm 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D680004.VBN Infected: IM-Worm.Win32.Sohanad.bm 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D940000.VBN Infected: IM-Worm.Win32.Sohanad.bm 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F080000.VBN Infected: IM-Worm.Win32.Sohanad.bm 1
D:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F080001.VBN Infected: IM-Worm.Win32.Sohanad.bm 1

The selected area was scanned.
pebbels
Regular Member
 
Posts: 26
Joined: March 13th, 2009, 2:04 am

Re: RV HOST HELP>> how to remove RVHOST

Unread postby peku006 » March 20th, 2009, 10:51 am

Hi pebbels

Please empty your Norton AntiVirus Quarantine. f you don't know how, click here.

Logs look good. How's the computer running now?

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 40 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware