Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

weird virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: weird virus

Unread postby yarders » July 20th, 2009, 5:47 pm

Tfc worked this time before it took hours this time 5 mind

I am anti malware scaning now
yarders
Regular Member
 
Posts: 58
Joined: July 14th, 2009, 5:51 am
Advertisement
Register to Remove

Re: weird virus

Unread postby yarders » July 20th, 2009, 5:53 pm

Malwarebytes' Anti-Malware 1.39
Database version: 2468
Windows 6.0.6000

20/07/2009 22:52:04
mbam-log-2009-07-20 (22-52-02).txt

Scan type: Quick Scan
Objects scanned: 89748
Time elapsed: 6 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Startup Manager (Backdoor.Bot) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Advanced System Optimizer\startUp manager.exe (Backdoor.Bot) -> No action taken.
yarders
Regular Member
 
Posts: 58
Joined: July 14th, 2009, 5:51 am

Re: weird virus

Unread postby yarders » July 20th, 2009, 6:21 pm

RSIT LOG

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jonny at 2009-07-20 23:11:23
Microsoft® Windows Vista™ Ultimate
System drive C: has 94 GB (32%) free of 292 GB
Total RAM: 3581 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:11:34, on 20/07/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\System32\LVComS.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jonny\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jonny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [LVComs] C:\Windows\system32\LVComS.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .9.113.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll C:\Windows\System32\avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9f505dcf6ec00) (gupdate1c9f505dcf6ec00) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 11606 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{A085D112-D7D5-41D0-8160-0C2AC0A1DB84}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-05-10 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-06-06 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-09 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-09 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-12 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2008-06-23 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-09 259696]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-14 1004800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-04-25 1006264]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2008-01-25 167936]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2007-12-03 405504]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-09-28 86016]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-09-28 81920]
"PSQLLauncher"=C:\Program Files\Fingerprint Reader Suite\launcher.exe [2007-04-16 49168]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-03-21 174872]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2008-03-11 16384]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-07-01 1948440]
"LVComs"=C:\Windows\system32\LVComS.exe [2003-12-06 102400]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-04-22 177472]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-02-06 2021400]
"dellsupportcenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-14 206064]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-23 39408]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-02-04 23975720]
"igndlm.exe"=C:\Program Files\Download Manager\DLM.exe [2009-05-15 1103216]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll C:\Windows\System32\avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Windows\system32\psqlpwd.dll [2007-04-16 86528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
psqlpwd

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2009-07-20 23:11:23 ----D---- C:\rsit
2009-07-20 22:43:38 ----D---- C:\Users\Jonny\AppData\Roaming\Malwarebytes
2009-07-20 22:43:33 ----D---- C:\ProgramData\Malwarebytes
2009-07-20 22:43:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-20 18:15:33 ----A---- C:\ComboFix.txt
2009-07-20 18:14:45 ----SHD---- C:\$RECYCLE(2).BIN
2009-07-20 17:01:04 ----SHD---- C:\$RECYCLE.BIN
2009-07-20 14:11:48 ----SHD---- C:\found.000
2009-07-20 13:29:25 ----A---- C:\Windows\zip.exe
2009-07-20 13:29:25 ----A---- C:\Windows\SWXCACLS.exe
2009-07-20 13:29:25 ----A---- C:\Windows\SWSC.exe
2009-07-20 13:29:25 ----A---- C:\Windows\SWREG.exe
2009-07-20 13:29:25 ----A---- C:\Windows\sed.exe
2009-07-20 13:29:25 ----A---- C:\Windows\PEV.exe
2009-07-20 13:29:25 ----A---- C:\Windows\NIRCMD.exe
2009-07-20 13:29:25 ----A---- C:\Windows\grep.exe
2009-07-20 13:26:19 ----D---- C:\Windows\ERDNT
2009-07-20 13:24:30 ----D---- C:\Qoobox
2009-07-18 13:33:08 ----D---- C:\Rooter$
2009-07-17 20:57:26 ----A---- C:\Windows\system32\trltmpct.dll
2009-07-17 20:57:22 ----D---- C:\3D Rad
2009-07-15 19:54:55 ----D---- C:\Users\Jonny\AppData\Roaming\IGN_DLM
2009-07-15 19:54:49 ----D---- C:\Program Files\Download Manager
2009-07-14 16:47:08 ----D---- C:\Program Files\Activision
2009-07-14 15:51:46 ----D---- C:\Program Files\Safari
2009-07-14 13:35:08 ----D---- C:\Program Files\Mozilla Firefox
2009-07-14 10:48:26 ----D---- C:\Program Files\Trend Micro
2009-07-08 20:09:12 ----D---- C:\ProgramData\ESET
2009-07-08 20:09:12 ----D---- C:\Program Files\ESET
2009-07-01 17:27:32 ----D---- C:\ProgramData\AVG Security Toolbar
2009-06-28 19:32:42 ----D---- C:\ProgramData\NortonInstaller
2009-06-28 19:32:42 ----D---- C:\Program Files\NortonInstaller
2009-06-28 19:04:18 ----D---- C:\Users\Jonny\AppData\Roaming\IDM
2009-06-28 19:04:18 ----D---- C:\Users\Jonny\AppData\Roaming\DMCache
2009-06-28 19:04:12 ----D---- C:\Program Files\Internet Download Manager
2009-06-28 15:17:25 ----D---- C:\Program Files\PC Satellite TV
2009-06-28 12:34:31 ----D---- C:\Program Files\Windows Doctor
2009-06-24 20:56:46 ----D---- C:\Program Files\Common Files\DivX Shared
2009-06-24 20:04:28 ----D---- C:\Program Files\Air Mouse

======List of files/folders modified in the last 1 months======

2009-07-21 07:06:26 ----D---- C:\Windows\system32\config
2009-07-21 07:04:20 ----SD---- C:\Windows\Downloaded Program Files
2009-07-21 07:04:20 ----RD---- C:\Windows\Offline Web Pages
2009-07-21 07:04:20 ----D---- C:\Windows\system32\ias
2009-07-21 07:04:04 ----D---- C:\Windows\Tasks
2009-07-21 07:04:03 ----D---- C:\Windows\system32\wbem
2009-07-21 07:04:03 ----D---- C:\Windows\system32\Tasks
2009-07-21 07:04:03 ----D---- C:\Windows\system32\spool
2009-07-21 07:04:02 ----SHD---- C:\Windows\Installer
2009-07-21 07:04:02 ----D---- C:\Windows\inf
2009-07-21 07:03:59 ----D---- C:\Program Files\Common Files\microsoft shared
2009-07-21 07:03:21 ----D---- C:\Windows\registration
2009-07-21 07:03:15 ----D---- C:\Windows\system32\XPSViewer
2009-07-21 07:03:15 ----D---- C:\Windows\PolicyDefinitions
2009-07-21 07:03:14 ----D---- C:\Program Files\Internet Explorer
2009-07-20 23:11:34 ----D---- C:\Windows\Prefetch
2009-07-20 23:11:26 ----D---- C:\Windows\Temp
2009-07-20 23:00:36 ----D---- C:\Program Files\Advanced System Optimizer
2009-07-20 22:58:12 ----D---- C:\Users\Jonny\AppData\Roaming\Skype
2009-07-20 22:54:42 ----D---- C:\Windows\system32\drivers
2009-07-20 22:54:42 ----D---- C:\Windows\System32
2009-07-20 22:43:33 ----HD---- C:\ProgramData
2009-07-20 22:43:31 ----D---- C:\Program Files
2009-07-20 22:37:33 ----D---- C:\Windows
2009-07-20 22:31:01 ----SHD---- C:\System Volume Information
2009-07-20 22:29:56 ----D---- C:\Windows\system32\catroot
2009-07-20 22:29:54 ----D---- C:\Windows\system32\catroot2
2009-07-20 22:29:51 ----D---- C:\Windows\winsxs
2009-07-20 22:25:19 ----D---- C:\Windows\Logs
2009-07-20 21:21:05 ----D---- C:\ProgramData\Microsoft Help
2009-07-20 21:11:25 ----RSD---- C:\Windows\assembly
2009-07-20 21:11:25 ----D---- C:\Windows\Microsoft.NET
2009-07-20 18:02:28 ----D---- C:\Program Files\Common Files
2009-07-20 17:09:30 ----D---- C:\Windows\system32\dllcache
2009-07-20 17:01:17 ----A---- C:\Windows\system.ini
2009-07-20 16:27:51 ----SHD---- C:\Boot
2009-07-20 15:58:12 ----D---- C:\Windows\AppPatch
2009-07-19 00:10:40 ----AD---- C:\ProgramData\TEMP
2009-07-19 00:08:33 ----D---- C:\Program Files\Java
2009-07-18 22:53:39 ----D---- C:\Users\Jonny\AppData\Roaming\uTorrent
2009-07-18 22:53:22 ----D---- C:\Users\Jonny\AppData\Roaming\BitTorrent
2009-07-18 22:41:18 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-17 22:36:32 ----A---- C:\Windows\Uninstall Manager.INI
2009-07-14 17:10:18 ----D---- C:\Windows\system32\LogFiles
2009-07-14 15:45:13 ----D---- C:\Windows\Minidump
2009-07-14 13:38:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-07-14 13:35:37 ----D---- C:\Users\Jonny\AppData\Roaming\Mozilla
2009-07-10 11:25:11 ----D---- C:\Users\Jonny\AppData\Roaming\mIRC
2009-07-07 17:07:44 ----D---- C:\Users\Jonny\AppData\Roaming\LimeWire
2009-07-06 20:39:55 ----A---- C:\Windows\ntbtlog.txt
2009-07-03 21:12:28 ----HD---- C:\$AVG8.VAULT$
2009-07-01 19:58:18 ----SD---- C:\Users\Jonny\AppData\Roaming\Microsoft
2009-07-01 17:26:48 ----A---- C:\Windows\system32\avgrsstx.dll
2009-06-24 20:57:21 ----D---- C:\Program Files\Google
2009-06-24 20:56:50 ----D---- C:\Program Files\DivX
2009-06-24 20:04:11 ----D---- C:\Windows\Downloaded Installations
2009-06-22 13:02:10 ----D---- C:\Program Files\Electronic Arts
2009-06-22 12:52:16 ----D---- C:\Users\Jonny\AppData\Roaming\Microsoft Game Studios
2009-06-22 12:52:16 ----D---- C:\ProgramData\Microsoft Games
2009-06-22 12:52:16 ----D---- C:\Program Files\Microsoft Games
2009-06-22 12:51:51 ----A---- C:\Windows\Rtcw.INI
2009-06-21 21:16:02 ----D---- C:\Users\Jonny\AppData\Roaming\DiskAid

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-07-01 327688]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-07-01 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-06-06 108552]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-04-25 320000]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2009-02-06 92800]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-09-07 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-09-07 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-09-07 37376]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2008-01-25 164400]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-04-25 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-08-13 2226688]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-09-28 7620704]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2008-03-04 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2008-03-04 7424]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-04-25 82432]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-12-03 330240]
R3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2007-04-16 46992]
R3 vaxscsi;vaxscsi; C:\Windows\System32\Drivers\vaxscsi.sys [2009-04-26 223128]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-04-25 11264]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-28 278528]
S3 a5f3gsgo;a5f3gsgo; C:\Windows\system32\drivers\a5f3gsgo.sys []
S3 AFGMp50;AFGMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\AFGMp50.sys []
S3 AFGSp50;AFGSp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\AFGSp50.sys [2008-05-26 27072]
S3 AVerBDA6x;AVerBDA6x service; C:\Windows\system32\DRIVERS\AVerBDA716x.sys [2008-01-31 1290240]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-04-29 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 78128]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 80176]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 16560]
S3 catchme;catchme; \??\C:\Users\Jonny\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
S3 SMALUSB;Digital Camera Driver; C:\Windows\system32\DRIVERS\smallogi.sys [2003-12-06 9472]
S3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2006-11-02 9216]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-04-22 39424]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 iaNvStor;Intel(R) Turbo Memory Controller; C:\Windows\system32\drivers\ianvstor.sys [2007-09-07 209408]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\system32\aestsrv.exe [2007-12-03 73728]
R2 AffinegyService;AffinegyService; C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe [2008-05-26 143360]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-01 906520]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-01 298776]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-07-25 647168]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-03-21 355096]
R2 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-07-25 327680]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-14 201968]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-12-03 102400]
R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe [2005-04-02 217600]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
S2 gupdate1c9f505dcf6ec00;Google Update Service (gupdate1c9f505dcf6ec00); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-24 133104]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe []
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2006-11-02 521216]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-18 655624]
S3 GoogleDesktopManager-010708-104812;Google Desktop Manager 5.7.801.7324; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-04-25 29744]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-14 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-12-02 74384]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-04-25 562176]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------
yarders
Regular Member
 
Posts: 58
Joined: July 14th, 2009, 5:51 am

Re: weird virus

Unread postby yarders » July 20th, 2009, 6:25 pm

RSIT info

info.txt logfile of random's system information tool 1.06 2009-07-20 23:11:36

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
3D Rad v6.36-->"C:\3D Rad\unins000.exe"
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Acoustica Effects Pack-->C:\PROGRA~1\ACOUST~2\UNWISE.EXE C:\PROGRA~1\ACOUST~2\INSTALL.LOG
Acoustica Mixcraft 4.2-->C:\PROGRA~1\ACOUST~1\Unwise.exe
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe After Effects CS4 Presets-->MsiExec.exe /I{44E240EC-2224-4078-A88B-2CEE0D3016EF}
Adobe After Effects CS4 Third Party Content-->MsiExec.exe /I{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}
Adobe After Effects CS4-->C:\Program Files\Common Files\Adobe\Installers\3dcb365ab9e01871fb8c6f27b0ea079\Setup.exe --uninstall=1
Adobe After Effects CS4-->MsiExec.exe /I{45EC816C-0771-4C14-AE6D-72D1B578F4C8}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles AE CS4-->MsiExec.exe /I{B15381DD-FF97-4FCD-A881-ED4DB0975500}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Director 11-->C:\Program Files\Common Files\Adobe\Installers\2755fefb5e3352ee2921713793bdbf8\Setup.exe
Adobe Director 11-->MsiExec.exe /I{3B45D262-3BEE-477F-8652-EC24950D3F65}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe Dynamiclink Support-->MsiExec.exe /I{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash CS4 Extension - Flash Lite STI en-->MsiExec.exe /I{793D1D88-6141-43DE-BE58-59BCE31B4090}
Adobe Flash CS4 Professional-->C:\Program Files\Common Files\Adobe\Installers\a68eec966ce913ddaa63251dc82ed31\Setup.exe --uninstall=1
Adobe Flash CS4 STI-en-->MsiExec.exe /I{2168245A-B5AD-40D8-A641-48E3E070B5B6}
Adobe Flash CS4-->MsiExec.exe /I{F6E99614-F042-4459-82B7-8B38B2601356}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Encoder CS4 Exporter-->MsiExec.exe /I{561968FD-56A1-49FD-9ED0-F55482C7C5BC}
Adobe Media Encoder CS4 Importer-->MsiExec.exe /I{8186FF34-D389-4B7E-9A2F-C197585BCFBD}
Adobe Media Encoder CS4-->MsiExec.exe /I{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe MotionPicture Color Files CS4-->MsiExec.exe /I{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Setup-->MsiExec.exe /I{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}
Adobe Setup-->MsiExec.exe /I{6CDE6C4F-6FD7-4F24-A116-F0D173432FFC}
Adobe Setup-->MsiExec.exe /I{EED50C97-C79E-4149-BD82-7C5A22437708}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove
Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
Air Mouse Server-->MsiExec.exe /I{5164E4B0-9CD0-454A-BAC0-6771A15EEB64}
Apple Mobile Device Support-->MsiExec.exe /I{8355F970-601D-442D-A79B-1D7DB4F24CAD}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AusLogics Disk Defrag-->"C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe"
AVerMedia HC82 Express-Card Hybrid Analog-->C:\Program Files\InstallShield Installation Information\{1F295031-E793-4308-A384-5553977DFD13}\setup.exe -runfromtemp -l0x0409
AVerMedia MCE Encoder 3.2.1.62-->C:\Program Files\AVerMedia\AVerMedia MCE Encoder\uninst.exe
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Axife Mouse Recorder DEMO 5.01-->"C:\Program Files\Axife Mouse Recorder DEMO\unins000.exe"
BeatPack (0.9)-->"C:\Program Files\BeatPack\uninstall.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
BurnInTest v6.0 Standard-->"C:\Program Files\BurnInTest\unins000.exe"
Call of Duty(R) - World at War(TM) 1.1 Patch-->C:\Program Files\InstallShield Installation Information\{AFAE2B15-89A0-4215-A030-F7B5B478886B}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM) 1.2 Patch-->C:\Program Files\InstallShield Installation Information\{2BF0AE92-C3BC-4112-9066-1546342B1FAE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM) 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{9F01A67B-7D67-482F-9D4F-D5980A440FD4}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM) 1.5 Patch-->C:\Program Files\InstallShield Installation Information\{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM)-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x0409
Camtasia Studio 5-->MsiExec.exe /I{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}
Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Dell Getting Started Guide-->MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dell Webcam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 /remove
Dell Webcam Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 /remove
DEVIL MAY CRY 4-->MsiExec.exe /I{D4E5A687-797D-44B1-8F96-4FD7A24166A9}
DiskAid 3.0-->"C:\Program Files\DigiDNA\DiskAid\unins000.exe"
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Manager 2.3.9-->C:\Program Files\Download Manager\uninst.exe
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
Dynasty Warriors 6-->"C:\Program Files\Team JPN\Dynasty Warriors 6\unins000.exe"
Fallout 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -l0x9 -removeonly
Fingerprint Reader Suite 5.6-->MsiExec.exe /I{A2289997-10A3-48F2-AA03-99180D761661}
FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
Game Maker 7.0-->C:\Program Files\Game_Maker7\Uninstal.exe
Google Chrome-->"C:\Program Files\Google\Chrome\Application\2.0.172.37\Installer\setup.exe" --uninstall --system-level
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
High Quality Youtube Downloader 1.2-->"C:\Program Files\AnMing\hqyoutube\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Participation Program 8.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart.All-In-One Driver Software 8.0 .A-->C:\Program Files\HP\Digital Imaging\{282E5AB2-8E47-4571-B6FA-6B512555B557}\setup\hpzscr01.exe -datfile hposcr18.dat -onestop -showdisconnect -forcereboot
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
HyperCam 2-->"C:\Program Files\HyCam2\UnHyCam2.exe"
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
Intel(R) PROSet/Wireless Software-->C:\Windows\Installer\iProInst.exe
Internet From BT-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6FFB40A5-7F7D-4A32-8905-3CDF962EE1E4}\Setup.exe"
iTunes-->MsiExec.exe /I{5D601655-6D54-4384-B52C-17EC5385FBBD}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) SE Development Kit 6 Update 13-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160130}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Laptop Integrated Webcam Driver (1.04.01.1011) -->C:\Windows\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x0409
Live! Cam Avatar Creator-->C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Live! Cam Avatar v1.0-->C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Macromedia Dreamweaver 8-->MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Fireworks 8-->MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}
MediaDirect-->C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall
Mega Manager-->C:\Program Files\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe -runfromtemp -l0x0009 -removeonly
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
MobileMe Control Panel-->MsiExec.exe /I{D8852E3A-7AF8-4E4D-BECD-463ECA076096}
Movies-->C:\PROGRA~1\JanSoft\Movies\UNWISE.EXE C:\PROGRA~1\JanSoft\Movies\INSTALL.LOG
Mozilla Firefox (3.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
NSIS Mixxx-->"C:\Program Files\Mixxx\uninstall.exe"
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OutlookAddinSetup-->MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}
Pcsx2 0.9.4 Watermoose-->"C:\Program Files\Pcsx2_0.9.4\unins000.exe"
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Pixel Bender Toolkit-->MsiExec.exe /I{43509E18-076E-40FE-AF38-CA5ED400A5A9}
PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
PSP Video 9 4.07-->C:\Program Files\Red Kawa\Video Converter App\uninstaller.exe
Python 2.4 pygame-1.8.1-->MsiExec.exe /I{B10E6F40-5C82-11DD-8757-000ACD11CAF7}
QuickSet-->MsiExec.exe /I{C4972073-2BFE-475D-8441-564EA97DA161}
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator DE-->C:\ProgramData\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3}
Roxio Creator DE-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Safari-->MsiExec.exe /I{2D6ED011-055B-4041-B198-BB903827EBFB}
Satellite TV for PC-->"C:\Program Files\PC Satellite TV\unins000.exe"
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Sony Media Manager 2.2-->MsiExec.exe /X{878D2EB2-2D55-42A9-955E-1E08F28529FD}
Sony Vegas 7.0-->MsiExec.exe /X{DFB951D6-4270-42D8-B4B7-AA4B01911DC3}
Subversion 1.4.5-r25188-->"C:\Program Files\Subversion\unins000.exe"
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
The Lord of the Rings - Conquest™-->MsiExec.exe /X{628C3D50-F524-4C49-A958-672CE7953756}
Tiscali Internet-->MsiExec.exe /I{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}
TortoiseSVN 1.5.4.14259 (32 bit)-->MsiExec.exe /X{5C6F4323-98CC-4031-897F-EEAF6B2AF432}
Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office OneNote 2007 Help (KB957245)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {7332DE60-DC79-4578-A60A-A5EA0D6E032B}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
User's Guides-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Videora iPod touch Converter 3.07-->C:\Program Files\Red Kawa\Video Converter 3\uninstaller.exe
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Wheelman-->"C:\Program Files\InstallShield Installation Information\{3604BFF4-6EC8-44D6-B147-92C2D642FEDE}\setup.exe" -runfromtemp -l0x0009 -removeonly
WIDCOMM Bluetooth Software 6.0.1.3100-->MsiExec.exe /X{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
winpwn-2.5 2.5.0.2-->C:\Program Files\winpwn-2.5\uninstall winpwn-2.5.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinSCP 4.1.8-->"C:\Program Files\WinSCP\unins000.exe"
Wireless Manager-->"C:\Program Files\Virgin Broadband Wireless\unins001.exe"
YouTube Downloader App 1.02-->C:\Program Files\Regensoft\Downloader App\uninstaller.exe

======Security center information======

AV: AVG Anti-Virus Free
AV: ESET NOD32 Antivirus 4.0 (outdated)
AS: ESET NOD32 Antivirus 4.0 (outdated)
AS: AVG Anti-Virus Free (disabled)
AS: Windows Defender

======System event log======

Computer Name: Deshveer
Event Code: 10002
Message: WLAN Extensibility Module has stopped.

Module Path: C:\Windows\System32\IWMSSvc.dll

Record Number: 19685593
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090720213556.139600-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Deshveer
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 19685595
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090720213556.139600-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Deshveer
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
For more information please see the following:
Not Applicable
Scan ID: {FA55BF52-F25B-4C2E-9E03-0C883C906C80}
User: Deshveer\Jonny
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found: regkey:HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\saqduxta;file:C:\Windows\system32\drivers\ctiphcj.sys
Alert Type: Unclassified software
Detection Type:
Record Number: 19685728
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090720215353.000000-000
Event Type: Warning
User:

Computer Name: Deshveer
Event Code: 10002
Message: WLAN Extensibility Module has stopped.

Module Path: C:\Windows\System32\IWMSSvc.dll

Record Number: 19685742
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090720215404.094600-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Deshveer
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 19685743
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20090720215404.094600-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Deshveer
Event Code: 19011
Message:
Record Number: 60432
Source Name: MSSQL$SONY_MEDIAMGR
Time Written: 20090720213843.000000-000
Event Type: Warning
User:

Computer Name: Deshveer
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2617438544-2265370005-1231189347-1000:
Process 1076 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2617438544-2265370005-1231189347-1000

Record Number: 60449
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090720215402.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Deshveer
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2617438544-2265370005-1231189347-1000_Classes:
Process 1076 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2617438544-2265370005-1231189347-1000_CLASSES

Record Number: 60450
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090720215402.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Deshveer
Event Code: 19011
Message:
Record Number: 60469
Source Name: MSSQL$SONY_MEDIAMGR
Time Written: 20090720215553.000000-000
Event Type: Warning
User:

Computer Name: Deshveer
Event Code: 33
Message: Activation context generation failed for "C:\Users\Jonny\Desktop\iTunesWindows64Setup.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 60481
Source Name: SideBySide
Time Written: 20090720215620.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Deshveer
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: DESHVEER$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x338
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 64152
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090719172326.519347-000
Event Type: Audit Success
User:

Computer Name: Deshveer
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: DESHVEER$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x338
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 64153
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090719172326.519347-000
Event Type: Audit Success
User:

Computer Name: Deshveer
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 64154
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090719172326.519347-000
Event Type: Audit Success
User:

Computer Name: Deshveer
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: DESHVEER$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x338
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 64155
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090719172348.702547-000
Event Type: Audit Success
User:

Computer Name: Deshveer
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: DESHVEER$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x338
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 64156
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090719172348.702547-000
Event Type: Audit Success
User:

======Environment variables======

"APR_ICONV_PATH"=C:\Program Files\Subversion\iconv
"CLASSPATH"=.;CLASSPATH=C:\Program Files\Java\jdk1.6.0_01\bin;%CLASSPATH%;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\Subversion\bin;C:\Program Files\TortoiseSVN\bin;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=1706
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
yarders
Regular Member
 
Posts: 58
Joined: July 14th, 2009, 5:51 am

Re: weird virus

Unread postby Dakeyras » July 20th, 2009, 7:21 pm

Hi :)

I am pleasantly surprised a marked improvement overall :thumbup:

However the infections flagged by MBAM you did not let it disinfect. So we will need to rescan again and this time make sure if anything found, you let MBAM remove OK.

In-case concerned by what MBAM found as in the name of the infection, actually a slight overstatement and if I honestly thought that infection warranted a a reformat and reinstallation of the Windows operating system. I would not hesitate to advise your good self of this.

Next:

Please run TFC again and let it reboot your machine if advised.

Malwarebytes Anti-Malware:

Note: Remember to right click MBAM and select Run As Administrator

  • Launch the application, Check for Updates >> Perform a Quick Scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Next:

We still have a fair way to go yet with the malware removal process but we are getting some favorable results now.

Next:

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • Malwarebytes' Anti-Malware Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: weird virus

Unread postby yarders » July 20th, 2009, 7:50 pm

I don't understand what ur saying about the results is it good or bad did u say I should re install windows there

I did delete what anti malware found I just posted the log before I did delete them
yarders
Regular Member
 
Posts: 58
Joined: July 14th, 2009, 5:51 am

Re: weird virus

Unread postby Dakeyras » July 20th, 2009, 10:06 pm

Hi :)

I don't understand what ur saying about the results is it good or bad did u say I should re install windows there
I apologies for any confusion and or distress caused. We do not need to format the hard-drive and reinstall the operating system at this time OK :thumbup:

I did delete what anti malware found I just posted the log before I did delete them
OK that is fine.

Upload a Suspicious File:

There is a file I do not recorgnise, please carry out the following:

Note:
Internet Explorer is the browser to use for best results.

  • Please go to VirSCAN.org free on-line scan service.
  • Copy and paste the following file path into the "Suspicious files to scan" box at the top of the page:

    C:\Windows\system32\trltmpct.dll

  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply. (Ctrl & V)

Windows Installer Cleanup Utility:

Download the Windows Installer Cleanup Utility and save it to your Desktop.

  • Right-click msicuu2.exe and select Run as Administrator to install the utility.
  • Next, click Start(Vista Orb)>> All Programs >> Windows Install Clean UP
  • Once the program is open select:

    ESET NOD32 Antivirus 4.0 (If present)

  • Any other entry relating to software applications no longer installed.
  • Now click Remove, then click OK
  • Reboot your computer.

Backup the Registry:

Modifying the Registry can create unforseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Right click on erunt-setup and select Run as Administrator toInstall ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.

Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Next:

Please download OTM to your Desktop.

  • Right-click OTM and select Run as Administrator to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + B (or, after highlighting, right-click and choose Copy):
Code: Select all
:Processes
Explorer.EXE

:Services
EhttpSrv
ekrn

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"=-
[-HKEY_CLASSES_ROOT\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[-HKEY_CLASSES_ROOT\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=-
[-HKEY_CLASSES_ROOT\CLSID\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[-HKEY_CLASSES_ROOT\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"=-
[-HKEY_CLASSES_ROOT\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C49134CC-B5EF-458C-A442-E8DFE7B4645F}]
[-HKEY_CLASSES_ROOT\CLSID\{C49134CC-B5EF-458C-A442-E8DFE7B4645F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Notification Packages"=hex(7):73,00,63,00,65,00,63,00,6c,00,69,00,00,00,00,00
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"=-

:Files
C:\Program Files\ESET
C:\ProgramData\ESET
C:\Windows\system32\psqlpwd.dll
C:\ProgramData\NortonInstaller
C:\Program Files\NortonInstaller
C:\Program Files\Windows Doctor
C:\Users\Jonny\AppData\Roaming\uTorrent
C:\Users\Jonny\AppData\Roaming\BitTorrent
C:\Users\Jonny\AppData\Roaming\LimeWire

:Commands
[Purity]
[EmptyTemp]
[Start Explorer]
[Reboot]
  • Return to OTM, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
  • Then click the red MoveIt! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.
  • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  • Close OTM.

When completed the above, please post back the following:

  • Inform myself how your computer is running. Any problems encountered and or further symptoms?
  • File submission results.
  • OTM Log.
  • A new RSIT Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: weird virus

Unread postby yarders » July 21st, 2009, 5:54 am

VirSCAN.org Scanned Report :
Scanned time : 2009/07/21 10:48:38 (BST)
Scanner results: All Scanners reported not find malware!
File Name : trltmpct.dll
File Size : 87552 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : a761195f352f3db014d0f46f347573d5
SHA1 : 8eb3b3970be9f3bf5ad6a1d1495a3518d63308ee
Online report : http://virscan.org/report/726fdb5f3da63 ... cfe82.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.3 20090721154126 2009-07-21 0.33 -
AhnLab V3 2009.07.21.03 2009.07.21 2009-07-21 1.03 -
AntiVir 8.2.0.222 7.1.5.9 2009-07-21 0.31 -
Antiy 2.0.18 20090721.2629703 2009-07-21 0.12 -
Arcavir 2009 200907202250 2009-07-20 0.04 -
Authentium 5.1.1 200907202206 2009-07-20 1.34 -
AVAST! 4.7.4 090720-0 2009-07-20 0.03 -
AVG 8.5.288 270.13.21/2252 2009-07-21 1.01 -
BitDefender 7.81008.3816181 7.26724 2009-07-21 3.39 -
CA (VET) 9.0.0.143 31.6.6628 2009-07-21 5.89 -
ClamAV 0.95.2 9593 2009-07-21 0.02 -
Comodo 3.10 1724 2009-07-21 0.86 -
CP Secure 1.1.0.715 2009.07.21 2009-07-21 11.37 -
Dr.Web 4.44.0.9170 2009.07.21 2009-07-21 4.96 -
F-Prot 4.4.4.56 20090720 2009-07-20 1.33 -
F-Secure 5.51.6100 2009.07.20.11 2009-07-20 0.12 -
Fortinet 2.81-3.120 10.627 2009-07-20 0.35 -
GData 19.6604/19.406 20090721 2009-07-21 4.84 -
ViRobot 20090716 2009.07.16 2009-07-16 0.42 -
Ikarus T3.1.01.64 2009.07.21.73074 2009-07-21 4.15 -
JiangMin 11.0.800 2009.07.21 2009-07-21 4.14 -
Kaspersky 5.5.10 2009.07.21 2009-07-21 0.10 -
KingSoft 2009.2.5.15 2009.7.21.7 2009-07-21 0.75 -
McAfee 5.3.00 5682 2009-07-20 2.98 -
Microsoft 1.4803 2009.07.21 2009-07-21 5.66 -
mks_vir 2.01 2009.07.15 2009-07-15 3.24 -
Norman 6.01.09 6.01.00 2009-07-16 4.01 -
Panda 9.05.01 2009.07.20 2009-07-20 2.38 -
Trend Micro 8.700-1004 6.296.01 2009-07-20 0.24 -
Quick Heal 10.00 2009.07.21 2009-07-21 1.08 -
Rising 20.0 21.39.12.00 2009-07-21 1.11 -
Sophos 2.88.0 4.43 2009-07-21 3.12 -
Sunbelt 5273 5273 2009-07-20 1.31 -
Symantec 1.3.0.24 20090720.006 2009-07-20 0.12 -
nProtect 20090721.02 4877014 2009-07-21 6.01 -
The Hacker 6.3.4.3 v00370 2009-07-17 0.74 -
VBA32 3.12.10.8 20090720.1442 2009-07-20 1.92 -
VirusBuster 4.5.11.10 10.109.4/1824355 2009-07-20 2.57 -
yarders
Regular Member
 
Posts: 58
Joined: July 14th, 2009, 5:51 am

Re: weird virus

Unread postby yarders » July 21st, 2009, 6:31 am

========== SERVICES/DRIVERS ==========

Service\Driver EhttpSrv deleted successfully.

Service\Driver ekrn deleted successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\egui deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C49134CC-B5EF-458C-A442-E8DFE7B4645F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C49134CC-B5EF-458C-A442-E8DFE7B4645F}\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{C49134CC-B5EF-458C-A442-E8DFE7B4645F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C49134CC-B5EF-458C-A442-E8DFE7B4645F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Notification Packages"|hex(7):73,00,63,00,65,00,63,00,6c,00,69,00,00,00,00,00 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\BitTorrent\bittorrent.exe deleted successfully.
========== FILES ==========
C:\Program Files\ESET\ESET NOD32 Antivirus moved successfully.
C:\Program Files\ESET moved successfully.
C:\ProgramData\ESET\ESET NOD32 Antivirus\Updfiles\http_update.eset.com moved successfully.
C:\ProgramData\ESET\ESET NOD32 Antivirus\Updfiles\http_um12.eset.com moved successfully.
C:\ProgramData\ESET\ESET NOD32 Antivirus\Updfiles\http_um10.eset.com moved successfully.
C:\ProgramData\ESET\ESET NOD32 Antivirus\Updfiles\http_93.184.71.27 moved successfully.
C:\ProgramData\ESET\ESET NOD32 Antivirus\Updfiles moved successfully.
C:\ProgramData\ESET\ESET NOD32 Antivirus\SupportRequests moved successfully.
C:\ProgramData\ESET\ESET NOD32 Antivirus\Stats moved successfully.
C:\ProgramData\ESET\ESET NOD32 Antivirus\Oldfiles moved successfully.
C:\ProgramData\ESET\ESET NOD32 Antivirus\Logs\eScan moved successfully.
Folder move failed. C:\ProgramData\ESET\ESET NOD32 Antivirus\Logs scheduled to be moved on reboot.
C:\ProgramData\ESET\ESET NOD32 Antivirus\Installer moved successfully.
C:\ProgramData\ESET\ESET NOD32 Antivirus\Charon moved successfully.
Folder move failed. C:\ProgramData\ESET\ESET NOD32 Antivirus scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\ESET scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\Windows\system32\psqlpwd.dll
C:\Windows\system32\psqlpwd.dll NOT unregistered.
C:\Windows\system32\psqlpwd.dll moved successfully.
C:\ProgramData\NortonInstaller\Logs\06-28-2009-19h32m42s moved successfully.
C:\ProgramData\NortonInstaller\Logs moved successfully.
C:\ProgramData\NortonInstaller moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\_lck moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\562C4DD5\16.1.0.33\Microsoft.VC80.CRT moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\562C4DD5\16.1.0.33\09\01 moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\562C4DD5\16.1.0.33\09 moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\562C4DD5\16.1.0.33 moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\562C4DD5 moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV moved successfully.
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7} moved successfully.
C:\Program Files\NortonInstaller moved successfully.
C:\Program Files\Windows Doctor\2.0\update moved successfully.
C:\Program Files\Windows Doctor\2.0\backup\RegScan\07-14-2009-13-55-42 moved successfully.
C:\Program Files\Windows Doctor\2.0\backup\RegScan\06-28-2009-12-41-39 moved successfully.
C:\Program Files\Windows Doctor\2.0\backup\RegScan moved successfully.
C:\Program Files\Windows Doctor\2.0\backup\AutoSave\07-06-2009-20-42-54 moved successfully.
C:\Program Files\Windows Doctor\2.0\backup\AutoSave moved successfully.
C:\Program Files\Windows Doctor\2.0\backup moved successfully.
C:\Program Files\Windows Doctor\2.0 moved successfully.
C:\Program Files\Windows Doctor moved successfully.
C:\Users\Jonny\AppData\Roaming\uTorrent moved successfully.
C:\Users\Jonny\AppData\Roaming\BitTorrent moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\xml\schemas moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\xml\misc moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\xml\data moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\xml moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\themes\windows_theme moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\themes\other_theme moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\themes\limewire_theme moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\themes\limewirePro_theme moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\themes\classic_theme moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\themes\black_theme moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\themes moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\promotion moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\mozilla-profile\updates\0 moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\mozilla-profile\updates moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\mozilla-profile\extensions moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\mozilla-profile\Cache moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\mozilla-profile moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\certificate moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\browser\xulrunner\res\html moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\browser\xulrunner\res\dtd moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\browser\xulrunner\res moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\browser\xulrunner\plugins moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\browser\xulrunner\modules moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\browser\xulrunner\greprefs moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\browser\xulrunner\dictionaries moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US\chrome moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\US moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\chrome moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\browser\xulrunner\defaults\pref moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\browser\xulrunner\defaults\autoconfig moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\browser\xulrunner\defaults moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\browser\xulrunner\components moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\browser\xulrunner\chrome moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\browser\xulrunner moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\browser moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\.NetworkShare\Incomplete moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\.NetworkShare moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire\.AppSpecialShare moved successfully.
C:\Users\Jonny\AppData\Roaming\LimeWire moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Deshveer
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jonny
->Temp folder emptied: 655627 bytes
->Temporary Internet Files folder emptied: 150914702 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 1120 bytes
->Apple Safari cache emptied: 42814 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 9795167 bytes
RecycleBin emptied: 71597 bytes

Total Files Cleaned = 154.03 mb


OTM by OldTimer - Version 3.0.0.5 log created on 07212009_110901

Files moved on Reboot...
C:\ProgramData\ESET\ESET NOD32 Antivirus\Logs moved successfully.
Folder move failed. C:\ProgramData\ESET\ESET NOD32 Antivirus scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\ESET\ESET NOD32 Antivirus scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\ESET scheduled to be moved on reboot.
yarders
Regular Member
 
Posts: 58
Joined: July 14th, 2009, 5:51 am

Re: weird virus

Unread postby yarders » July 21st, 2009, 6:32 am

i deleted my recycle bin by acident how do i get it back to my desk top?
yarders
Regular Member
 
Posts: 58
Joined: July 14th, 2009, 5:51 am

Re: weird virus

Unread postby yarders » July 21st, 2009, 7:00 am

my computer is faster now with 102 gig free
heres the rsit log

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jonny at 2009-07-21 11:58:59
Microsoft® Windows Vista™ Ultimate
System drive C: has 105 GB (36%) free of 292 GB
Total RAM: 3581 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:05, on 21/07/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16851)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\LVComS.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Users\Jonny\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jonny.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&c ... bd=2080425
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig/dell?hl=en&c ... bd=2080425
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [LVComs] C:\Windows\system32\LVComS.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .9.113.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll C:\Windows\System32\avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9f505dcf6ec00) (gupdate1c9f505dcf6ec00) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 10631 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{A085D112-D7D5-41D0-8160-0C2AC0A1DB84}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-05-10 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-06-06 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-09 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-09 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2008-06-23 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-09 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-04-25 1006264]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2008-01-25 167936]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2007-12-03 405504]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-09-28 86016]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-09-28 81920]
"PSQLLauncher"=C:\Program Files\Fingerprint Reader Suite\launcher.exe [2007-04-16 49168]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-03-21 174872]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2008-03-11 16384]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-07-01 1948440]
"LVComs"=C:\Windows\system32\LVComS.exe [2003-12-06 102400]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-04-22 177472]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]
"dellsupportcenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-14 206064]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-23 39408]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-02-04 23975720]
"igndlm.exe"=C:\Program Files\Download Manager\DLM.exe [2009-05-15 1103216]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll C:\Windows\System32\avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2009-07-21 11:09:01 ----D---- C:\_OTM
2009-07-21 11:06:24 ----D---- C:\Program Files\ERUNT
2009-07-21 11:02:01 ----D---- C:\Program Files\Windows Installer Clean Up
2009-07-21 10:56:59 ----D---- C:\Program Files\MSECACHE
2009-07-20 23:11:45 ----A---- C:\Windows\system32\EncDec.dll
2009-07-20 23:11:41 ----A---- C:\Windows\system32\psisdecd.dll
2009-07-20 23:11:23 ----D---- C:\rsit
2009-07-20 23:11:20 ----A---- C:\Windows\system32\mcmde.dll
2009-07-20 23:01:40 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-07-20 23:01:40 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-07-20 23:01:37 ----A---- C:\Windows\system32\rpcss.dll
2009-07-20 23:01:33 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-07-20 23:01:32 ----A---- C:\Windows\system32\sdohlp.dll
2009-07-20 23:01:32 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-07-20 23:01:32 ----A---- C:\Windows\system32\iasrecst.dll
2009-07-20 23:01:32 ----A---- C:\Windows\system32\iasdatastore.dll
2009-07-20 23:01:32 ----A---- C:\Windows\system32\iasads.dll
2009-07-20 23:00:05 ----A---- C:\Windows\system32\t2embed.dll
2009-07-20 23:00:05 ----A---- C:\Windows\system32\fontsub.dll
2009-07-20 23:00:04 ----A---- C:\Windows\system32\lpk.dll
2009-07-20 23:00:04 ----A---- C:\Windows\system32\atmfd.dll
2009-07-20 23:00:03 ----A---- C:\Windows\system32\dciman32.dll
2009-07-20 23:00:03 ----A---- C:\Windows\system32\atmlib.dll
2009-07-20 22:52:49 ----A---- C:\Windows\system32\winhttp.dll
2009-07-20 22:52:39 ----A---- C:\Windows\system32\xolehlp.dll
2009-07-20 22:52:39 ----A---- C:\Windows\system32\msdtcprx.dll
2009-07-20 22:52:19 ----A---- C:\Windows\system32\wmp.dll
2009-07-20 22:52:16 ----A---- C:\Windows\system32\spwmp.dll
2009-07-20 22:52:10 ----A---- C:\Windows\system32\dxmasf.dll
2009-07-20 22:52:07 ----A---- C:\Windows\system32\wmploc.DLL
2009-07-20 22:50:42 ----A---- C:\Windows\system32\localspl.dll
2009-07-20 22:46:14 ----A---- C:\Windows\system32\mshtml.dll
2009-07-20 22:46:11 ----A---- C:\Windows\system32\mstime.dll
2009-07-20 22:46:11 ----A---- C:\Windows\system32\ieframe.dll
2009-07-20 22:46:08 ----A---- C:\Windows\system32\urlmon.dll
2009-07-20 22:46:05 ----A---- C:\Windows\system32\iedkcs32.dll
2009-07-20 22:46:04 ----A---- C:\Windows\system32\wininet.dll
2009-07-20 22:46:04 ----A---- C:\Windows\system32\occache.dll
2009-07-20 22:46:04 ----A---- C:\Windows\system32\iertutil.dll
2009-07-20 22:46:04 ----A---- C:\Windows\system32\dxtmsft.dll
2009-07-20 22:46:03 ----A---- C:\Windows\system32\msfeeds.dll
2009-07-20 22:46:03 ----A---- C:\Windows\system32\ieaksie.dll
2009-07-20 22:46:02 ----A---- C:\Windows\system32\mshtmled.dll
2009-07-20 22:46:02 ----A---- C:\Windows\system32\ieencode.dll
2009-07-20 22:46:02 ----A---- C:\Windows\system32\icardie.dll
2009-07-20 22:46:02 ----A---- C:\Windows\system32\dxtrans.dll
2009-07-20 22:46:01 ----A---- C:\Windows\system32\jsproxy.dll
2009-07-20 22:46:01 ----A---- C:\Windows\system32\advpack.dll
2009-07-20 22:46:01 ----A---- C:\Windows\system32\admparse.dll
2009-07-20 22:46:00 ----A---- C:\Windows\system32\ieui.dll
2009-07-20 22:46:00 ----A---- C:\Windows\system32\iesetup.dll
2009-07-20 22:46:00 ----A---- C:\Windows\system32\iernonce.dll
2009-07-20 22:46:00 ----A---- C:\Windows\system32\ie4uinit.exe
2009-07-20 22:45:59 ----A---- C:\Windows\system32\pngfilt.dll
2009-07-20 22:45:59 ----A---- C:\Windows\system32\ieUnatt.exe
2009-07-20 22:45:58 ----A---- C:\Windows\system32\mshtmler.dll
2009-07-20 22:45:58 ----A---- C:\Windows\system32\ieapfltr.dll
2009-07-20 22:45:58 ----A---- C:\Windows\system32\ieakui.dll
2009-07-20 22:43:38 ----D---- C:\Users\Jonny\AppData\Roaming\Malwarebytes
2009-07-20 22:43:33 ----D---- C:\ProgramData\Malwarebytes
2009-07-20 22:43:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-20 22:42:47 ----A---- C:\Windows\system32\lsasrv.dll
2009-07-20 22:42:47 ----A---- C:\Windows\system32\kernel32.dll
2009-07-20 22:42:46 ----A---- C:\Windows\system32\secur32.dll
2009-07-20 22:42:46 ----A---- C:\Windows\system32\lsass.exe
2009-07-20 22:42:46 ----A---- C:\Windows\system32\apilogen.dll
2009-07-20 22:42:46 ----A---- C:\Windows\system32\amxread.dll
2009-07-20 22:33:37 ----A---- C:\Windows\system32\schannel.dll
2009-07-20 22:33:10 ----A---- C:\Windows\system32\rpcrt4.dll
2009-07-20 18:15:33 ----A---- C:\ComboFix.txt
2009-07-20 18:14:45 ----SHD---- C:\$RECYCLE(2).BIN
2009-07-20 17:01:04 ----SHD---- C:\$RECYCLE.BIN
2009-07-20 14:11:48 ----SHD---- C:\found.000
2009-07-20 13:29:25 ----A---- C:\Windows\zip.exe
2009-07-20 13:29:25 ----A---- C:\Windows\SWXCACLS.exe
2009-07-20 13:29:25 ----A---- C:\Windows\SWSC.exe
2009-07-20 13:29:25 ----A---- C:\Windows\SWREG.exe
2009-07-20 13:29:25 ----A---- C:\Windows\sed.exe
2009-07-20 13:29:25 ----A---- C:\Windows\PEV.exe
2009-07-20 13:29:25 ----A---- C:\Windows\NIRCMD.exe
2009-07-20 13:29:25 ----A---- C:\Windows\grep.exe
2009-07-20 13:26:19 ----D---- C:\Windows\ERDNT
2009-07-20 13:24:30 ----D---- C:\Qoobox
2009-07-18 13:33:08 ----D---- C:\Rooter$
2009-07-17 20:57:26 ----A---- C:\Windows\system32\trltmpct.dll
2009-07-17 20:57:22 ----D---- C:\3D Rad
2009-07-15 19:54:55 ----D---- C:\Users\Jonny\AppData\Roaming\IGN_DLM
2009-07-15 19:54:49 ----D---- C:\Program Files\Download Manager
2009-07-14 16:47:08 ----D---- C:\Program Files\Activision
2009-07-14 15:51:46 ----D---- C:\Program Files\Safari
2009-07-14 13:35:08 ----D---- C:\Program Files\Mozilla Firefox
2009-07-14 10:48:26 ----D---- C:\Program Files\Trend Micro
2009-07-08 20:09:12 ----D---- C:\ProgramData\ESET
2009-07-01 17:27:32 ----D---- C:\ProgramData\AVG Security Toolbar
2009-06-28 19:04:18 ----D---- C:\Users\Jonny\AppData\Roaming\IDM
2009-06-28 19:04:18 ----D---- C:\Users\Jonny\AppData\Roaming\DMCache
2009-06-28 19:04:12 ----D---- C:\Program Files\Internet Download Manager
2009-06-28 15:17:25 ----D---- C:\Program Files\PC Satellite TV
2009-06-24 20:56:46 ----D---- C:\Program Files\Common Files\DivX Shared
2009-06-24 20:04:28 ----D---- C:\Program Files\Air Mouse

======List of files/folders modified in the last 1 months======

2009-07-21 11:59:05 ----D---- C:\Windows\Prefetch
2009-07-21 11:59:02 ----D---- C:\Windows\Temp
2009-07-21 11:30:38 ----D---- C:\Users\Jonny\AppData\Roaming\Skype
2009-07-21 11:27:16 ----D---- C:\Windows\rescache
2009-07-21 11:10:12 ----D---- C:\Windows\winsxs
2009-07-21 11:09:11 ----D---- C:\Program Files
2009-07-21 11:09:08 ----HD---- C:\ProgramData
2009-07-21 11:09:08 ----D---- C:\Windows\System32
2009-07-21 11:05:23 ----SHD---- C:\Windows\Installer
2009-07-21 11:03:29 ----D---- C:\Windows\system32\Tasks
2009-07-21 11:02:02 ----SD---- C:\Users\Jonny\AppData\Roaming\Microsoft
2009-07-21 11:01:56 ----SHD---- C:\System Volume Information
2009-07-21 10:59:15 ----D---- C:\Windows\system32\catroot
2009-07-21 07:06:26 ----D---- C:\Windows\system32\config
2009-07-21 07:04:20 ----SD---- C:\Windows\Downloaded Program Files
2009-07-21 07:04:20 ----RD---- C:\Windows\Offline Web Pages
2009-07-21 07:04:20 ----D---- C:\Windows\system32\ias
2009-07-21 07:04:04 ----D---- C:\Windows\Tasks
2009-07-21 07:04:03 ----D---- C:\Windows\system32\spool
2009-07-21 07:03:21 ----D---- C:\Windows\registration
2009-07-21 07:03:15 ----D---- C:\Windows\system32\XPSViewer
2009-07-21 07:03:15 ----D---- C:\Windows\PolicyDefinitions
2009-07-21 03:27:37 ----RSD---- C:\Windows\assembly
2009-07-21 03:27:37 ----D---- C:\Windows\Microsoft.NET
2009-07-21 03:19:56 ----D---- C:\Program Files\Advanced System Optimizer
2009-07-21 03:18:53 ----D---- C:\Windows\ehome
2009-07-21 03:18:43 ----D---- C:\Program Files\Windows Mail
2009-07-21 03:18:36 ----D---- C:\Windows\system32\wbem
2009-07-21 03:18:36 ----D---- C:\Windows\system32\en-US
2009-07-21 03:18:36 ----D---- C:\Program Files\Windows Media Player
2009-07-21 03:18:34 ----D---- C:\Windows\system32\manifeststore
2009-07-21 03:18:33 ----D---- C:\Windows\system32\migration
2009-07-21 03:18:33 ----D---- C:\Windows\AppPatch
2009-07-21 03:18:33 ----D---- C:\Program Files\Internet Explorer
2009-07-21 03:12:16 ----D---- C:\ProgramData\Microsoft Help
2009-07-21 03:10:55 ----D---- C:\Program Files\Common Files\microsoft shared
2009-07-21 03:07:36 ----D---- C:\Windows\system32\catroot2
2009-07-21 03:02:59 ----D---- C:\Windows
2009-07-21 03:01:04 ----D---- C:\Windows\system32\drivers
2009-07-21 03:00:58 ----D---- C:\Windows\inf
2009-07-20 22:25:19 ----D---- C:\Windows\Logs
2009-07-20 18:02:28 ----D---- C:\Program Files\Common Files
2009-07-20 17:09:30 ----D---- C:\Windows\system32\dllcache
2009-07-20 17:01:17 ----A---- C:\Windows\system.ini
2009-07-20 16:27:51 ----SHD---- C:\Boot
2009-07-19 00:10:40 ----AD---- C:\ProgramData\TEMP
2009-07-19 00:08:33 ----D---- C:\Program Files\Java
2009-07-18 22:41:18 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-17 22:36:32 ----A---- C:\Windows\Uninstall Manager.INI
2009-07-14 17:10:18 ----D---- C:\Windows\system32\LogFiles
2009-07-14 15:45:13 ----D---- C:\Windows\Minidump
2009-07-14 13:38:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-07-14 13:35:37 ----D---- C:\Users\Jonny\AppData\Roaming\Mozilla
2009-07-10 11:25:11 ----D---- C:\Users\Jonny\AppData\Roaming\mIRC
2009-07-07 08:10:58 ----A---- C:\Windows\system32\mrt.exe
2009-07-06 20:39:55 ----A---- C:\Windows\ntbtlog.txt
2009-07-03 21:12:28 ----HD---- C:\$AVG8.VAULT$
2009-07-01 17:26:48 ----A---- C:\Windows\system32\avgrsstx.dll
2009-06-24 20:57:21 ----D---- C:\Program Files\Google
2009-06-24 20:56:50 ----D---- C:\Program Files\DivX
2009-06-24 20:04:11 ----D---- C:\Windows\Downloaded Installations
2009-06-22 13:02:10 ----D---- C:\Program Files\Electronic Arts
2009-06-22 12:52:16 ----D---- C:\Users\Jonny\AppData\Roaming\Microsoft Game Studios
2009-06-22 12:52:16 ----D---- C:\ProgramData\Microsoft Games
2009-06-22 12:52:16 ----D---- C:\Program Files\Microsoft Games
2009-06-22 12:51:51 ----A---- C:\Windows\Rtcw.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-07-01 327688]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-07-01 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-06-06 108552]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-04-25 320000]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2009-02-06 92800]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-09-07 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-09-07 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-09-07 37376]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2008-01-25 164400]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-04-25 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-08-13 2226688]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-09-28 7620704]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2008-03-04 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2008-03-04 7424]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-04-25 82432]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-12-03 330240]
R3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2007-04-16 46992]
R3 vaxscsi;vaxscsi; C:\Windows\System32\Drivers\vaxscsi.sys [2009-04-26 223128]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-04-25 11264]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-28 278528]
S3 AFGMp50;AFGMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\AFGMp50.sys []
S3 AFGSp50;AFGSp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\AFGSp50.sys [2008-05-26 27072]
S3 alu0vo7d;alu0vo7d; C:\Windows\system32\drivers\alu0vo7d.sys []
S3 AVerBDA6x;AVerBDA6x service; C:\Windows\system32\DRIVERS\AVerBDA716x.sys [2008-01-31 1290240]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-04-29 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 78128]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 80176]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 16560]
S3 catchme;catchme; \??\C:\Users\Jonny\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
S3 SMALUSB;Digital Camera Driver; C:\Windows\system32\DRIVERS\smallogi.sys [2003-12-06 9472]
S3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2006-11-02 9216]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-04-22 39424]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 iaNvStor;Intel(R) Turbo Memory Controller; C:\Windows\system32\drivers\ianvstor.sys [2007-09-07 209408]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\system32\aestsrv.exe [2007-12-03 73728]
R2 AffinegyService;AffinegyService; C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe [2008-05-26 143360]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-01 906520]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-01 298776]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-07-25 647168]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-03-21 355096]
R2 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-07-25 327680]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-14 201968]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-12-03 102400]
R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe [2005-04-02 217600]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
S2 gupdate1c9f505dcf6ec00;Google Update Service (gupdate1c9f505dcf6ec00); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-24 133104]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2006-11-02 521216]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-18 655624]
S3 GoogleDesktopManager-010708-104812;Google Desktop Manager 5.7.801.7324; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-04-25 29744]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-14 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-12-02 74384]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-04-25 562176]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------
yarders
Regular Member
 
Posts: 58
Joined: July 14th, 2009, 5:51 am

Re: weird virus

Unread postby yarders » July 21st, 2009, 7:00 am

my computer is faster now with 102 gig free
heres the rsit log

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jonny at 2009-07-21 11:58:59
Microsoft® Windows Vista™ Ultimate
System drive C: has 105 GB (36%) free of 292 GB
Total RAM: 3581 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:05, on 21/07/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16851)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\LVComS.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Users\Jonny\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jonny.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&c ... bd=2080425
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig/dell?hl=en&c ... bd=2080425
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [LVComs] C:\Windows\system32\LVComS.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .9.113.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll C:\Windows\System32\avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9f505dcf6ec00) (gupdate1c9f505dcf6ec00) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 10631 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{A085D112-D7D5-41D0-8160-0C2AC0A1DB84}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-05-10 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-06-06 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-09 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-09 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2008-06-23 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-09 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-04-25 1006264]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2008-01-25 167936]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2007-12-03 405504]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-09-28 86016]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-09-28 81920]
"PSQLLauncher"=C:\Program Files\Fingerprint Reader Suite\launcher.exe [2007-04-16 49168]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-03-21 174872]
"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2008-03-11 16384]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-07-01 1948440]
"LVComs"=C:\Windows\system32\LVComS.exe [2003-12-06 102400]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-04-22 177472]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]
"dellsupportcenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-08-14 206064]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-23 39408]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-02-04 23975720]
"igndlm.exe"=C:\Program Files\Download Manager\DLM.exe [2009-05-15 1103216]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll C:\Windows\System32\avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2009-07-21 11:09:01 ----D---- C:\_OTM
2009-07-21 11:06:24 ----D---- C:\Program Files\ERUNT
2009-07-21 11:02:01 ----D---- C:\Program Files\Windows Installer Clean Up
2009-07-21 10:56:59 ----D---- C:\Program Files\MSECACHE
2009-07-20 23:11:45 ----A---- C:\Windows\system32\EncDec.dll
2009-07-20 23:11:41 ----A---- C:\Windows\system32\psisdecd.dll
2009-07-20 23:11:23 ----D---- C:\rsit
2009-07-20 23:11:20 ----A---- C:\Windows\system32\mcmde.dll
2009-07-20 23:01:40 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-07-20 23:01:40 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-07-20 23:01:37 ----A---- C:\Windows\system32\rpcss.dll
2009-07-20 23:01:33 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-07-20 23:01:32 ----A---- C:\Windows\system32\sdohlp.dll
2009-07-20 23:01:32 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-07-20 23:01:32 ----A---- C:\Windows\system32\iasrecst.dll
2009-07-20 23:01:32 ----A---- C:\Windows\system32\iasdatastore.dll
2009-07-20 23:01:32 ----A---- C:\Windows\system32\iasads.dll
2009-07-20 23:00:05 ----A---- C:\Windows\system32\t2embed.dll
2009-07-20 23:00:05 ----A---- C:\Windows\system32\fontsub.dll
2009-07-20 23:00:04 ----A---- C:\Windows\system32\lpk.dll
2009-07-20 23:00:04 ----A---- C:\Windows\system32\atmfd.dll
2009-07-20 23:00:03 ----A---- C:\Windows\system32\dciman32.dll
2009-07-20 23:00:03 ----A---- C:\Windows\system32\atmlib.dll
2009-07-20 22:52:49 ----A---- C:\Windows\system32\winhttp.dll
2009-07-20 22:52:39 ----A---- C:\Windows\system32\xolehlp.dll
2009-07-20 22:52:39 ----A---- C:\Windows\system32\msdtcprx.dll
2009-07-20 22:52:19 ----A---- C:\Windows\system32\wmp.dll
2009-07-20 22:52:16 ----A---- C:\Windows\system32\spwmp.dll
2009-07-20 22:52:10 ----A---- C:\Windows\system32\dxmasf.dll
2009-07-20 22:52:07 ----A---- C:\Windows\system32\wmploc.DLL
2009-07-20 22:50:42 ----A---- C:\Windows\system32\localspl.dll
2009-07-20 22:46:14 ----A---- C:\Windows\system32\mshtml.dll
2009-07-20 22:46:11 ----A---- C:\Windows\system32\mstime.dll
2009-07-20 22:46:11 ----A---- C:\Windows\system32\ieframe.dll
2009-07-20 22:46:08 ----A---- C:\Windows\system32\urlmon.dll
2009-07-20 22:46:05 ----A---- C:\Windows\system32\iedkcs32.dll
2009-07-20 22:46:04 ----A---- C:\Windows\system32\wininet.dll
2009-07-20 22:46:04 ----A---- C:\Windows\system32\occache.dll
2009-07-20 22:46:04 ----A---- C:\Windows\system32\iertutil.dll
2009-07-20 22:46:04 ----A---- C:\Windows\system32\dxtmsft.dll
2009-07-20 22:46:03 ----A---- C:\Windows\system32\msfeeds.dll
2009-07-20 22:46:03 ----A---- C:\Windows\system32\ieaksie.dll
2009-07-20 22:46:02 ----A---- C:\Windows\system32\mshtmled.dll
2009-07-20 22:46:02 ----A---- C:\Windows\system32\ieencode.dll
2009-07-20 22:46:02 ----A---- C:\Windows\system32\icardie.dll
2009-07-20 22:46:02 ----A---- C:\Windows\system32\dxtrans.dll
2009-07-20 22:46:01 ----A---- C:\Windows\system32\jsproxy.dll
2009-07-20 22:46:01 ----A---- C:\Windows\system32\advpack.dll
2009-07-20 22:46:01 ----A---- C:\Windows\system32\admparse.dll
2009-07-20 22:46:00 ----A---- C:\Windows\system32\ieui.dll
2009-07-20 22:46:00 ----A---- C:\Windows\system32\iesetup.dll
2009-07-20 22:46:00 ----A---- C:\Windows\system32\iernonce.dll
2009-07-20 22:46:00 ----A---- C:\Windows\system32\ie4uinit.exe
2009-07-20 22:45:59 ----A---- C:\Windows\system32\pngfilt.dll
2009-07-20 22:45:59 ----A---- C:\Windows\system32\ieUnatt.exe
2009-07-20 22:45:58 ----A---- C:\Windows\system32\mshtmler.dll
2009-07-20 22:45:58 ----A---- C:\Windows\system32\ieapfltr.dll
2009-07-20 22:45:58 ----A---- C:\Windows\system32\ieakui.dll
2009-07-20 22:43:38 ----D---- C:\Users\Jonny\AppData\Roaming\Malwarebytes
2009-07-20 22:43:33 ----D---- C:\ProgramData\Malwarebytes
2009-07-20 22:43:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-20 22:42:47 ----A---- C:\Windows\system32\lsasrv.dll
2009-07-20 22:42:47 ----A---- C:\Windows\system32\kernel32.dll
2009-07-20 22:42:46 ----A---- C:\Windows\system32\secur32.dll
2009-07-20 22:42:46 ----A---- C:\Windows\system32\lsass.exe
2009-07-20 22:42:46 ----A---- C:\Windows\system32\apilogen.dll
2009-07-20 22:42:46 ----A---- C:\Windows\system32\amxread.dll
2009-07-20 22:33:37 ----A---- C:\Windows\system32\schannel.dll
2009-07-20 22:33:10 ----A---- C:\Windows\system32\rpcrt4.dll
2009-07-20 18:15:33 ----A---- C:\ComboFix.txt
2009-07-20 18:14:45 ----SHD---- C:\$RECYCLE(2).BIN
2009-07-20 17:01:04 ----SHD---- C:\$RECYCLE.BIN
2009-07-20 14:11:48 ----SHD---- C:\found.000
2009-07-20 13:29:25 ----A---- C:\Windows\zip.exe
2009-07-20 13:29:25 ----A---- C:\Windows\SWXCACLS.exe
2009-07-20 13:29:25 ----A---- C:\Windows\SWSC.exe
2009-07-20 13:29:25 ----A---- C:\Windows\SWREG.exe
2009-07-20 13:29:25 ----A---- C:\Windows\sed.exe
2009-07-20 13:29:25 ----A---- C:\Windows\PEV.exe
2009-07-20 13:29:25 ----A---- C:\Windows\NIRCMD.exe
2009-07-20 13:29:25 ----A---- C:\Windows\grep.exe
2009-07-20 13:26:19 ----D---- C:\Windows\ERDNT
2009-07-20 13:24:30 ----D---- C:\Qoobox
2009-07-18 13:33:08 ----D---- C:\Rooter$
2009-07-17 20:57:26 ----A---- C:\Windows\system32\trltmpct.dll
2009-07-17 20:57:22 ----D---- C:\3D Rad
2009-07-15 19:54:55 ----D---- C:\Users\Jonny\AppData\Roaming\IGN_DLM
2009-07-15 19:54:49 ----D---- C:\Program Files\Download Manager
2009-07-14 16:47:08 ----D---- C:\Program Files\Activision
2009-07-14 15:51:46 ----D---- C:\Program Files\Safari
2009-07-14 13:35:08 ----D---- C:\Program Files\Mozilla Firefox
2009-07-14 10:48:26 ----D---- C:\Program Files\Trend Micro
2009-07-08 20:09:12 ----D---- C:\ProgramData\ESET
2009-07-01 17:27:32 ----D---- C:\ProgramData\AVG Security Toolbar
2009-06-28 19:04:18 ----D---- C:\Users\Jonny\AppData\Roaming\IDM
2009-06-28 19:04:18 ----D---- C:\Users\Jonny\AppData\Roaming\DMCache
2009-06-28 19:04:12 ----D---- C:\Program Files\Internet Download Manager
2009-06-28 15:17:25 ----D---- C:\Program Files\PC Satellite TV
2009-06-24 20:56:46 ----D---- C:\Program Files\Common Files\DivX Shared
2009-06-24 20:04:28 ----D---- C:\Program Files\Air Mouse

======List of files/folders modified in the last 1 months======

2009-07-21 11:59:05 ----D---- C:\Windows\Prefetch
2009-07-21 11:59:02 ----D---- C:\Windows\Temp
2009-07-21 11:30:38 ----D---- C:\Users\Jonny\AppData\Roaming\Skype
2009-07-21 11:27:16 ----D---- C:\Windows\rescache
2009-07-21 11:10:12 ----D---- C:\Windows\winsxs
2009-07-21 11:09:11 ----D---- C:\Program Files
2009-07-21 11:09:08 ----HD---- C:\ProgramData
2009-07-21 11:09:08 ----D---- C:\Windows\System32
2009-07-21 11:05:23 ----SHD---- C:\Windows\Installer
2009-07-21 11:03:29 ----D---- C:\Windows\system32\Tasks
2009-07-21 11:02:02 ----SD---- C:\Users\Jonny\AppData\Roaming\Microsoft
2009-07-21 11:01:56 ----SHD---- C:\System Volume Information
2009-07-21 10:59:15 ----D---- C:\Windows\system32\catroot
2009-07-21 07:06:26 ----D---- C:\Windows\system32\config
2009-07-21 07:04:20 ----SD---- C:\Windows\Downloaded Program Files
2009-07-21 07:04:20 ----RD---- C:\Windows\Offline Web Pages
2009-07-21 07:04:20 ----D---- C:\Windows\system32\ias
2009-07-21 07:04:04 ----D---- C:\Windows\Tasks
2009-07-21 07:04:03 ----D---- C:\Windows\system32\spool
2009-07-21 07:03:21 ----D---- C:\Windows\registration
2009-07-21 07:03:15 ----D---- C:\Windows\system32\XPSViewer
2009-07-21 07:03:15 ----D---- C:\Windows\PolicyDefinitions
2009-07-21 03:27:37 ----RSD---- C:\Windows\assembly
2009-07-21 03:27:37 ----D---- C:\Windows\Microsoft.NET
2009-07-21 03:19:56 ----D---- C:\Program Files\Advanced System Optimizer
2009-07-21 03:18:53 ----D---- C:\Windows\ehome
2009-07-21 03:18:43 ----D---- C:\Program Files\Windows Mail
2009-07-21 03:18:36 ----D---- C:\Windows\system32\wbem
2009-07-21 03:18:36 ----D---- C:\Windows\system32\en-US
2009-07-21 03:18:36 ----D---- C:\Program Files\Windows Media Player
2009-07-21 03:18:34 ----D---- C:\Windows\system32\manifeststore
2009-07-21 03:18:33 ----D---- C:\Windows\system32\migration
2009-07-21 03:18:33 ----D---- C:\Windows\AppPatch
2009-07-21 03:18:33 ----D---- C:\Program Files\Internet Explorer
2009-07-21 03:12:16 ----D---- C:\ProgramData\Microsoft Help
2009-07-21 03:10:55 ----D---- C:\Program Files\Common Files\microsoft shared
2009-07-21 03:07:36 ----D---- C:\Windows\system32\catroot2
2009-07-21 03:02:59 ----D---- C:\Windows
2009-07-21 03:01:04 ----D---- C:\Windows\system32\drivers
2009-07-21 03:00:58 ----D---- C:\Windows\inf
2009-07-20 22:25:19 ----D---- C:\Windows\Logs
2009-07-20 18:02:28 ----D---- C:\Program Files\Common Files
2009-07-20 17:09:30 ----D---- C:\Windows\system32\dllcache
2009-07-20 17:01:17 ----A---- C:\Windows\system.ini
2009-07-20 16:27:51 ----SHD---- C:\Boot
2009-07-19 00:10:40 ----AD---- C:\ProgramData\TEMP
2009-07-19 00:08:33 ----D---- C:\Program Files\Java
2009-07-18 22:41:18 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-17 22:36:32 ----A---- C:\Windows\Uninstall Manager.INI
2009-07-14 17:10:18 ----D---- C:\Windows\system32\LogFiles
2009-07-14 15:45:13 ----D---- C:\Windows\Minidump
2009-07-14 13:38:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-07-14 13:35:37 ----D---- C:\Users\Jonny\AppData\Roaming\Mozilla
2009-07-10 11:25:11 ----D---- C:\Users\Jonny\AppData\Roaming\mIRC
2009-07-07 08:10:58 ----A---- C:\Windows\system32\mrt.exe
2009-07-06 20:39:55 ----A---- C:\Windows\ntbtlog.txt
2009-07-03 21:12:28 ----HD---- C:\$AVG8.VAULT$
2009-07-01 17:26:48 ----A---- C:\Windows\system32\avgrsstx.dll
2009-06-24 20:57:21 ----D---- C:\Program Files\Google
2009-06-24 20:56:50 ----D---- C:\Program Files\DivX
2009-06-24 20:04:11 ----D---- C:\Windows\Downloaded Installations
2009-06-22 13:02:10 ----D---- C:\Program Files\Electronic Arts
2009-06-22 12:52:16 ----D---- C:\Users\Jonny\AppData\Roaming\Microsoft Game Studios
2009-06-22 12:52:16 ----D---- C:\ProgramData\Microsoft Games
2009-06-22 12:52:16 ----D---- C:\Program Files\Microsoft Games
2009-06-22 12:51:51 ----A---- C:\Windows\Rtcw.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-07-01 327688]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-07-01 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-06-06 108552]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-04-25 320000]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-08-14 74720]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2009-02-06 92800]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-09-07 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-09-07 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-09-07 37376]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2008-01-25 164400]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-04-25 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-08-13 2226688]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-09-28 7620704]
R3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2008-03-04 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2008-03-04 7424]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-04-25 82432]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-12-03 330240]
R3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2007-04-16 46992]
R3 vaxscsi;vaxscsi; C:\Windows\System32\Drivers\vaxscsi.sys [2009-04-26 223128]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-04-25 11264]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-28 278528]
S3 AFGMp50;AFGMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\AFGMp50.sys []
S3 AFGSp50;AFGSp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\AFGSp50.sys [2008-05-26 27072]
S3 alu0vo7d;alu0vo7d; C:\Windows\system32\drivers\alu0vo7d.sys []
S3 AVerBDA6x;AVerBDA6x service; C:\Windows\system32\DRIVERS\AVerBDA716x.sys [2008-01-31 1290240]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-04-29 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 78128]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 80176]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 16560]
S3 catchme;catchme; \??\C:\Users\Jonny\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]
S3 SMALUSB;Digital Camera Driver; C:\Windows\system32\DRIVERS\smallogi.sys [2003-12-06 9472]
S3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2006-11-02 9216]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-04-22 39424]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 iaNvStor;Intel(R) Turbo Memory Controller; C:\Windows\system32\drivers\ianvstor.sys [2007-09-07 209408]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\system32\aestsrv.exe [2007-12-03 73728]
R2 AffinegyService;AffinegyService; C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe [2008-05-26 143360]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-01 906520]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-01 298776]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-07-25 647168]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-03-21 355096]
R2 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2006-11-02 22016]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-07-25 327680]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-14 201968]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2007-12-03 102400]
R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe [2005-04-02 217600]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2006-11-02 22016]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
S2 gupdate1c9f505dcf6ec00;Google Update Service (gupdate1c9f505dcf6ec00); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-24 133104]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2006-11-02 521216]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-18 655624]
S3 GoogleDesktopManager-010708-104812;Google Desktop Manager 5.7.801.7324; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-04-25 29744]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-14 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-12-02 74384]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2006-11-02 22016]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-04-25 562176]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------
yarders
Regular Member
 
Posts: 58
Joined: July 14th, 2009, 5:51 am

Re: weird virus

Unread postby Dakeyras » July 21st, 2009, 7:04 am

Hi :)

i deleted my recycle bin by accident how do i get it back to my desk top?
OK no problem, try this as follows:

  • Right click the Vista Desktop
  • Click on Personalize
  • Select: 'Change desktop icons'
  • At the Desktop Icon Settings, place a tick next to: 'Recycle Bin'.

I am going to be out for most of the afternoon now, so will go over the logs later and reply back in due course OK :thumbup:
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: weird virus

Unread postby yarders » July 21st, 2009, 7:58 am

aww my recycle bin is empty now
yarders
Regular Member
 
Posts: 58
Joined: July 14th, 2009, 5:51 am

Re: weird virus

Unread postby Dakeyras » July 21st, 2009, 3:53 pm

Hi :)

my computer is faster now with 102 gig free
Good news indeed!

aww my recycle bin is empty now
Not a lot we can do about that I'm afraid. A side effect of restoring a accidentally deleted Recycle Bin.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Please navigate to Start >> All Programs >> right click on ERUNT and select Run as Administrator.

  • Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
  • System registry
  • Current user registry
  • Next click on OK
  • When the Question pop-up appears click on Yes
  • After a short duration the Registry backup is complete! popup will appear
  • Now click on OK. A backup has been created.

Note: If you have uninstalled ERUNT since we last used it, please inform myself before proceeding any further.

Custom OTM Script:

  • Right-click OTM and select Run as Administrator to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + B (or, after highlighting, right-click and choose Copy):
Code: Select all
:Processes
Explorer.EXE

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
[-HKEY_CLASSES_ROOT\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=-
[-HKEY_CLASSES_ROOT\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}]

:Files
C:\Windows\tasks\User_Feed_Synchronization-{A085D112-D7D5-41D0-8160-0C2AC0A1DB84}.job

:Commands
[EmptyTemp]
[Start Explorer]
[Reboot]
  • Return to OTM, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
  • Then click the red MoveIt! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.
  • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  • Close OTM.

Malwarebytes Anti-Malware:

Note: Remember to right click MBAM and select Run As Administrator

  • Launch the application, Check for Updates >> Perform a Quick Scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Run Kaspersky Online AV Scanner:

Right click on your favourite web browser (Internet Explorer, Firefox, etc) and select Run As Administrator to run it.

Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan and then put the kettle on!
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

When completed the above, please post back the following:

  • Inform myself how your computer is running. Any problems encountered and or further symptoms?
  • OTM Log.
  • Malwarebytes Anti-Malware Log.
  • Kaspersky results.
  • A new HijackThis Log. <-- Remember to right-click on HijackThis and select Run as Administrator.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 68 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware