Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijack This log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Hijack This log

Unread postby mwizz » June 30th, 2009, 4:52 am

I have now been able to run the Hijack This program and obtain a log that is shown below. I stupidly downloaded a file that I thought was a flash player upgrade. It had the 'f' symbol. I first scanned it with AVG but there was no issue with it. When it downloaded a program called something like 'Playall' appeared in the programs list but disappeared the next time I looked in there. After this I could not open Internet Explorer and started using Opera as my web browser (which did open) but my Google searches were hijacked. I could also not do a system restore and my Adaware program would not update. Hoping you can help.

Logfile of HijackThis v1.99.1
Scan saved at 6:16:20 PM, on 30/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Common Files\VideoMate\ComproRemote.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\MailWasher Pro\MailWasher.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\User\Desktop\Wizzware.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ninemsn.com.au
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: ActivateBand Class - {4C7B6DE1-99A4-4CF1-8B44-68889900E1D0} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: ComproRemote.lnk = ?
O4 - Global Startup: ComproSchedulerDTV.lnk = C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.15-3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F1D54B0B-B6EA-43B5-BD26-A79D3DBF47E3} (Multidownx Control) - http://bigpondmusic.com/activex/multidownx.cab
O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} (iolo.ProductDetector) - http://www.iolo.com/app/ocx/UpgradeVerify.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEAEFE34-49D4-40E0-8310-16092C3EB5DC}: NameServer = 85.255.112.184,85.255.112.75
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.184,85.255.112.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.184,85.255.112.75
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9885c131f00dc) (gupdate1c9885c131f00dc) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
mwizz
Regular Member
 
Posts: 48
Joined: June 28th, 2009, 7:32 am
Advertisement
Register to Remove

Re: Hijack This log

Unread postby Axephilic » July 1st, 2009, 1:26 pm

Welcome to the Malware Removal Forums! My name is Adam and I will be assisting you with getting the malware off of your computer. Please observe the following points before we start:
  1. If at any point you don't understand something, please let me know and I will be glad to explain or go more into depth for you. :)
  2. Please remember, I am a volunteer and I have a personal life. I go to school full time, have a part time job, and I do sports. A lot of this takes a lot of time.
  3. Please keep all of your replies in this topic/thread and do not make a new topic/thread, thanks!
  4. Please stick with this, don't stop responding because the symptoms are gone, the infection could still be there. Keep replying to my posts until I give you the All Clean message. ;)
  5. If you don't reply within five days after my last instructions this topic will be closed. If you will not be able to reply within five days please tell me so the topic will not be closed.
  6. Please do not run other tools to remove the malware unless I ask you to until I give you the all clean. They will just mess up my fixes and make things more complicated, not fix the problem.

RSIT
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Hijack This log

Unread postby mwizz » July 2nd, 2009, 4:32 am

Thanks, contents of both logs posted below as requested.


Logfile of random's system information tool 1.06 (written by random/random)
Run by User at 2009-07-02 18:00:19
Microsoft Windows XP Professional Service Pack 3
System drive C: has 121 GB (80%) free of 153 GB
Total RAM: 3327 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:00:30 PM, on 2/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Common Files\VideoMate\ComproRemote.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\MailWasher Pro\MailWasher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\User\Desktop\RSIT.exe
C:\Program Files\trend micro\User.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ninemsn.com.au
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: ActivateBand Class - {4C7B6DE1-99A4-4CF1-8B44-68889900E1D0} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: ComproRemote.lnk = ?
O4 - Global Startup: ComproSchedulerDTV.lnk = C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.15-3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F1D54B0B-B6EA-43B5-BD26-A79D3DBF47E3} (Multidownx Control) - http://bigpondmusic.com/activex/multidownx.cab
O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} (iolo.ProductDetector) - http://www.iolo.com/app/ocx/UpgradeVerify.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEAEFE34-49D4-40E0-8310-16092C3EB5DC}: NameServer = 85.255.112.184,85.255.112.75
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.184,85.255.112.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.184,85.255.112.75
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9885c131f00dc) (gupdate1c9885c131f00dc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 15146 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\OGADaily.job
C:\WINDOWS\tasks\OGALogon.job
C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-05-05 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4C7B6DE1-99A4-4CF1-8B44-68889900E1D0}]
ActivateBand Class - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll [2005-12-01 266240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-02 1004800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-11 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-13 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-24 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - BigPond Toolbar - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll [2005-12-01 266240]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-11 259696]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-02 1004800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-12-09 15691264]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"nwiz"=nwiz.exe /install []
"SW20"=C:\WINDOWS\system32\sw20.exe [2005-06-29 212992]
"SW24"=C:\WINDOWS\system32\sw24.exe [2005-07-04 69632]
"WinFastDTV"=C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [2006-03-28 69632]
"WinFast Schedule"=C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2006-03-21 327680]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"BigPond Toolbar"=C:\Program Files\Telstra\Toolbar\bpumTray.exe [2005-12-01 327680]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-07-26 1836544]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2006-07-19 94208]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2006-07-19 94208]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe [2006-08-03 529968]
"LVCOMSX"=C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe [2006-08-03 244520]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-12 1948440]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-13 177472]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-03-10 515416]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-16 67128]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-07 39408]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-03-20 1312256]
"BitTorrent"=C:\Program Files\BitTorrent\bittorrent.exe [2007-09-08 43008]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
ComproRemote.lnk - C:\Program Files\Common Files\VideoMate\ComproRemote.exe
ComproSchedulerDTV.lnk - C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-05-05 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
WgaLogon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE"="C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE:*:Enabled:Microsoft Office Word"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:bittorrent"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a909a9b-1925-11db-b005-0016e64a35fe}]
shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aeec6576-0321-11db-afce-0016e64a35fe}]
shell\AutoRun\command - G:\setupSNK.exe


======File associations======

.js - open - NOTEPAD.EXE %1
.reg - open - NOTEPAD.EXE %1
.scr - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2009-07-02 18:00:19 ----D---- C:\rsit
2009-06-29 20:21:55 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-06-29 19:45:39 ----HDC---- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-29 17:42:39 ----D---- C:\Program Files\Trend Micro
2009-06-13 17:22:50 ----D---- C:\Program Files\iPod
2009-06-13 17:22:48 ----D---- C:\Program Files\iTunes
2009-06-12 15:22:34 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2009-06-10 19:00:31 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-10 19:00:26 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-10 18:58:12 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-10 18:57:29 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-06 20:48:35 ----D---- C:\Program Files\Common Files\DivX Shared

======List of files/folders modified in the last 1 months======

2009-07-02 17:54:56 ----SD---- C:\WINDOWS\Tasks
2009-07-01 23:35:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-01 22:49:14 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-07-01 17:46:44 ----D---- C:\WINDOWS\Temp
2009-07-01 17:46:44 ----D---- C:\WINDOWS\Prefetch
2009-07-01 17:46:43 ----SHD---- C:\WINDOWS\Installer
2009-06-30 07:05:09 ----D---- C:\WINDOWS\system32\wbem
2009-06-30 07:05:08 ----D---- C:\WINDOWS\system32
2009-06-30 07:05:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-30 07:05:07 ----A---- C:\WINDOWS\win.ini
2009-06-29 19:50:41 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-29 19:48:24 ----D---- C:\WINDOWS\system32\Lang
2009-06-29 19:46:15 ----D---- C:\WINDOWS\system32\drivers
2009-06-29 19:46:13 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-06-29 19:45:34 ----D---- C:\Program Files\Lavasoft
2009-06-29 19:45:34 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-06-29 19:44:36 ----D---- C:\Documents and Settings\User\Application Data\Lavasoft
2009-06-29 19:31:16 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-06-29 18:25:35 ----A---- C:\WINDOWS\NeroDigital.ini
2009-06-29 17:42:39 ----RD---- C:\Program Files
2009-06-28 23:38:13 ----D---- C:\WINDOWS
2009-06-28 12:14:12 ----HD---- C:\$AVG8.VAULT$
2009-06-25 22:37:03 ----D---- C:\Program Files\Yahoo!
2009-06-25 22:36:03 ----D---- C:\Program Files\pdf995
2009-06-23 22:45:41 ----D---- C:\WINDOWS\Minidump
2009-06-22 21:29:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-22 21:29:33 ----HD---- C:\WINDOWS\inf
2009-06-22 21:29:33 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-20 13:08:47 ----D---- C:\Documents and Settings\User\Application Data\iolo
2009-06-20 13:08:47 ----D---- C:\Documents and Settings\All Users\Application Data\iolo
2009-06-17 20:33:20 ----D---- C:\Documents and Settings\User\Application Data\BitTorrent
2009-06-17 20:07:10 ----D---- C:\WINDOWS\network diagnostic
2009-06-13 17:22:45 ----D---- C:\Program Files\Common Files\Apple
2009-06-13 17:21:27 ----D---- C:\Program Files\QuickTime
2009-06-13 17:06:33 ----D---- C:\Documents and Settings\User\Application Data\gtk-2.0
2009-06-10 19:02:04 ----D---- C:\Program Files\Internet Explorer
2009-06-10 19:01:54 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-10 19:00:34 ----A---- C:\WINDOWS\imsins.BAK
2009-06-10 10:42:15 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2009-06-08 11:17:10 ----D---- C:\Documents and Settings\User\Application Data\U3
2009-06-06 20:49:37 ----D---- C:\Program Files\Google
2009-06-06 20:49:07 ----D---- C:\Program Files\DivX
2009-06-06 20:48:35 ----D---- C:\Program Files\Common Files
2009-06-05 11:42:38 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-06-04 20:41:32 ----A---- C:\WINDOWS\opt_1230.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-06-12 327688]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-20 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-05 108552]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-08 25160]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2006-08-23 3712]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-12-07 126720]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-09 4123136]
R3 LHidKe;SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-07-19 27136]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2006-07-19 71936]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VMHybrid;VMHybrid service; C:\WINDOWS\system32\DRIVERS\VMHybrid.sys [2005-04-12 705152]
S2 WFCXVCAP;WinFast TV Video Capture Driver; C:\WINDOWS\system32\drivers\wfcxvcap.sys [2006-01-27 167296]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2006-07-19 13568]
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2006-07-19 55936]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 21504]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2005-05-27 7136]
S3 PID_08A0;QuickCam IM(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2005-05-27 913280]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-14 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 usbsermptxp;Motorola USB Modem Driver for MPT XP; C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys [2006-10-30 25600]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2005-06-14 104576]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver; C:\WINDOWS\system32\drivers\wfcxdtun.sys [2006-01-27 21248]
S3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver; C:\WINDOWS\system32\drivers\wfcxtcap.sys [2006-01-27 15872]
S3 wfcxxbar;WinFast TV Crossbar Driver; C:\WINDOWS\system32\drivers\wfcxxbar.sys [2006-01-27 10368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-05-05 298776]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344]
R2 ioloFileInfoList;iolo FileInfoList Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2009-05-21 600944]
R2 ioloSystemService;iolo System Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2009-05-21 600944]
R2 Iprip;RIP Listener; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-10 951632]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\system32\tcpsvcs.exe [2006-02-28 19456]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-14 33280]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-03-04 621056]
S2 gupdate1c9885c131f00dc;Google Update Service (gupdate1c9885c131f00dc); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-06 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S3 AresChatServer;Ares Chatroom server; C:\Program Files\Ares\chatServer.exe [2007-03-20 263168]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-07-26 1836544]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\system32\tcpsvcs.exe [2006-02-28 19456]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 p2pgasvc;Peer Networking Group Authentication; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2pimsvc;Peer Networking Identity Manager; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2psvc;Peer Networking; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 PNRPSvc;Peer Name Resolution Protocol; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-07-02 18:00:33

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {637099FB-45FD-4BC7-9651-6FB540DBB749}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop Elements 2.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.dll"
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{8355F970-601D-442D-A79B-1D7DB4F24CAD}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
Ares 2.0.9-->"C:\Program Files\Ares\uninstall.exe"
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BigPond Broadband Cable-->MsiExec.exe /X{6DE9C4EE-086C-443E-B75E-429751261B05}
BigPond Toolbar-->MsiExec.exe /I{E063D6FC-1BD7-4653-BDB8-0A3149258B23}
BitTorrent 5.0.9-->"C:\Program Files\BitTorrent\uninstall.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Canon MP Navigator 3.0-->"C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Canon MP600-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600 /L0x0009
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CD-LabelPrint-->"C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
ComproDTV 2.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13C21F2D-281B-4415-B7AD-388F475FAACE}\Setup.exe" -l0x9
ComproDVD 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21DAFB84-2421-488F-B17D-102FF53396AA}\setup.exe" -l0x9
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Cucusoft MPEG to DVD Burner 3.21-->"C:\Program Files\Cucusoft\MPEG-DVD-Burner\unins000.exe"
Destinator Console-->C:\DESTIN~1\INSTAL~1\UNWISE.EXE C:\DESTIN~1\INSTAL~1\INSTALL.LOG
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
FLV Player-->"C:\WINDOWS\FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
GIMP 2.4.6-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\2.0.172.33\Installer\setup.exe" --uninstall --system-level
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Highlight Viewer (Windows Live Toolbar)-->MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
iolo technologies' System Mechanic-->"C:\Program Files\iolo\System Mechanic\unins000.exe"
iTunes-->MsiExec.exe /I{5D601655-6D54-4384-B52C-17EC5385FBBD}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150070}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
KhalSetup-->MsiExec.exe /I{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}
K-Lite Codec Pack-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LimeWire 5.1.3-->"C:\Program Files\LimeWire\uninstall.exe"
Line Speed Meter-->MsiExec.exe /I{D40491E3-35AB-4757-B1F0-94C9100C2F4E}
Logitech Communications Manager-->MsiExec.exe /I{BD202930-5F70-4B35-B875-1E28604F328D}
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech Print Service-->C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Logitech SetPoint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Logitech® Camera Driver-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
MailWasher Pro-->"C:\Program Files\MailWasher Pro\unins000.exe"
MDI VIew 1.0.1-->"C:\Program Files\MDI VIew\uninstall.exe"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office OneNote 2003-->MsiExec.exe /I{90A10409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MobileMe Control Panel-->MsiExec.exe /I{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}
MotionDV STUDIO 5.1E LE for DV-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F9B32332-3A66-4480-9769-CAB45CA1D179}\setup.exe" UNINSTALL
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Natural Color Pro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC2C7405-BC58-4E11-8F51-29671BEAC06B}\setup.exe" -l0x9
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroMIX-->C:\WINDOWS\UNNMIX.exe /UNINSTALL
NeroVision Express 3-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Nokia Connectivity Cable Driver-->MsiExec.exe /I{82427977-8776-4087-90CA-9F65174D3C4D}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_eng.exe
Nokia PC Suite-->MsiExec.exe /I{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}
Nokia Software Updater-->MsiExec.exe /X{7169FA93-66C2-43BD-86E0-CD332A686B29}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}
Opera 9.64-->MsiExec.exe /X{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}
PC Connectivity Solution-->MsiExec.exe /I{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}
PC Inspector File Recovery-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x9
PhotoEdit995-->C:\Program Files\PhotoEdit995\thinsetup.exe - uninstall
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9 -removeonly
RegistryFix v6.4-->"C:\Program Files\RegistryFix6\unins000.exe"
Roxio Backup MyPC-->MsiExec.exe /X{1E2F8094-9DCD-4B87-ADB3-25CC5A0442FF}
ScanSoft OmniPage SE 4.0-->MsiExec.exe /I{C1E693A4-B1D5-4DCD-B68D-2087835B7184}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SompyPlayer-->C:\Program Files\Microsoft ActiveSync\SompyPlayer\Uninstall.exe SompyPlayer
SpamMATTERS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80530625-7FE2-4FB1-A546-49C674DD665D}\Setup.exe" -l0x9
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Ulead Disc-Direct SDK-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D2C1E44-7685-4D05-8342-B0DC6422FA47}\setup.exe" -l0x9
Ulead Photo Explorer 8.5 SE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{025C3792-E9C6-432A-92C1-661F99D021CA}\setup.exe" -l0x9
Ulead VideoStudio 9.0 SE DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EAB2384-C794-40ED-A9DD-3270A0D2BB76}\Setup.exe" -l0x9
Update for Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VideoMate Hybrid TV driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4FBEE8F4-40C1-4DFD-9D53-8CD14622B0DD}\setup.exe" -l0x9
VideoMate Hybrid TV driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7D2B090D-5E2F-4ED3-9CFF-3730CF0DBE5C}\setup.exe" -l0x9
VideoMate Hybrid TV driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8357F925-6FD4-4F00-B686-D0C3C166A34F}\setup.exe" -l0x9
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Driver Package - Nokia Modem (02/23/2009 7.01.0.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_171C10620CF14FA76859E310DF8C6CF642D81C73\nokbtmdm.inf
Windows Driver Package - Nokia Modem (02/24/2009 4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_5929FEDBB724B17D4BCDD74361BD95262BE1608B\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (05/22/2008 3.8)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_6F90B0F4A73A2F780A1010B5D6CB5DDFB098181E\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_E68D50F7E25BFE399D47C864C3B52557346242A9\nokbtmdm.inf
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar-->MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix - KB894476-->"C:\WINDOWS\$NtUninstallKB894476$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Resource Kit Tools-->MsiExec.exe /I{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}
Windows Vista Upgrade Advisor-->MsiExec.exe /I{86BB059D-1231-457B-B88F-F9B315A18F90}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinFast DTV-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C92C584E-C781-475E-A8E2-C67D993A6B95}\Setup.exe" -l0x9 -removeonly
WinFast Entertainment Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE4AA694-815A-4045-BD49-C94F2BED7458}\setup.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: WIZZCOM
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 74742
Source Name: Disk
Time Written: 20090621151238.000000+570
Event Type: warning
User:

Computer Name: WIZZCOM
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 74741
Source Name: Disk
Time Written: 20090621151238.000000+570
Event Type: warning
User:

Computer Name: WIZZCOM
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 74740
Source Name: Disk
Time Written: 20090621151238.000000+570
Event Type: warning
User:

Computer Name: WIZZCOM
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 74739
Source Name: Disk
Time Written: 20090621151238.000000+570
Event Type: warning
User:

Computer Name: WIZZCOM
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 74738
Source Name: Disk
Time Written: 20090621151238.000000+570
Event Type: warning
User:

=====Application event log=====

Computer Name: WIZZCOM
Event Code: 1517
Message: Windows saved user WIZZCOM\User registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 9957
Source Name: Userenv
Time Written: 20090214012555.000000+630
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: WIZZCOM
Event Code: 1015
Message: TraceLevel parameter not located in registry;
Default trace level used is 32.

Record Number: 9952
Source Name: EvntAgnt
Time Written: 20090213200542.000000+630
Event Type: warning
User:

Computer Name: WIZZCOM
Event Code: 1003
Message: TraceFileName parameter not located in registry;
Default trace file used is .

Record Number: 9951
Source Name: EvntAgnt
Time Written: 20090213200542.000000+630
Event Type: warning
User:

Computer Name: WIZZCOM
Event Code: 1015
Message: TraceLevel parameter not located in registry;
Default trace level used is 32.

Record Number: 9943
Source Name: EvntAgnt
Time Written: 20090212223635.000000+630
Event Type: warning
User:

Computer Name: WIZZCOM
Event Code: 1003
Message: TraceFileName parameter not located in registry;
Default trace file used is .

Record Number: 9942
Source Name: EvntAgnt
Time Written: 20090212223635.000000+630
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\PC Connectivity Solution\;C:\Program Files\Windows Resource Kits\Tools\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Ulead Systems\DVD;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0602
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

-----------------EOF-----------------
mwizz
Regular Member
 
Posts: 48
Joined: June 28th, 2009, 7:32 am

Re: Hijack This log

Unread postby Axephilic » July 2nd, 2009, 1:31 pm

P2P Warning!

With reference to Malware Removal's P2P Programs Policy, please uninstall the following programs before we continue:

  1. Click on Start > Control Panel and double click on Add/Remove Programs.
  2. Locate the following programs and click on the Change/Remove button to uninstall them.

    Ares 2.0.9
    BitTorrent 5.0.9
    LimeWire 5.1.3

  3. Close Add/Remove Programs and Control Panel when done.


Post a new RSIT log when ready.

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Hijack This log

Unread postby mwizz » July 3rd, 2009, 8:22 am

Programs uninstalled and new RSIT log below

Logfile of random's system information tool 1.06 (written by random/random)
Run by User at 2009-07-03 21:51:07
Microsoft Windows XP Professional Service Pack 3
System drive C: has 121 GB (80%) free of 153 GB
Total RAM: 3327 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:51:09 PM, on 3/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\VideoMate\ComproRemote.exe
C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\MailWasher Pro\MailWasher.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Desktop\RSIT.exe
C:\Program Files\trend micro\User.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ninemsn.com.au
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: ActivateBand Class - {4C7B6DE1-99A4-4CF1-8B44-68889900E1D0} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: ComproRemote.lnk = ?
O4 - Global Startup: ComproSchedulerDTV.lnk = C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.15-3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F1D54B0B-B6EA-43B5-BD26-A79D3DBF47E3} (Multidownx Control) - http://bigpondmusic.com/activex/multidownx.cab
O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} (iolo.ProductDetector) - http://www.iolo.com/app/ocx/UpgradeVerify.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEAEFE34-49D4-40E0-8310-16092C3EB5DC}: NameServer = 85.255.112.184,85.255.112.75
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.184,85.255.112.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.184,85.255.112.75
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9885c131f00dc) (gupdate1c9885c131f00dc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 14984 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\OGADaily.job
C:\WINDOWS\tasks\OGALogon.job
C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-05-05 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4C7B6DE1-99A4-4CF1-8B44-68889900E1D0}]
ActivateBand Class - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll [2005-12-01 266240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-02 1004800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-11 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-13 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-24 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - BigPond Toolbar - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll [2005-12-01 266240]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-11 259696]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-02 1004800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-12-09 15691264]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"nwiz"=nwiz.exe /install []
"SW20"=C:\WINDOWS\system32\sw20.exe [2005-06-29 212992]
"SW24"=C:\WINDOWS\system32\sw24.exe [2005-07-04 69632]
"WinFastDTV"=C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [2006-03-28 69632]
"WinFast Schedule"=C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2006-03-21 327680]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"BigPond Toolbar"=C:\Program Files\Telstra\Toolbar\bpumTray.exe [2005-12-01 327680]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-07-26 1836544]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2006-07-19 94208]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2006-07-19 94208]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe [2006-08-03 529968]
"LVCOMSX"=C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe [2006-08-03 244520]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-12 1948440]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-13 177472]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-03-10 515416]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-16 67128]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-07 39408]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-03-20 1312256]
"BitTorrent"=C:\Program Files\BitTorrent\bittorrent.exe --force_start_minimized []
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
ComproRemote.lnk - C:\Program Files\Common Files\VideoMate\ComproRemote.exe
ComproSchedulerDTV.lnk - C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-05-05 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
WgaLogon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE"="C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE:*:Enabled:Microsoft Office Word"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:bittorrent"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a909a9b-1925-11db-b005-0016e64a35fe}]
shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aeec6576-0321-11db-afce-0016e64a35fe}]
shell\AutoRun\command - G:\setupSNK.exe


======File associations======

.js - open - NOTEPAD.EXE %1
.reg - open - NOTEPAD.EXE %1
.scr - open - NOTEPAD.EXE %1
.vbs - open - NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2009-07-02 18:00:19 ----D---- C:\rsit
2009-06-29 20:21:55 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-06-29 19:45:39 ----HDC---- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-29 17:42:39 ----D---- C:\Program Files\Trend Micro
2009-06-13 17:22:50 ----D---- C:\Program Files\iPod
2009-06-13 17:22:48 ----D---- C:\Program Files\iTunes
2009-06-12 15:22:34 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2009-06-10 19:00:31 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-10 19:00:26 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-10 18:58:12 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-10 18:57:29 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-06 20:48:35 ----D---- C:\Program Files\Common Files\DivX Shared

======List of files/folders modified in the last 1 months======

2009-07-03 21:50:28 ----D---- C:\Program Files\LimeWire
2009-07-03 21:50:11 ----D---- C:\Program Files\BitTorrent
2009-07-03 21:49:50 ----D---- C:\Program Files\Ares
2009-07-03 17:35:02 ----SD---- C:\WINDOWS\Tasks
2009-07-03 17:34:54 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-07-03 17:34:38 ----D---- C:\WINDOWS\Temp
2009-07-02 23:37:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-01 17:46:44 ----D---- C:\WINDOWS\Prefetch
2009-07-01 17:46:43 ----SHD---- C:\WINDOWS\Installer
2009-06-30 07:05:09 ----D---- C:\WINDOWS\system32\wbem
2009-06-30 07:05:08 ----D---- C:\WINDOWS\system32
2009-06-30 07:05:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-30 07:05:07 ----A---- C:\WINDOWS\win.ini
2009-06-29 20:58:42 ----HD---- C:\$AVG8.VAULT$
2009-06-29 19:50:41 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-29 19:48:24 ----D---- C:\WINDOWS\system32\Lang
2009-06-29 19:46:15 ----D---- C:\WINDOWS\system32\drivers
2009-06-29 19:46:13 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-06-29 19:45:34 ----D---- C:\Program Files\Lavasoft
2009-06-29 19:45:34 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-06-29 19:44:36 ----D---- C:\Documents and Settings\User\Application Data\Lavasoft
2009-06-29 19:31:16 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-06-29 18:25:35 ----A---- C:\WINDOWS\NeroDigital.ini
2009-06-29 17:42:39 ----RD---- C:\Program Files
2009-06-28 23:38:13 ----D---- C:\WINDOWS
2009-06-25 22:37:03 ----D---- C:\Program Files\Yahoo!
2009-06-25 22:36:03 ----D---- C:\Program Files\pdf995
2009-06-23 22:45:41 ----D---- C:\WINDOWS\Minidump
2009-06-22 21:29:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-22 21:29:33 ----HD---- C:\WINDOWS\inf
2009-06-22 21:29:33 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-20 13:08:47 ----D---- C:\Documents and Settings\User\Application Data\iolo
2009-06-20 13:08:47 ----D---- C:\Documents and Settings\All Users\Application Data\iolo
2009-06-17 20:33:20 ----D---- C:\Documents and Settings\User\Application Data\BitTorrent
2009-06-17 20:07:10 ----D---- C:\WINDOWS\network diagnostic
2009-06-13 17:22:45 ----D---- C:\Program Files\Common Files\Apple
2009-06-13 17:21:27 ----D---- C:\Program Files\QuickTime
2009-06-13 17:06:33 ----D---- C:\Documents and Settings\User\Application Data\gtk-2.0
2009-06-10 19:02:04 ----D---- C:\Program Files\Internet Explorer
2009-06-10 19:01:54 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-10 19:00:34 ----A---- C:\WINDOWS\imsins.BAK
2009-06-10 10:42:15 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2009-06-08 11:17:10 ----D---- C:\Documents and Settings\User\Application Data\U3
2009-06-06 20:49:37 ----D---- C:\Program Files\Google
2009-06-06 20:49:07 ----D---- C:\Program Files\DivX
2009-06-06 20:48:35 ----D---- C:\Program Files\Common Files
2009-06-05 11:42:38 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-06-04 20:41:32 ----A---- C:\WINDOWS\opt_1230.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-06-12 327688]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-20 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-05 108552]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-08 25160]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2006-08-23 3712]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-12-07 126720]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-09 4123136]
R3 LHidKe;SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-07-19 27136]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2006-07-19 71936]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VMHybrid;VMHybrid service; C:\WINDOWS\system32\DRIVERS\VMHybrid.sys [2005-04-12 705152]
S2 WFCXVCAP;WinFast TV Video Capture Driver; C:\WINDOWS\system32\drivers\wfcxvcap.sys [2006-01-27 167296]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2006-07-19 13568]
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2006-07-19 55936]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 21504]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2005-05-27 7136]
S3 PID_08A0;QuickCam IM(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2005-05-27 913280]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-14 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 usbsermptxp;Motorola USB Modem Driver for MPT XP; C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys [2006-10-30 25600]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2005-06-14 104576]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver; C:\WINDOWS\system32\drivers\wfcxdtun.sys [2006-01-27 21248]
S3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver; C:\WINDOWS\system32\drivers\wfcxtcap.sys [2006-01-27 15872]
S3 wfcxxbar;WinFast TV Crossbar Driver; C:\WINDOWS\system32\drivers\wfcxxbar.sys [2006-01-27 10368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-05-05 298776]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344]
R2 ioloFileInfoList;iolo FileInfoList Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2009-05-21 600944]
R2 ioloSystemService;iolo System Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2009-05-21 600944]
R2 Iprip;RIP Listener; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-10 951632]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\system32\tcpsvcs.exe [2006-02-28 19456]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-14 33280]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-03-04 621056]
S2 gupdate1c9885c131f00dc;Google Update Service (gupdate1c9885c131f00dc); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-06 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2007-07-26 1836544]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\system32\tcpsvcs.exe [2006-02-28 19456]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 p2pgasvc;Peer Networking Group Authentication; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2pimsvc;Peer Networking Identity Manager; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2psvc;Peer Networking; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 PNRPSvc;Peer Name Resolution Protocol; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------
mwizz
Regular Member
 
Posts: 48
Joined: June 28th, 2009, 7:32 am

Re: Hijack This log

Unread postby Axephilic » July 3rd, 2009, 1:42 pm

Download and Run ComboFix
Please visit this page to download and run Combofix - http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Save it to your desktop.

  • Double click on ComboFix.exe & follow the prompts.
  • As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. You will see the following message if Microsoft Windows Recovery Console is not installed.

    Image

    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image

Click on Yes to continue scanning for malware.

When finished, a log will be produced. Please post this log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Hijack This log

Unread postby mwizz » July 4th, 2009, 8:19 am

ComboFix log below

ComboFix 09-07-03.03 - User 04/07/2009 21:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3327.2860 [GMT 9.5:30]
Running from: c:\documents and settings\User\Desktop\WizzFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User\Application Data\FunWebProducts
c:\documents and settings\User\Application Data\FunWebProducts\Data\User\avatar.dat
c:\documents and settings\User\Application Data\FunWebProducts\Data\User\register.dat
c:\documents and settings\User\Application Data\FunWebProducts\Data\User\zbucks.dat
c:\windows\Installer\17889f.msi
c:\windows\Installer\WMEncoder.msi
c:\windows\system32\drivers\MSIVXvgdoxbirmsupkatvcjapfnhyfabdxdlm.sys
c:\windows\system32\mfc45.dll
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXgtjxhembewslsecleubtakayxplfrhyr.dll
c:\windows\system32\MSIVXrhfmymryodpqmctkkdldouenqreypufd.dll
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys
-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2009-06-04 to 2009-07-04 )))))))))))))))))))))))))))))))
.

2009-07-02 08:30 . 2009-07-02 08:30 -------- d-----w- C:\rsit
2009-06-30 06:34 . 2009-06-20 00:40 2052888 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-06-29 10:51 . 2009-03-09 19:06 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-29 10:16 . 2009-03-09 19:06 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-29 10:15 . 2009-06-29 10:15 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-29 10:15 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-29 08:12 . 2009-07-03 12:21 -------- d-----w- c:\program files\Trend Micro
2009-06-22 11:05 . 2009-06-22 11:05 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-20 00:41 . 2009-06-12 05:51 1261344 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwd.dll
2009-06-20 00:41 . 2009-06-12 05:51 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-06-20 00:41 . 2009-06-12 05:51 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-06-20 00:40 . 2009-06-12 05:51 1452312 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-06-13 07:52 . 2009-06-13 07:52 -------- d-----w- c:\program files\iPod
2009-06-13 07:52 . 2009-06-13 07:53 -------- d-----w- c:\program files\iTunes
2009-06-13 07:48 . 2009-06-13 07:48 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-12 05:52 . 2009-06-02 04:07 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-12 05:52 . 2009-06-12 05:51 826624 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\AVGToolbarInstall.exe
2009-06-12 05:52 . 2009-06-12 05:52 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-12 05:52 . 2009-06-12 05:52 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-10 08:09 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 08:09 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-06 11:18 . 2009-06-06 11:18 -------- d-----w- c:\program files\Common Files\DivX Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-04 09:08 . 2008-10-07 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-03 12:20 . 2008-07-13 10:24 -------- d-----w- c:\program files\LimeWire
2009-07-03 12:20 . 2006-06-24 13:03 -------- d-----w- c:\program files\BitTorrent
2009-07-03 12:19 . 2006-07-31 09:54 -------- d-----w- c:\program files\Ares
2009-06-30 11:11 . 2006-07-11 11:14 0 ----a-w- C:\mediasample.bin
2009-06-29 10:15 . 2009-04-04 02:11 -------- d-----w- c:\program files\Lavasoft
2009-06-29 10:15 . 2008-08-23 04:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-29 10:14 . 2006-06-23 13:47 -------- d-----w- c:\documents and settings\User\Application Data\Lavasoft
2009-06-25 13:07 . 2006-06-29 11:51 -------- d-----w- c:\program files\Yahoo!
2009-06-25 13:06 . 2007-01-18 10:12 -------- d-----w- c:\program files\pdf995
2009-06-22 11:59 . 2006-06-21 18:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-20 03:55 . 2009-04-19 09:39 1525 ----a-w- c:\documents and settings\User\Application Data\iolo\restore.bat
2009-06-20 03:38 . 2008-08-17 02:11 -------- d-----w- c:\documents and settings\User\Application Data\iolo
2009-06-20 03:38 . 2008-08-17 02:11 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2009-06-20 00:40 . 2008-05-15 01:10 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-17 11:03 . 2006-06-24 13:03 -------- d-----w- c:\documents and settings\User\Application Data\BitTorrent
2009-06-13 07:52 . 2008-05-05 11:38 -------- d-----w- c:\program files\Common Files\Apple
2009-06-13 07:51 . 2006-06-25 10:07 -------- d-----w- c:\program files\QuickTime
2009-06-13 07:36 . 2008-08-09 08:47 -------- d-----w- c:\documents and settings\User\Application Data\gtk-2.0
2009-06-12 05:51 . 2008-05-15 01:10 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-08 01:47 . 2007-05-29 11:10 -------- d-----w- c:\documents and settings\User\Application Data\U3
2009-06-06 11:19 . 2006-07-02 11:51 -------- d-----w- c:\program files\Google
2009-06-06 11:19 . 2006-07-02 11:49 -------- d-----w- c:\program files\DivX
2009-06-05 02:12 . 2009-03-21 12:49 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 02:12 . 2008-05-05 11:38 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 06:10 . 2007-07-16 05:27 940896 ----a-w- c:\windows\system32\Incinerator.dll
2009-05-24 07:23 . 2008-07-13 10:24 -------- d-----w- c:\documents and settings\User\Application Data\LimeWire
2009-05-15 11:49 . 2008-10-08 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-05-15 11:49 . 2008-10-08 11:57 -------- d-----w- c:\program files\Common Files\Nokia
2009-05-15 11:49 . 2008-10-08 11:57 -------- d-----w- c:\program files\Nokia
2009-05-15 11:48 . 2009-05-15 11:48 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7169FA93-66C2-43BD-86E0-CD332A686B29}\Installer\CommonCustomActions\Sleep.exe
2009-05-15 11:48 . 2009-05-15 11:48 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7169FA93-66C2-43BD-86E0-CD332A686B29}\Installer\CommonCustomActions\msxml6Exec.exe
2009-05-15 11:48 . 2009-05-15 11:48 3181612 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7169FA93-66C2-43BD-86E0-CD332A686B29}\Installer\CommonCustomActions\vcredistExec.exe
2009-05-15 11:48 . 2009-05-15 11:48 24312696 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7169FA93-66C2-43BD-86E0-CD332A686B29}\NokiaSoftwareUpdaterSetup_1.6.11EN.exe
2009-05-13 05:15 . 2006-02-28 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-08 10:29 . 2007-07-18 13:27 -------- d-----w- c:\documents and settings\User\Application Data\Canon
2009-05-07 15:32 . 2006-02-28 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-04 23:44 . 2009-02-04 07:18 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-04 23:43 . 2009-03-30 09:11 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-04-27 09:32 . 2009-04-27 09:32 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2009-04-27 09:32 . 2009-04-27 09:32 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-04-27 09:32 . 2009-04-27 09:32 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2009-04-27 09:32 . 2009-04-27 09:33 34396584 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_eng.exe
2009-04-17 12:26 . 2006-02-28 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2006-02-28 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2007-07-25 10:16 . 2006-12-09 04:28 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2008-09-20 07:14 . 2008-09-20 07:13 48 --sh--w- c:\windows\S9A399B4C.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-02 04:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-16 67128]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-07 39408]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"SW20"="c:\windows\system32\sw20.exe" [2005-06-29 212992]
"SW24"="c:\windows\system32\sw24.exe" [2005-07-04 69632]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2006-03-27 69632]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2006-03-20 327680]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"BigPond Toolbar"="c:\program files\Telstra\Toolbar\bpumTray.exe" [2005-12-01 327680]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-26 1836544]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-08-03 529968]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-08-03 244520]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2005-12-09 15691264]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-04 1626112]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2006-07-19 94208]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2006-07-19 94208]

c:\documents and settings\User\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-7-16 113664]
ComproRemote.lnk - c:\program files\Common Files\VideoMate\ComproRemote.exe [2006-8-16 151552]
ComproSchedulerDTV.lnk - c:\program files\Common Files\VideoMate\ComproSchedulerDTV.exe [2006-8-15 77824]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-2-16 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-10-25 671744]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2008-2-18 49220]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-04 23:44 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 6\\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [29/06/2009 7:46 PM 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [15/05/2008 10:40 AM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [30/03/2009 6:41 PM 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/02/2009 4:48 PM 298776]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [19/04/2009 7:02 PM 600944]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [19/04/2009 7:02 PM 600944]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [10/03/2009 4:36 AM 951632]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [25/10/2007 9:05 PM 3712]
R3 VMHybrid;VMHybrid service;c:\windows\system32\drivers\VMHybrid.sys [11/07/2006 8:29 PM 705152]
S2 gupdate1c9885c131f00dc;Google Update Service (gupdate1c9885c131f00dc);c:\program files\Google\Update\GoogleUpdate.exe [6/02/2009 10:38 PM 133104]
S2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [22/06/2006 4:57 AM 167296]
S3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [22/06/2006 4:57 AM 21248]
S3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [22/06/2006 4:57 AM 15872]
S3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [22/06/2006 4:57 AM 10368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2009-06-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]

2009-07-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 03:04]

2009-07-04 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 00:50]

2009-07-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-07 07:44]

2009-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 13:08]

2009-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 13:08]

2009-07-04 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 06:34]

2009-07-04 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 06:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BitTorrent - c:\program files\BitTorrent\bittorrent.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bigpond.com.au/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost;*.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {F1D54B0B-B6EA-43B5-BD26-A79D3DBF47E3} - hxxp://bigpondmusic.com/activex/multidownx.cab
DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - hxxp://www.iolo.com/app/ocx/UpgradeVerify.ocx
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-04 21:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4072)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\BRSS01A.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logitech\khalshared\KHALMNPR.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2009-07-04 21:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-04 12:17

Pre-Run: 127,276,761,088 bytes free
Post-Run: 127,559,032,832 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

306 --- E O F --- 2009-06-10 09:32
mwizz
Regular Member
 
Posts: 48
Joined: June 28th, 2009, 7:32 am

Re: Hijack This log

Unread postby Axephilic » July 5th, 2009, 1:25 am

Hi there,

Run ComboFix

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
Folder::
C:\Program Files\LimeWire
C:\Program Files\BitTorrent
C:\Program Files\Ares
c:\documents and settings\User\Application Data\LimeWire
Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Ares\Ares.exe"=-
"C:\Program Files\BitTorrent\bittorrent.exe"=-
"C:\Program Files\LimeWire\LimeWire.exe"=-


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Please Download and Run Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


In your next reply, please include:
  1. ComboFix log
  2. MBAM log
  3. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Hijack This log

Unread postby mwizz » July 5th, 2009, 5:00 am

Combo Fix Log


ComboFix 09-07-04.04 - User 05/07/2009 16:45.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3327.2556 [GMT 9.5:30]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User\Application Data\LimeWire
c:\documents and settings\User\Application Data\LimeWire\browser\xul-v2.0b2.4-do-not-remove
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\branding.jar
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\branding.manifest
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\classic.jar
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\classic.manifest
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\comm.jar
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\comm.manifest
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\limewire.jar
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\limewire.manifest
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\pippki.manifest
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\chrome\toolkit.manifest
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\accessibility-msaa.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\accessibility.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\alerts.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\appshell.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\appstartup.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\autocomplete.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\autoconfig.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\caps.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\chardet.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\chrome.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\commandhandler.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\commandlines.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\composer.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\content_base.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\content_html.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\content_htmldoc.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\content_xmldoc.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\content_xslt.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\content_xtf.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\contentprefs.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\cookie.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\directory.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\docshell_base.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_base.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_canvas.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_core.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_css.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_events.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_html.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_json.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_loadsave.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_offline.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_range.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_sidebar.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_storage.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_stylesheets.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_svg.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_traversal.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_views.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_xbl.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_xpath.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\dom_xul.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\downloads.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\editor.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\embed_base.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\extensions.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\exthandler.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\exthelper.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\fastfind.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\FeedProcessor.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\feeds.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\find.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\gfx.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\htmlparser.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\imgicon.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\imglib2.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\inspector.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\intl.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\jar.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\jsconsole-clhandler.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\jsdservice.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\layout_base.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\layout_printing.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\layout_xul.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\layout_xul_tree.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\locale.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\loginmgr.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\lwbrk.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\mimetype.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\mozbrwsr.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\mozfind.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\necko.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\necko_about.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\necko_cache.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\necko_cookie.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\necko_dns.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\necko_file.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\necko_ftp.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\necko_http.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\necko_res.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\necko_socket.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\necko_strconv.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\necko_viewsource.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsAddonRepository.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsBadCertHandler.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsBlocklistService.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsContentDispatchChooser.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsContentPrefService.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsDefaultCLH.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsDictionary.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsDownloadManagerUI.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsExtensionManager.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsHandlerService.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsHelperAppDlg.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsLivemarkService.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsLoginInfo.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsLoginManager.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsLoginManagerPrompter.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsPostUpdateWin.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsProgressDialog.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsProxyAutoConfig.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsResetPref.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsTaggingService.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsTryToClose.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsUpdateService.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsURLFormatter.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsWebHandlerApp.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsXmlRpcClient.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\nsXULAppInstall.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\oji.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\parentalcontrols.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\pipboot.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\pipboot.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\pipnss.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\pipnss.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\pippki.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\pippki.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\places.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\plugin.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\pluginGlue.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\pref.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\prefetch.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\profile.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\proxyObject.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\rdf.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\satchel.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\saxparser.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\shistory.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\spellchecker.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\storage.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\toolkitprofile.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\transformiix.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\txEXSLTRegExFunctions.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\txmgr.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\txtsvc.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\uconv.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\unicharutil.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\universalchardet.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\update.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\uriloader.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\urlformatter.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\webBrowser_core.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\webbrowserpersist.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\webshell_idls.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\websrvcs.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\widget.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\windowds.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\windowwatcher.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xmlextras.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xpcom_base.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xpcom_components.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xpcom_ds.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xpcom_io.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xpcom_system.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xpcom_thread.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xpcom_xpti.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xpconnect.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xpinstall.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xulapp.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xulapp_setup.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xuldoc.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xultmpl.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\xulutil.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\components\zipwriter.xpt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\crashreporter.ini
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\platform.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig\prefcalls.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\defaults\pref\xulrunner.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userChrome-example.css
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome\userContent-example.css
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\defaults\profile\localstore.rdf
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userChrome-example.css
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome\userContent-example.css
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\localstore.rdf
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\dependentlibs.list
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\freebl3.chk
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\freebl3.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\greprefs\all.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\greprefs\xpinstall.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\javaxpcom.jar
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\js3250.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\LICENSE
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\modules\debug.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\modules\DownloadUtils.jsm
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\modules\ISO8601DateUtils.jsm
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\modules\Microformats.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\modules\PluralForm.jsm
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\modules\utils.js
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\modules\XPCOMUtils.jsm
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\mozctl.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\mozctlx.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\msvcr71.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\nspr4.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\nss3.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\nssckbi.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\nssutil3.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\platform.ini
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\plc4.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\plds4.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\plugins\npnul32.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\README.txt
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\arrow.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\arrowd.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\broken-image.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\charsetalias.properties
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\charsetData.properties
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\contenteditable.css
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\designmode.css
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\dtd\xhtml11.dtd
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\EditorOverride.css
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Latin1.properties
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Special.properties
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\entityTables\html40Symbols.properties
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\entityTables\htmlEntityVersions.properties
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\entityTables\mathml20.properties
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\entityTables\transliterate.properties
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfont.properties
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontStandardSymbolsL.properties
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXNonUnicode.properties
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSTIXSize1.properties
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontSymbol.properties
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\fonts\mathfontUnicode.properties
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\forms.css
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\grabber.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\html.css
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\html\folder.png
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\langGroups.properties
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\language.properties
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\loading-image.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\mathml.css
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\quirk.css
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\svg.css
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\ua.css
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\viewsource.css
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\res\wincharset.properties
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\smime3.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\softokn3.chk
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\softokn3.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\sqlite3.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\ssl3.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\updater.exe
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\version.properties
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\xpcom.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\xpidl.exe
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\xul.dll
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\documents and settings\User\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
c:\documents and settings\User\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\User\Application Data\LimeWire\createtimes.cache
c:\documents and settings\User\Application Data\LimeWire\downloads.dat
c:\documents and settings\User\Application Data\LimeWire\fileurns.bak
c:\documents and settings\User\Application Data\LimeWire\fileurns.cache
c:\documents and settings\User\Application Data\LimeWire\filters.props
c:\documents and settings\User\Application Data\LimeWire\gnutella.net
c:\documents and settings\User\Application Data\LimeWire\installation.props
c:\documents and settings\User\Application Data\LimeWire\library.dat
c:\documents and settings\User\Application Data\LimeWire\library5.dat
c:\documents and settings\User\Application Data\LimeWire\limewire.props
c:\documents and settings\User\Application Data\LimeWire\mojito.props
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\.autoreg
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\Cache\AE98BDF8d01
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\Cache\BAFF9A98d01
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\cert8.db
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\compreg.dat
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\cookies.sqlite
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\downloads.sqlite
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\extensions.cache
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\extensions.ini
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\history.dat
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\key3.db
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\permissions.sqlite
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\places.sqlite-journal
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\places.sqlite
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\pluginreg.dat
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\prefs.js
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\secmod.db
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\XPC.mfl
c:\documents and settings\User\Application Data\LimeWire\mozilla-profile\xpti.dat
c:\documents and settings\User\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\User\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\User\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\User\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\User\Application Data\LimeWire\questions.props
c:\documents and settings\User\Application Data\LimeWire\responses.cache
c:\documents and settings\User\Application Data\LimeWire\simpp.xml
c:\documents and settings\User\Application Data\LimeWire\spam.dat
c:\documents and settings\User\Application Data\LimeWire\tables.props
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\User\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\User\Application Data\LimeWire\ttdata.cache
c:\documents and settings\User\Application Data\LimeWire\ttrees.cache
c:\documents and settings\User\Application Data\LimeWire\ttroot.cache
c:\documents and settings\User\Application Data\LimeWire\version.xml
c:\documents and settings\User\Application Data\LimeWire\versions.props
c:\documents and settings\User\Application Data\LimeWire\xml\data\audio.sxml2
c:\documents and settings\User\Application Data\LimeWire\xml\data\audio.sxml3
c:\program files\Ares
c:\program files\Ares\dxva_sig.txt
c:\program files\BitTorrent
c:\program files\BitTorrent\addrmap.dat
c:\program files\BitTorrent\credits-l10n.txt
c:\program files\BitTorrent\plugin.inf
c:\program files\LimeWire
c:\program files\LimeWire\additional_resources.pack
c:\program files\LimeWire\aopalliance.pack
c:\program files\LimeWire\base64-2.2.2.pack
c:\program files\LimeWire\clink.pack
c:\program files\LimeWire\commons-codec-1.3.pack
c:\program files\LimeWire\commons-logging.pack
c:\program files\LimeWire\commons-math-1.2.pack
c:\program files\LimeWire\daap.pack
c:\program files\LimeWire\dnsjava-2.0.6.pack
c:\program files\LimeWire\gettext-commons.pack
c:\program files\LimeWire\glazedlists-1.7.0_java15.pack
c:\program files\LimeWire\guice-assistedinject-snapshot.pack
c:\program files\LimeWire\guice-snapshot.pack
c:\program files\LimeWire\hsqldb.pack
c:\program files\LimeWire\httpclient-4.0-beta1.pack
c:\program files\LimeWire\httpcore-4.0-beta2.pack
c:\program files\LimeWire\httpcore-nio-4.0-beta2.pack
c:\program files\LimeWire\icu4j.pack
c:\program files\LimeWire\iTunes-0.0.1.pack
c:\program files\LimeWire\jacob-1.14.1.pack
c:\program files\LimeWire\jaudiotagger.pack
c:\program files\LimeWire\jcip-annotations.pack
c:\program files\LimeWire\jcraft.pack
c:\program files\LimeWire\jdic.pack
c:\program files\LimeWire\jdic_stub.pack
c:\program files\LimeWire\jflac.pack
c:\program files\LimeWire\jl.pack
c:\program files\LimeWire\jmdns.pack
c:\program files\LimeWire\jna.pack
c:\program files\LimeWire\jogg.pack
c:\program files\LimeWire\jorbis.pack
c:\program files\LimeWire\jxlayer.pack
c:\program files\LimeWire\lib\commons-net.jar
c:\program files\LimeWire\lib\dnsjava.jar
c:\program files\LimeWire\lib\forms.jar
c:\program files\LimeWire\lib\foxtrot.jar
c:\program files\LimeWire\lib\guice-1.0.jar
c:\program files\LimeWire\lib\httpclient-4.0-alpha5-20080522.192134-5.jar
c:\program files\LimeWire\lib\httpcore-4.0-beta2-20080510.140437-10.jar
c:\program files\LimeWire\lib\httpcore-nio-4.0-beta2-20080510.140437-10.jar
c:\program files\LimeWire\lib\looks.jar
c:\program files\LimeWire\lib\ProgressTabs.jar
c:\program files\LimeWire\lib\swt.jar
c:\program files\LimeWire\lib\themes.jar
c:\program files\LimeWire\lib\tray.dll
c:\program files\LimeWire\lib\UnpackedJars.7z
c:\program files\LimeWire\LimeWire.jar.tmp
c:\program files\LimeWire\log4j.pack
c:\program files\LimeWire\messages.pack
c:\program files\LimeWire\miglayout.pack
c:\program files\LimeWire\mozdom4java.pack
c:\program files\LimeWire\MozillaGlue-1.9.pack
c:\program files\LimeWire\MozillaInterfaces-1.9.pack
c:\program files\LimeWire\mozswing.pack
c:\program files\LimeWire\mp3spi.pack
c:\program files\LimeWire\onion-common.pack
c:\program files\LimeWire\onion-fec.pack
c:\program files\LimeWire\smack.pack
c:\program files\LimeWire\smackx-debug.pack
c:\program files\LimeWire\smackx.pack
c:\program files\LimeWire\swing-worker-1.1.pack
c:\program files\LimeWire\swingx-0.9.4.pack
c:\program files\LimeWire\tritonus.pack
c:\program files\LimeWire\vorbisspi.pack

.
((((((((((((((((((((((((( Files Created from 2009-06-05 to 2009-07-05 )))))))))))))))))))))))))))))))
.

2009-07-05 02:19 . 2009-06-12 05:51 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-07-05 02:19 . 2009-06-12 05:51 3402008 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-05 02:19 . 2009-06-12 05:51 1204504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll
2009-07-05 02:19 . 2009-06-12 05:51 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-07-04 12:28 . 2009-07-04 12:28 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-07-04 12:28 . 2009-07-04 12:28 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-04 12:28 . 2009-07-04 12:28 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-07-04 12:28 . 2009-07-04 12:28 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-04 12:28 . 2009-07-04 12:28 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-07-04 12:28 . 2009-07-04 12:28 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-07-04 12:28 . 2009-07-04 12:28 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-04 12:28 . 2009-07-04 12:28 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-04 12:28 . 2009-07-04 12:28 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-07-04 12:28 . 2009-07-04 12:28 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-07-04 12:28 . 2009-07-04 12:28 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-07-04 12:27 . 2009-07-04 12:27 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-07-04 12:27 . 2009-07-04 12:27 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-07-04 12:27 . 2009-07-04 12:27 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-07-04 12:27 . 2009-07-04 12:27 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-07-04 12:27 . 2009-07-04 12:27 2352968 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-04 12:27 . 2009-07-04 12:27 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-04 12:27 . 2009-07-04 12:27 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-04 12:27 . 2009-07-04 12:27 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-07-02 08:30 . 2009-07-02 08:30 -------- d-----w- C:\rsit
2009-06-30 06:34 . 2009-06-30 06:34 2052376 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-06-29 10:51 . 2009-07-04 12:28 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-29 10:16 . 2009-07-04 12:28 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-29 10:15 . 2009-06-29 10:15 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-29 10:15 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-29 08:12 . 2009-07-03 12:21 -------- d-----w- c:\program files\Trend Micro
2009-06-22 11:05 . 2009-06-22 11:05 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-20 00:41 . 2009-06-20 00:40 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-06-20 00:41 . 2009-06-20 00:40 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-06-20 00:41 . 2009-06-12 05:51 1261344 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwd.dll
2009-06-20 00:40 . 2009-06-20 00:40 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-06-13 07:52 . 2009-06-13 07:52 -------- d-----w- c:\program files\iPod
2009-06-13 07:52 . 2009-06-13 07:53 -------- d-----w- c:\program files\iTunes
2009-06-13 07:48 . 2009-06-13 07:48 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-12 05:52 . 2009-06-02 04:07 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-12 05:52 . 2009-06-12 05:51 826624 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\AVGToolbarInstall.exe
2009-06-12 05:52 . 2009-06-12 05:52 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-12 05:52 . 2009-06-12 05:52 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-10 08:09 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 08:09 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-06 11:18 . 2009-06-06 11:18 -------- d-----w- c:\program files\Common Files\DivX Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-05 02:19 . 2008-05-15 01:10 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-04 09:08 . 2008-10-07 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-30 11:11 . 2006-07-11 11:14 0 ----a-w- C:\mediasample.bin
2009-06-29 10:15 . 2009-04-04 02:11 -------- d-----w- c:\program files\Lavasoft
2009-06-29 10:15 . 2008-08-23 04:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-29 10:14 . 2006-06-23 13:47 -------- d-----w- c:\documents and settings\User\Application Data\Lavasoft
2009-06-25 13:07 . 2006-06-29 11:51 -------- d-----w- c:\program files\Yahoo!
2009-06-25 13:06 . 2007-01-18 10:12 -------- d-----w- c:\program files\pdf995
2009-06-22 11:59 . 2006-06-21 18:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-20 03:55 . 2009-04-19 09:39 1525 ----a-w- c:\documents and settings\User\Application Data\iolo\restore.bat
2009-06-20 03:38 . 2008-08-17 02:11 -------- d-----w- c:\documents and settings\User\Application Data\iolo
2009-06-20 03:38 . 2008-08-17 02:11 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2009-06-20 00:40 . 2008-05-15 01:10 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-17 11:03 . 2006-06-24 13:03 -------- d-----w- c:\documents and settings\User\Application Data\BitTorrent
2009-06-13 07:52 . 2008-05-05 11:38 -------- d-----w- c:\program files\Common Files\Apple
2009-06-13 07:51 . 2006-06-25 10:07 -------- d-----w- c:\program files\QuickTime
2009-06-13 07:36 . 2008-08-09 08:47 -------- d-----w- c:\documents and settings\User\Application Data\gtk-2.0
2009-06-08 01:47 . 2007-05-29 11:10 -------- d-----w- c:\documents and settings\User\Application Data\U3
2009-06-06 11:19 . 2006-07-02 11:51 -------- d-----w- c:\program files\Google
2009-06-06 11:19 . 2006-07-02 11:49 -------- d-----w- c:\program files\DivX
2009-06-05 02:12 . 2009-03-21 12:49 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 02:12 . 2008-05-05 11:38 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 06:10 . 2007-07-16 05:27 940896 ----a-w- c:\windows\system32\Incinerator.dll
2009-05-15 11:49 . 2008-10-08 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-05-15 11:49 . 2008-10-08 11:57 -------- d-----w- c:\program files\Common Files\Nokia
2009-05-15 11:49 . 2008-10-08 11:57 -------- d-----w- c:\program files\Nokia
2009-05-15 11:48 . 2009-05-15 11:48 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7169FA93-66C2-43BD-86E0-CD332A686B29}\Installer\CommonCustomActions\Sleep.exe
2009-05-15 11:48 . 2009-05-15 11:48 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7169FA93-66C2-43BD-86E0-CD332A686B29}\Installer\CommonCustomActions\msxml6Exec.exe
2009-05-15 11:48 . 2009-05-15 11:48 3181612 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7169FA93-66C2-43BD-86E0-CD332A686B29}\Installer\CommonCustomActions\vcredistExec.exe
2009-05-15 11:48 . 2009-05-15 11:48 24312696 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7169FA93-66C2-43BD-86E0-CD332A686B29}\NokiaSoftwareUpdaterSetup_1.6.11EN.exe
2009-05-13 05:15 . 2006-02-28 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-08 10:29 . 2007-07-18 13:27 -------- d-----w- c:\documents and settings\User\Application Data\Canon
2009-05-07 15:32 . 2006-02-28 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-04 23:44 . 2009-02-04 07:18 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-04 23:43 . 2009-03-30 09:11 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-04-27 09:32 . 2009-04-27 09:32 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2009-04-27 09:32 . 2009-04-27 09:32 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-04-27 09:32 . 2009-04-27 09:32 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2009-04-27 09:32 . 2009-04-27 09:33 34396584 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_eng.exe
2009-04-17 12:26 . 2006-02-28 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2006-02-28 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2007-07-25 10:16 . 2006-12-09 04:28 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2008-09-20 07:14 . 2008-09-20 07:13 48 --sh--w- c:\windows\S9A399B4C.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-02 04:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-16 67128]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-07 39408]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"SW20"="c:\windows\system32\sw20.exe" [2005-06-29 212992]
"SW24"="c:\windows\system32\sw24.exe" [2005-07-04 69632]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2006-03-27 69632]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2006-03-20 327680]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"BigPond Toolbar"="c:\program files\Telstra\Toolbar\bpumTray.exe" [2005-12-01 327680]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-26 1836544]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-08-03 529968]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-08-03 244520]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-04 520024]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2005-12-09 15691264]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-04 1626112]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2006-07-19 94208]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2006-07-19 94208]

c:\documents and settings\User\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-7-16 113664]
ComproRemote.lnk - c:\program files\Common Files\VideoMate\ComproRemote.exe [2006-8-16 151552]
ComproSchedulerDTV.lnk - c:\program files\Common Files\VideoMate\ComproSchedulerDTV.exe [2006-8-15 77824]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-2-16 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-10-25 671744]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2008-2-18 49220]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-04 23:44 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 6\\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [29/06/2009 7:46 PM 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [15/05/2008 10:40 AM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [30/03/2009 6:41 PM 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/02/2009 4:48 PM 298776]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [19/04/2009 7:02 PM 600944]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [19/04/2009 7:02 PM 600944]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [25/10/2007 9:05 PM 3712]
R3 VMHybrid;VMHybrid service;c:\windows\system32\drivers\VMHybrid.sys [11/07/2006 8:29 PM 705152]
S2 gupdate1c9885c131f00dc;Google Update Service (gupdate1c9885c131f00dc);c:\program files\Google\Update\GoogleUpdate.exe [6/02/2009 10:38 PM 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [10/03/2009 4:36 AM 1029456]
S2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [22/06/2006 4:57 AM 167296]
S3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [22/06/2006 4:57 AM 21248]
S3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [22/06/2006 4:57 AM 15872]
S3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [22/06/2006 4:57 AM 10368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2009-06-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 12:27]

2009-07-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 03:04]

2009-07-05 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 00:50]

2009-07-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-07 07:44]

2009-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 13:08]

2009-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 13:08]

2009-07-04 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 06:34]

2009-07-05 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 06:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bigpond.com.au/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = localhost;*.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {F1D54B0B-B6EA-43B5-BD26-A79D3DBF47E3} - hxxp://bigpondmusic.com/activex/multidownx.cab
DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - hxxp://www.iolo.com/app/ocx/UpgradeVerify.ocx
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-05 16:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-07-05 16:50
ComboFix-quarantined-files.txt 2009-07-05 07:20
ComboFix2.txt 2009-07-05 06:42
ComboFix3.txt 2009-07-04 12:17

Pre-Run: 127,799,181,312 bytes free
Post-Run: 127,764,803,584 bytes free

707 --- E O F --- 2009-06-10 09:32

MBAM Log

Malwarebytes' Anti-Malware 1.38
Database version: 2375
Windows 5.1.2600 Service Pack 3

5/07/2009 6:11:21 PM
mbam-log-2009-07-05 (18-11-21).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 194255
Time elapsed: 39 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\all users\start menu\Programs\relevantknowledge\About RelevantKnowledge.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\relevantknowledge\Privacy Policy and User License Agreement.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\relevantknowledge\Support.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\relevantknowledge\Uninstall Instructions.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.


HiJack This Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:19:39 PM, on 5/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Common Files\VideoMate\ComproRemote.exe
C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MailWasher Pro\MailWasher.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: ActivateBand Class - {4C7B6DE1-99A4-4CF1-8B44-68889900E1D0} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: ComproRemote.lnk = ?
O4 - Global Startup: ComproSchedulerDTV.lnk = C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F1D54B0B-B6EA-43B5-BD26-A79D3DBF47E3} (Multidownx Control) - http://bigpondmusic.com/activex/multidownx.cab
O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} (iolo.ProductDetector) - http://www.iolo.com/app/ocx/UpgradeVerify.ocx
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9885c131f00dc) (gupdate1c9885c131f00dc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 14384 bytes
mwizz
Regular Member
 
Posts: 48
Joined: June 28th, 2009, 7:32 am

Re: Hijack This log

Unread postby Axephilic » July 5th, 2009, 2:46 pm

Hello,

Fix HijackThis lines

  • Run HijackThis!
  • Click on Do a System Scan only
  • Place a tick next to the following lines:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Close all open windows and click on Fix checked and when you get a popup window click on Yes.

Update Java
Your JRE is out of date. The current version is Java Runtime Environment (JRE) 6 Update 13.

  1. Click on Start > Control Panel and double click on Add/Remove Programs. Locatethe following entries and click on Change/Remove to uninstall them:

    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 7
    J2SE Runtime Environment 5.0 Update 9
    Java(TM) SE Runtime Environment 6 Update 1
  2. Click here to visit Java's website.
  3. Select Windows from the drop-down list for Platform.
  4. Select Multi-language from the drop-down list for Language.
  5. Check (tick) I agree to the Java SE Runtime Environment 6 License Agreement box and click on Continue.
  6. Click on jre-6u13-windows-i586-p.exe link to download it and save this to a convenient location.
  7. Run this installation to update your Java.

Update your Adobe Reader
Your version of Adobe Reader is old and may contain security leaks. Please first uninstall the older version, then download and install the newest version from here.

Kaspersky Online Scanner
Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

In your next reply, please include:
  1. Kaspersky report
  2. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Hijack This log

Unread postby mwizz » July 6th, 2009, 8:50 am

Kapersky Report

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Monday, July 6, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Monday, July 06, 2009 11:25:38
Records in database: 2432055
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Files scanned: 97236
Threat name: 6
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 01:59:27


File name / Threat name / Threats count
C:\Documents and Settings\User\My Documents\LimeWire\Saved\Biffy Clyro Mountains .mp3 Infected: Trojan-Downloader.WMA.GetCodec.n 1
C:\Documents and Settings\User\My Documents\LimeWire\Saved\Eskimo Joe - Foreign Land.mp3 Infected: Trojan-Downloader.WMA.GetCodec.u 1
C:\Documents and Settings\User\My Documents\LimeWire\Saved\potbelleez - trouble trouble CD quality.mp3 Infected: Trojan-Downloader.WMA.GetCodec.f 1
D:\Email\Email Backup June06\eBay.dbx Infected: Trojan-Spy.HTML.Bayfraud.ib 1
D:\MISC\Ares\arespremium.exe Infected: not-a-virus:AdWare.Win32.Relevant.a 1
D:\Program Downloads\ae97pr.zip Infected: not-a-virus:PSWTool.Win32.OEPass.d 1

The selected area was scanned.


HiJack This Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:16 PM, on 6/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\VideoMate\ComproRemote.exe
C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: ActivateBand Class - {4C7B6DE1-99A4-4CF1-8B44-68889900E1D0} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: ComproRemote.lnk = ?
O4 - Global Startup: ComproSchedulerDTV.lnk = C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F1D54B0B-B6EA-43B5-BD26-A79D3DBF47E3} (Multidownx Control) - http://bigpondmusic.com/activex/multidownx.cab
O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} (iolo.ProductDetector) - http://www.iolo.com/app/ocx/UpgradeVerify.ocx
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9885c131f00dc) (gupdate1c9885c131f00dc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 14367 bytes
mwizz
Regular Member
 
Posts: 48
Joined: June 28th, 2009, 7:32 am

Re: Hijack This log

Unread postby Axephilic » July 6th, 2009, 2:14 pm

Hi there,

Run ComboFix

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
File::
D:\Email\Email Backup June06\eBay.dbx
D:\MISC\Ares\arespremium.exe
D:\Program Downloads\ae97pr.zip 
Folder::
C:\Documents and Settings\User\My Documents\LimeWire


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

In your next reply, please include:
  1. ComboFix log
  2. How is it running now?
  3. A new HijackThis log

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Hijack This log

Unread postby mwizz » July 7th, 2009, 5:34 am

ComboFix log

ComboFix 09-07-06.02 - User 07/07/2009 18:55.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3327.2563 [GMT 9.5:30]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"d:\email\Email Backup June06\eBay.dbx"
"d:\misc\Ares\arespremium.exe"
"d:\program downloads\ae97pr.zip"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User\My Documents\LimeWire
c:\documents and settings\User\My Documents\LimeWire\Incomplete\T-10055808-Beyonce - Halo (Mysto & Pizzi Dance Remix).mp3
c:\documents and settings\User\My Documents\LimeWire\Incomplete\T-2069557-The Ting Tings - Shut Up And Let Me Go.mp3
c:\documents and settings\User\My Documents\LimeWire\Incomplete\T-2071693-The Ting Tings - Shut Up And Let Me Go.mp3
c:\documents and settings\User\My Documents\LimeWire\Incomplete\T-4013721-Katy Perry - One of the boys.mp3
c:\documents and settings\User\My Documents\LimeWire\Incomplete\T-4719804-Kevin Rudolph Feat. Lil Wayne - Let It Rock ( 2oo8 ) [ www.MzHipHop.com ].mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\12 The Sound Of White.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\3oh3 - dont trust me.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\AlbumArt_{B4D64800-68E1-4C8D-AC39-E927FA0FB169}_Large.jpg
c:\documents and settings\User\My Documents\LimeWire\Saved\AlbumArt_{B4D64800-68E1-4C8D-AC39-E927FA0FB169}_Small.jpg
c:\documents and settings\User\My Documents\LimeWire\Saved\AlbumArt_{BB768CE7-07BD-48A2-930F-26F5D38676C1}_Large.jpg
c:\documents and settings\User\My Documents\LimeWire\Saved\AlbumArt_{BB768CE7-07BD-48A2-930F-26F5D38676C1}_Small.jpg
c:\documents and settings\User\My Documents\LimeWire\Saved\AlbumArt_{C484F368-3EC1-47D2-B72D-3B23A7F50999}_Large.jpg
c:\documents and settings\User\My Documents\LimeWire\Saved\AlbumArt_{C484F368-3EC1-47D2-B72D-3B23A7F50999}_Small.jpg
c:\documents and settings\User\My Documents\LimeWire\Saved\AlbumArt_{D394A1B2-A082-4B9B-BC07-36494034787E}_Large.jpg
c:\documents and settings\User\My Documents\LimeWire\Saved\AlbumArt_{D394A1B2-A082-4B9B-BC07-36494034787E}_Small.jpg
c:\documents and settings\User\My Documents\LimeWire\Saved\AlbumArtSmall.jpg
c:\documents and settings\User\My Documents\LimeWire\Saved\Barlow Girl - She Walked Away.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Beyonce - I Am Sasha Fierce - 13 -Sweet Dreams.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Beyonce - If I Were A Boy.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Beyonce - Single Ladies (Put a Ring on it).mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Beyonce Halo Remix Featuring Ne-Yo (Offical Music Remix HQ) 2009 NeYo.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Biffy Clyro Mountains .mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Black Eyed Peas - Boom Boom Pow.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Britney Spears-Circus.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Britney Spears - Womaniser.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Brooke Hogan - By Heart.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Cassie Davis - Differently (Feat. Travis McCoy)-glamusicbr.blogspot.com.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\cassie davis - like it loud.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Cheetah Girls - Fly Away.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Cheetah Girls - if I never knew you.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Daniel Merriweather - Change.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\David Guetta feat. Kelly Rowland - When Love Takes Over(1).mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\David Guetta Ft. Kelly Rowland - When Love Takes Over [World Premiere](1).mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\desktop.ini
c:\documents and settings\User\My Documents\LimeWire\Saved\Eminem - We Made You.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Empire of The Sun - Walking on a Dream.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Eskimo Joe - Foreign Land.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Fallout Boy - I Dont Care.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Flo Rida - Right Round.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Flo Rida ft. Wynter- Sugar.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Folder.jpg
c:\documents and settings\User\My Documents\LimeWire\Saved\Green Day - Know Your Enemy 2009 Single.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Jamie Foxx - Blame It (On The Alcohol) ft. T-Pain.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Jason Mraz - I'm Yours.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Jessica Mauboy - Burn(1).mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Jessica Mauboy ft. Flo rida - Running Back.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Jonas Brothers - Paranoid(1).mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Kanye West - Love Lockdown.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Katy Perry - Hot'N Cold.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Katy Perry - One of the boys.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Kelly Clarkson - I Do Not Hook Up.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Kelly Rowland - Ms Kelly - This Is Love.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Kevin Rudolph Feat. Lil Wayne - Let It Rock ( 2oo8 ) [ www.MzHipHop.com ].mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Kings Of Leon - Sex On Fire.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Kings of Leons - Use Somebody.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Lady Gaga - Just Dance.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Lady GaGa - Love Games.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Lady Gaga - Poker Face.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Lady GaGa Feat. LMFAO - Love Game (Party Rock Remix).mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\lady gaga love game greatest hit 2009.wma
c:\documents and settings\User\My Documents\LimeWire\Saved\Lady Sovereign - So Human.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Lily Allen - Not Fair.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Linkin Park - New Divide.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\MGMT - Kids.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Miley Cyrus - Fly On The Wall.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Miley Cyrus - The_Climb.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Natasha Bedingfield - Angel.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Pez - the festival song.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Pink - Bad Influence.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Pink - Sober.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\potbelleez - trouble trouble CD quality.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Puff Daddy & Faith Hill & 112- I'll Be Missing You.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Pussycat Dolls - Hush Hush.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Pussycat Dolls - I Hate This Part.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Pussycat Dolls ft. A.R. Rahman - Jai Ho (You Are My Destiny).mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Raven Symone - The Cheetah Girls - Girl Power.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Secondhand Serenade - Fall For You1.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Souljah Boy - Kiss Me Thru The Phone.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\T.I ft Justin Timberlake - Dead and Gone.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\the cheetah girls - Amigas Cheetahs.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\The Cheetah Girls - Cheetah Love.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\The Cheetah Girls - Cheetah Sisters.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\The Cheetah Girls - Dance Me If You Can.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\The Cheetah Girls - Fuego.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\The Cheetah Girls - Girl Power.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\The Cheetah Girls - I Won't Say (I'm In Love).mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\The Cheetah Girls - One World Soundtrack - No Place Like Us.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\the cheetah girls - one world.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\The Cheetah Girls - Shake A Tail Feather.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\The Cheetah Girls - So Bring It On (FULL).mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\The Cheetah Girls - Step Up.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\The Cheetah Girls - Strut.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\The Cheetah Girls - The Party's Just Begun(2).mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\The Cheetah Girls - Together we Can.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\The Cheetah Girls -Raven - Superstition.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\The Cheetah Girls - Cinderella.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\The Cheetah GIrls 2 - Why Wait.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\The Cheetah Girls 2 - A La Nanita Nana.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\The Cheetah Girls 2 - Dance With Me.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\The Cheetah Girls 2 Soundtrack -07- It's Over.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\The Cheetah Girls 3 - Dig A Little Deeper.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\The Ian Carey Project - Get Shakey .mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\The Lonely Island - I'm On A Boat (Feat T-Pain).mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\The Presets - Talk Like That .mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\The Ting Tings - Shut Up And Let Me Go.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\The Ting Tings - Thats Not My Name.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\The Veronicas - Popular.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\TI ft Rihanna - Live Your Life.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Wicked The Musical - For Good (Glinda and Elphaba).mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\Wicked The Musical - Popular.mp3
c:\documents and settings\User\My Documents\LimeWire\Saved\You- Wes Carr.mp3
c:\documents and settings\User\My Documents\LimeWire\Thumbs.db
d:\email\Email Backup June06\eBay.dbx
d:\misc\Ares\arespremium.exe
d:\program downloads\ae97pr.zip

.
((((((((((((((((((((((((( Files Created from 2009-06-07 to 2009-07-07 )))))))))))))))))))))))))))))))
.

2009-07-06 09:41 . 2009-07-06 09:40 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-05 07:28 . 2009-07-05 07:28 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2009-07-05 07:28 . 2009-06-17 01:57 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-05 07:28 . 2009-07-05 07:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-05 07:28 . 2009-07-05 07:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-05 07:28 . 2009-06-17 01:57 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-05 02:19 . 2009-06-12 05:51 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-07-05 02:19 . 2009-06-12 05:51 3402008 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-05 02:19 . 2009-06-12 05:51 1204504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll
2009-07-05 02:19 . 2009-06-12 05:51 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-07-04 12:28 . 2009-07-04 12:28 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-07-04 12:28 . 2009-07-06 10:16 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-04 12:28 . 2009-07-04 12:28 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-07-04 12:28 . 2009-07-04 12:28 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-04 12:28 . 2009-07-04 12:28 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-07-04 12:28 . 2009-07-04 12:28 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-07-04 12:28 . 2009-07-04 12:28 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-04 12:28 . 2009-07-06 10:16 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-04 12:28 . 2009-07-04 12:28 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-07-04 12:28 . 2009-07-04 12:28 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-07-04 12:28 . 2009-07-04 12:28 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-07-04 12:27 . 2009-07-04 12:27 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-07-04 12:27 . 2009-07-04 12:27 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-07-04 12:27 . 2009-07-04 12:27 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-07-04 12:27 . 2009-07-04 12:27 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-07-04 12:27 . 2009-07-06 10:16 2352968 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-04 12:27 . 2009-07-04 12:27 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-04 12:27 . 2009-07-04 12:27 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-04 12:27 . 2009-07-04 12:27 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-07-02 08:30 . 2009-07-02 08:30 -------- d-----w- C:\rsit
2009-06-30 06:34 . 2009-06-30 06:34 2052376 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-06-29 10:51 . 2009-07-04 12:28 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-29 10:16 . 2009-07-04 12:28 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-29 10:15 . 2009-06-29 10:15 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-29 10:15 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-29 08:12 . 2009-07-03 12:21 -------- d-----w- c:\program files\Trend Micro
2009-06-22 11:05 . 2009-06-22 11:05 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-20 00:41 . 2009-06-20 00:40 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-06-20 00:41 . 2009-06-20 00:40 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-06-20 00:41 . 2009-06-12 05:51 1261344 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwd.dll
2009-06-20 00:40 . 2009-06-20 00:40 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-06-13 07:52 . 2009-06-13 07:52 -------- d-----w- c:\program files\iPod
2009-06-13 07:52 . 2009-06-13 07:53 -------- d-----w- c:\program files\iTunes
2009-06-13 07:48 . 2009-06-13 07:48 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-12 05:52 . 2009-06-02 04:07 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-12 05:52 . 2009-06-12 05:51 826624 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\AVGToolbarInstall.exe
2009-06-12 05:52 . 2009-06-12 05:52 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-12 05:52 . 2009-06-12 05:52 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-10 08:09 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-10 08:09 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 11:10 . 2008-10-07 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-06 09:47 . 2006-06-22 12:45 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-06 09:40 . 2006-10-16 10:18 -------- d-----w- c:\program files\Java
2009-07-05 02:19 . 2008-05-15 01:10 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-30 11:11 . 2006-07-11 11:14 0 ----a-w- C:\mediasample.bin
2009-06-29 10:15 . 2009-04-04 02:11 -------- d-----w- c:\program files\Lavasoft
2009-06-29 10:15 . 2008-08-23 04:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-29 10:14 . 2006-06-23 13:47 -------- d-----w- c:\documents and settings\User\Application Data\Lavasoft
2009-06-25 13:07 . 2006-06-29 11:51 -------- d-----w- c:\program files\Yahoo!
2009-06-25 13:06 . 2007-01-18 10:12 -------- d-----w- c:\program files\pdf995
2009-06-22 11:59 . 2006-06-21 18:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-20 03:55 . 2009-04-19 09:39 1525 ----a-w- c:\documents and settings\User\Application Data\iolo\restore.bat
2009-06-20 03:38 . 2008-08-17 02:11 -------- d-----w- c:\documents and settings\User\Application Data\iolo
2009-06-20 03:38 . 2008-08-17 02:11 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2009-06-20 00:40 . 2008-05-15 01:10 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-17 11:03 . 2006-06-24 13:03 -------- d-----w- c:\documents and settings\User\Application Data\BitTorrent
2009-06-13 07:52 . 2008-05-05 11:38 -------- d-----w- c:\program files\Common Files\Apple
2009-06-13 07:51 . 2006-06-25 10:07 -------- d-----w- c:\program files\QuickTime
2009-06-13 07:36 . 2008-08-09 08:47 -------- d-----w- c:\documents and settings\User\Application Data\gtk-2.0
2009-06-08 01:47 . 2007-05-29 11:10 -------- d-----w- c:\documents and settings\User\Application Data\U3
2009-06-06 11:19 . 2006-07-02 11:51 -------- d-----w- c:\program files\Google
2009-06-06 11:19 . 2006-07-02 11:49 -------- d-----w- c:\program files\DivX
2009-06-06 11:18 . 2009-06-06 11:18 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-05 02:12 . 2009-03-21 12:49 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 02:12 . 2008-05-05 11:38 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 06:10 . 2007-07-16 05:27 940896 ----a-w- c:\windows\system32\Incinerator.dll
2009-05-15 11:49 . 2008-10-08 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-05-15 11:49 . 2008-10-08 11:57 -------- d-----w- c:\program files\Common Files\Nokia
2009-05-15 11:49 . 2008-10-08 11:57 -------- d-----w- c:\program files\Nokia
2009-05-15 11:48 . 2009-05-15 11:48 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7169FA93-66C2-43BD-86E0-CD332A686B29}\Installer\CommonCustomActions\Sleep.exe
2009-05-15 11:48 . 2009-05-15 11:48 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7169FA93-66C2-43BD-86E0-CD332A686B29}\Installer\CommonCustomActions\msxml6Exec.exe
2009-05-15 11:48 . 2009-05-15 11:48 3181612 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7169FA93-66C2-43BD-86E0-CD332A686B29}\Installer\CommonCustomActions\vcredistExec.exe
2009-05-15 11:48 . 2009-05-15 11:48 24312696 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7169FA93-66C2-43BD-86E0-CD332A686B29}\NokiaSoftwareUpdaterSetup_1.6.11EN.exe
2009-05-13 05:15 . 2006-02-28 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-08 10:29 . 2007-07-18 13:27 -------- d-----w- c:\documents and settings\User\Application Data\Canon
2009-05-07 15:32 . 2006-02-28 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-04 23:44 . 2009-02-04 07:18 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-04 23:43 . 2009-03-30 09:11 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-04-27 09:32 . 2009-04-27 09:32 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
2009-04-27 09:32 . 2009-04-27 09:32 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-04-27 09:32 . 2009-04-27 09:32 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
2009-04-27 09:32 . 2009-04-27 09:33 34396584 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_eng.exe
2009-04-17 12:26 . 2006-02-28 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2006-02-28 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2007-07-25 10:16 . 2006-12-09 04:28 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2008-09-20 07:14 . 2008-09-20 07:13 48 --sh--w- c:\windows\S9A399B4C.tmp
.

((((((((((((((((((((((((((((( SnapShot@2009-07-05_06.41.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-07 08:26 . 2009-07-07 08:26 16384 c:\windows\Temp\Perflib_Perfdata_c74.dat
+ 2009-07-07 08:26 . 2009-07-07 08:26 16384 c:\windows\Temp\Perflib_Perfdata_9c4.dat
+ 2009-07-06 09:41 . 2009-07-06 09:40 148888 c:\windows\system32\javaws.exe
+ 2009-07-06 09:41 . 2009-07-06 09:40 144792 c:\windows\system32\javaw.exe
+ 2009-07-06 09:41 . 2009-07-06 09:40 144792 c:\windows\system32\java.exe
+ 2009-07-06 09:47 . 2009-07-06 09:47 3938816 c:\windows\Installer\49de3c.msi
+ 2009-07-06 09:40 . 2009-07-06 09:40 1563648 c:\windows\Installer\49db54.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-02 04:07 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-16 67128]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-07 39408]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-03-20 1312256]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"SW20"="c:\windows\system32\sw20.exe" [2005-06-29 212992]
"SW24"="c:\windows\system32\sw24.exe" [2005-07-04 69632]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2006-03-27 69632]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2006-03-20 327680]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"BigPond Toolbar"="c:\program files\Telstra\Toolbar\bpumTray.exe" [2005-12-01 327680]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-26 1836544]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-08-03 529968]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-08-03 244520]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-04 520024]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-06 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2005-12-09 15691264]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-04 1626112]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2006-07-19 94208]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2006-07-19 94208]

c:\documents and settings\User\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-7-16 113664]
ComproRemote.lnk - c:\program files\Common Files\VideoMate\ComproRemote.exe [2006-8-16 151552]
ComproSchedulerDTV.lnk - c:\program files\Common Files\VideoMate\ComproSchedulerDTV.exe [2006-8-15 77824]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-2-16 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-10-25 671744]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2008-2-18 49220]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-04 23:44 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 6\\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [29/06/2009 7:46 PM 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [15/05/2008 10:40 AM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [30/03/2009 6:41 PM 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/02/2009 4:48 PM 298776]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [19/04/2009 7:02 PM 600944]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [19/04/2009 7:02 PM 600944]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [10/03/2009 4:36 AM 1029456]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [25/10/2007 9:05 PM 3712]
R3 VMHybrid;VMHybrid service;c:\windows\system32\drivers\VMHybrid.sys [11/07/2006 8:29 PM 705152]
S2 gupdate1c9885c131f00dc;Google Update Service (gupdate1c9885c131f00dc);c:\program files\Google\Update\GoogleUpdate.exe [6/02/2009 10:38 PM 133104]
S2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [22/06/2006 4:57 AM 167296]
S3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [22/06/2006 4:57 AM 21248]
S3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [22/06/2006 4:57 AM 15872]
S3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [22/06/2006 4:57 AM 10368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2009-07-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 12:27]

2009-07-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 03:04]

2009-07-07 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 00:50]

2009-07-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-07 07:44]

2009-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 13:08]

2009-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 13:08]

2009-07-06 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 06:34]

2009-07-07 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 06:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bigpond.com.au/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {F1D54B0B-B6EA-43B5-BD26-A79D3DBF47E3} - hxxp://bigpondmusic.com/activex/multidownx.cab
DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - hxxp://www.iolo.com/app/ocx/UpgradeVerify.ocx
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-07 18:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-07-07 18:58
ComboFix-quarantined-files.txt 2009-07-07 09:28
ComboFix2.txt 2009-07-07 09:24
ComboFix3.txt 2009-07-05 07:20
ComboFix4.txt 2009-07-05 06:42
ComboFix5.txt 2009-07-07 09:24

Pre-Run: 127,531,794,432 bytes free
Post-Run: 127,504,318,464 bytes free

398 --- E O F --- 2009-06-10 09:32


The PC is running much better now thankyou Adam. I can run IE8 and my Google searches are no longer hijacked.

HiJack This log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:03 PM, on 7/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\VideoMate\ComproRemote.exe
C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: ActivateBand Class - {4C7B6DE1-99A4-4CF1-8B44-68889900E1D0} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: ComproRemote.lnk = ?
O4 - Global Startup: ComproSchedulerDTV.lnk = C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {F1D54B0B-B6EA-43B5-BD26-A79D3DBF47E3} (Multidownx Control) - http://bigpondmusic.com/activex/multidownx.cab
O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} (iolo.ProductDetector) - http://www.iolo.com/app/ocx/UpgradeVerify.ocx
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9885c131f00dc) (gupdate1c9885c131f00dc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 14181 bytes
mwizz
Regular Member
 
Posts: 48
Joined: June 28th, 2009, 7:32 am

Re: Hijack This log

Unread postby Axephilic » July 7th, 2009, 2:49 pm

Congratulations, you are now all clean! To help to prevent from becoming reinfected, please follow the instructions below in order. If you have any questions, please feel free to ask them. If after 48 hours you have not responded to this, then I will assume you have no questions and have the topic closed.

First, lets uninstall ComboFix:

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

Flush the system restore points

  1. Right click on My Computer and select Properties.
  2. Select the System Restore tab.
  3. Check (tick) Turn off system restore on all drives box.
  4. Click Apply.
  5. Uncheck (untick) Turn off system restore on all drives box.
  6. Click OK.
  7. Restart your computer.
Note: Do this only ONCE, don't flush it regularly.

Keep your system updated

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

Install the updates immediately if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

To update Windows and office

Go to Start > All Programs > Microsoft Update


Alternatively, you can visit the link below to update Windows and Office products.

Microsoft Update

I also recommend, if it's not already on, to enable Automatic updates. It will notify you whenever there are new updates available. Here's how:

  1. Go to Start > Control Panel > Automatic Updates
  2. Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
  3. Select Download updates for me, but let me chose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.
  4. Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.

Besides Windows that needs regular updating, antivirus, anti-spyware and firewall programs update regularly too.

Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.

Surf safely

Many of the exploits are directed to users of Internet Explorer and Firefox.

Using Firefox with NoScript add-on helps to prevent most exploits from running as NoScript by default disables all scripts on all websites. If you trust the website, you can manually allow it.

Backup regularly

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups.

Alternatively, you can use 3rd-party programs to back up your data. One example can be found at Bleeping Computer.

Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. If you do need to use them, use them sparingly. Check this list of clean and infected P2P programs if you need to use one.

Prevent a re-infection

  1. Winpatrol
    Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

    You can get a free copy of Winpatrol or use the Plus version for more features.

    You can read Winpatrol's FAQ if you run into problems.

  2. Hosts File
    A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.

    Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

    Here are some Hosts files:

    MVPS Hosts File
    Bluetack's Hosts File
    Bluetack's Host Manager
    hpHosts

    A tutorial about Hosts File can be found at Malware Removal.

  3. Spybot Search and Destroy
    Spybot Search & Destroy is another program for scanning spywares and adwares. Not only so, it has other preventive options as well. You are strongly encouraged to run a scan at least once per week.

    Spybot Search & Destroy can be downloaded from here.

    If you need help in using Spybot Search & Destroy, you can read Spybot Search and Destroy tutorial at Bleeping Computer.

    Before downloading any anti-spyware programs, always check the Rogue/Suspect list of anti-spyware programs and Malwarebytes RogueNET. This will save you from a lot of trouble. If in doubt, don't ever download it.

  4. SiteHound Toolbar
    SiteHound is a toolbar that warns you if you go to a site that is known to scam people, that has potentially lots of viruses or spywares or has questionable contents. If you know the site, you can enter it; if you don't, it will bring you back to the previous page. Currently, SiteHound works for Internet Explorer and Firefox only.


Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Happy surfing and stay clean!

Regards,
Adam
User avatar
Axephilic
Retired Graduate
 
Posts: 2180
Joined: June 18th, 2007, 1:10 pm
Location: Wisconsin, US

Re: Hijack This log

Unread postby mwizz » July 9th, 2009, 7:48 am

Thanks for your assistance Adam. It has been excellent.
mwizz
Regular Member
 
Posts: 48
Joined: June 28th, 2009, 7:32 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 60 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware