Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

PC infected, please help...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

PC infected, please help...

Unread postby molly_malone » October 28th, 2009, 12:58 pm

My pc has numerous problems, AVG picked up a Trojan HorseS.Heur.AFYN C:\Windows\System32\SearchProtocolHost.exe
and i noticed that my router had had some sort of DOS Smurf attack. I've tried to read up about this online but some of the info i've read have conflicting views. I would really appreciate it if someone could help me sort this out as i don't want to end up killing my pc by deleting something i shouldn't have.

My HJT report is shown below.
thanks in advance for your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:20:36, on 28/10/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
D:\itunes\iTunesHelper.exe
C:\Windows\vVX1000.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\TrojanHunter 5.2\THGuard.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\TrojanHunter 5.2\TrojanHunter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.2\THGuard.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\Software\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\Software\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Extermin ... iVirus.dll
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - http://h20264.www2.hp.com/ediags/dd/ins ... sVista.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Windows Live OneCare Health Monitor (OcHealthMon) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
O23 - Service: OneCare AntiSpyware and AntiVirus (OneCareMP) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Unknown owner - G:\Software\Spybot - Search & Destroy\SDWinSec.exe (file missing)

--
End of file - 8369 bytes
molly_malone
Regular Member
 
Posts: 21
Joined: October 28th, 2009, 12:37 pm
Location: England
Advertisement
Register to Remove

Re: PC infected, please help...

Unread postby MWR 3 day Mod » October 31st, 2009, 11:24 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: PC infected, please help...

Unread postby Dakeyras » November 3rd, 2009, 12:52 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Hi molly_malone and welcome to Malware Removal. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!.
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Vista Advice:

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

The Operating System(Vista aka Windows 6) in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

Next:

You appear to have a system conflict from running too many security related applications. All of which are active in system memory, this will also actually lesson overall online protection. Do not make any changes to your system however, until I have researched all logs I will be requesting shortly, thank you.

i noticed that my router had had some sort of DOS Smurf attack
What makes you think this? Did you view such evidence in the Firewall(Nat feature) log of your Router? If so please cut n paste then post a example of such.(Just a small example will be adequate as these logs can be very large in size sometimes)

Security Application Check:

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1
Link 2

  • Right click on SecurityCheck.exe and select Run as Administrator then onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document in your next reply.

Scan with RSIT:

  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
Make sure that RSIT.exe is on the your Desktop before running the application!
  • Right click on RSIT.exe and select Run as Administrator to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.

Note: Both logs can also be located within this folder rsit at the root of your installed Hard-Drive. EG: C:\rsit

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • Portion of the Router Log.
  • SecurityCheck Log.
  • Both RSIT logs. <-- Post them individually please, IE: one Log per post/reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: PC infected, please help...

Unread postby molly_malone » November 3rd, 2009, 2:17 pm

Hi Dakeyras,

Nice to meet you.

Thanks a bunch for helping me out, i really do appreciate it.

I should have mentioned in my previous post about the multiple antiviruses i have at the moment. As i said i didn't use my pc for a few weeks and when i did the antivirus i had installed would not work properly, i.e. it wouldn't turn on say, the firewall or on the next re-boot it wouldn't load the spyware. I would get a message from windows each time i re-booted stating that one area of my security was not turned on. In the end i decided to uninstall that product and use another, that proved easier said that done, as i wasn't able to uninstall the previous antivirus software. I didn't want to leave my pc vulnerable (cough :oops: ) so i installed another, which then lead the same problem as before...and so finally i managed to get AVG installed and running ok, apart from the fact i still have to make some changes to my security everytime the pc is turned on and still couldn't remove the previous software, running in safe mode also wouldn't allow me to. I got an error message regarding 'rundll has stopped responding'

I feel such a fool that i didn't realise straight away that there was something more sinister going on.

Regarding the "DOS smurf attack" i mentioned, i came across that when i realised that there was major problems on my pc's security. I have to admit that i am no expert when looking in these 'logs' but i know enough to know if something doesn't 'seem' right and that smuft attack stood out a mile. I just wish i had copied the info down!

I can however, say that it looked something like this : [DOS Smurf attack:IP: (192.168.1.X)] to MAC address 00:XX:XX:XX:XX:XX, Monday, Nov 02,2009 21:38:34
I have checked my router status daily and i haven't come across it since. What does it mean?

i have downloaded the above link and the results are posted below from Security Application Check. I'll proceed onto the next one now and post results shortly.


Thanks again for your help Dakeyras,

Molly
molly_malone
Regular Member
 
Posts: 21
Joined: October 28th, 2009, 12:37 pm
Location: England

Re: PC infected, please help...

Unread postby molly_malone » November 3rd, 2009, 2:18 pm

Sorry here are the results....
Results of screen317's Security Check version 0.99.0
Windows Vista Service Pack 2 (UAC is enabled)
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 8.5
Microsoft Windows Live OneCare Resources v2.5.2900.28
GTOneCare
Authentium AntiVirus SDK - 2
RPS AntiVirus
RPS Firewall
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Spybot - Search & Destroy
RPS AntiSpyware
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 15
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
``````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````



Thanks Molly
molly_malone
Regular Member
 
Posts: 21
Joined: October 28th, 2009, 12:37 pm
Location: England

Re: PC infected, please help...

Unread postby molly_malone » November 3rd, 2009, 2:27 pm

Hiya

The log.txt :
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\vVX1000.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\itunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
D:\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Am\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Am.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Extermin ... iVirus.dll
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - http://h20264.www2.hp.com/ediags/dd/ins ... sVista.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DvpApi (dvpapi) - Unknown owner - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Windows Live OneCare Health Monitor (OcHealthMon) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
O23 - Service: OneCare AntiSpyware and AntiVirus (OneCareMP) - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Unknown owner - G:\Software\Spybot - Search & Destroy\SDWinSec.exe (file missing)

--
End of file - 7912 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{D8BF1B68-5BE8-4A48-850B-39E17F070BA5}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - D:\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-09-02 1107200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"VX1000"=C:\Windows\vVX1000.exe [2009-06-26 757248]
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2009-07-24 118640]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-11-03 2028312]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=D:\itunes\iTunesHelper.exe [2009-10-28 141600]
"OneCareUI"=C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe [2009-07-09 65240]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"SpybotSD TeaTimer"=D:\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\-FreedomNeedsReboot]
C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe [2007-09-05 13552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2008-09-17 92704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UniblueRegistryBooster]
D:\RegistryBooster 2010\launcher.exe delay 20000 []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\OneCareMP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-11-03 18:20:12 ----DC---- C:\rsit
2009-11-02 21:54:44 ----SHDC---- C:\Config.Msi
2009-11-02 21:32:37 ----DC---- C:\Program Files\Lavasoft
2009-11-02 21:32:37 ----D---- C:\ProgramData\Lavasoft
2009-11-02 21:31:45 ----HDC---- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-02 18:43:52 ----A---- C:\Windows\ntbtlog.txt
2009-11-02 17:40:52 ----D---- C:\Users\Am\AppData\Roaming\Mozilla
2009-11-02 12:23:04 ----D---- C:\Users\Am\AppData\Roaming\Uniblue
2009-10-30 22:02:26 ----A---- C:\Windows\system32\wups2.dll
2009-10-30 22:02:25 ----A---- C:\Windows\system32\wucltux.dll
2009-10-30 22:02:25 ----A---- C:\Windows\system32\wuaueng.dll
2009-10-30 22:02:25 ----A---- C:\Windows\system32\wuauclt.exe
2009-10-30 22:01:56 ----A---- C:\Windows\system32\wups.dll
2009-10-30 22:01:56 ----A---- C:\Windows\system32\wudriver.dll
2009-10-30 22:01:56 ----A---- C:\Windows\system32\wuapi.dll
2009-10-30 22:01:41 ----A---- C:\Windows\system32\wuwebv.dll
2009-10-30 22:01:41 ----A---- C:\Windows\system32\wuapp.exe
2009-10-29 20:18:35 ----A---- C:\Windows\system32\GEARAspi.dll
2009-10-29 20:17:41 ----DC---- C:\Program Files\iPod
2009-10-29 20:17:26 ----D---- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-29 20:09:44 ----DC---- C:\Program Files\QuickTime
2009-10-28 21:18:04 ----D---- C:\Users\Am\AppData\Roaming\WinPatrol
2009-10-28 20:51:08 ----D---- C:\Users\Am\AppData\Roaming\InstallShield
2009-10-28 15:54:07 ----A---- C:\Windows\system32\wmp.dll
2009-10-28 15:53:53 ----A---- C:\Windows\system32\unregmp2.exe
2009-10-28 15:53:50 ----A---- C:\Windows\system32\wmploc.DLL
2009-10-26 21:18:41 ----D---- C:\ProgramData\PCPitstop
2009-10-26 21:17:16 ----DC---- C:\Program Files\PCPitstop
2009-10-26 21:16:30 ----D---- C:\Users\Am\AppData\Roaming\Registry Mechanic
2009-10-26 21:15:39 ----D---- C:\Users\Am\AppData\Roaming\TrojanHunter
2009-10-26 19:18:22 ----R---- C:\Windows\system32\streamhlp.dll
2009-10-26 19:18:22 ----DC---- C:\Program Files\TrojanHunter 5.2
2009-10-26 19:13:29 ----AD---- C:\ProgramData\TEMP
2009-10-26 19:12:54 ----D---- C:\Program Files\Common Files\PC Tools
2009-10-26 19:12:50 ----DC---- C:\Program Files\Registry Mechanic
2009-10-26 19:10:20 ----HDC---- C:\$AVG8.VAULT$
2009-10-25 22:53:56 ----D---- C:\Users\Am\AppData\Roaming\Yahoo!
2009-10-25 19:41:15 ----DC---- C:\Program Files\Trend Micro
2009-10-24 21:53:01 ----D---- C:\Windows\system32\Adobe
2009-10-24 21:52:20 ----DC---- C:\Program Files\NOS
2009-10-24 20:18:20 ----A---- C:\Windows\system32\avgrsstx.dll
2009-10-24 20:16:04 ----DC---- C:\Program Files\AVG
2009-10-24 20:16:02 ----D---- C:\ProgramData\avg8
2009-10-23 20:30:16 ----D---- C:\Program Files\Common Files\Authentium
2009-10-23 20:27:50 ----A---- C:\Windows\system32\javaws.exe
2009-10-23 20:27:50 ----A---- C:\Windows\system32\javaw.exe
2009-10-23 20:27:50 ----A---- C:\Windows\system32\java.exe
2009-10-23 20:27:24 ----A---- C:\Windows\system32\jscript.dll
2009-10-23 20:27:10 ----A---- C:\Windows\system32\netiohlp.dll
2009-10-23 20:27:08 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-10-23 20:27:08 ----A---- C:\Windows\system32\ROUTE.EXE
2009-10-23 20:27:08 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-10-23 20:27:08 ----A---- C:\Windows\system32\MRINFO.EXE
2009-10-23 20:27:08 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-10-23 20:27:08 ----A---- C:\Windows\system32\finger.exe
2009-10-23 20:27:08 ----A---- C:\Windows\system32\ARP.EXE
2009-10-23 20:27:07 ----A---- C:\Windows\system32\netevent.dll
2009-10-23 20:26:22 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-10-23 20:26:20 ----A---- C:\Windows\system32\mf.dll
2009-10-23 20:26:10 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-10-23 20:26:10 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-10-23 20:25:44 ----A---- C:\Windows\system32\wlansec.dll
2009-10-23 20:25:44 ----A---- C:\Windows\system32\wlanmsm.dll
2009-10-23 20:25:44 ----A---- C:\Windows\system32\L2SecHC.dll
2009-10-23 20:25:43 ----A---- C:\Windows\system32\wlanapi.dll
2009-10-23 20:25:42 ----A---- C:\Windows\system32\wlansvc.dll
2009-10-23 20:25:33 ----A---- C:\Windows\system32\msv1_0.dll
2009-10-23 20:25:21 ----A---- C:\Windows\system32\mshtml.dll
2009-10-23 20:25:19 ----A---- C:\Windows\system32\ieframe.dll
2009-10-23 20:25:17 ----A---- C:\Windows\system32\wininet.dll
2009-10-23 20:25:17 ----A---- C:\Windows\system32\urlmon.dll
2009-10-23 20:25:17 ----A---- C:\Windows\system32\iertutil.dll
2009-10-23 20:25:16 ----A---- C:\Windows\system32\occache.dll
2009-10-23 20:25:16 ----A---- C:\Windows\system32\msfeeds.dll
2009-10-23 20:25:16 ----A---- C:\Windows\system32\iedkcs32.dll
2009-10-23 20:25:15 ----A---- C:\Windows\system32\msfeedssync.exe
2009-10-23 20:25:15 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-10-23 20:25:15 ----A---- C:\Windows\system32\jsproxy.dll
2009-10-23 20:25:15 ----A---- C:\Windows\system32\ieUnatt.exe
2009-10-23 20:25:15 ----A---- C:\Windows\system32\ieui.dll
2009-10-23 20:25:15 ----A---- C:\Windows\system32\iesysprep.dll
2009-10-23 20:25:15 ----A---- C:\Windows\system32\iesetup.dll
2009-10-23 20:25:15 ----A---- C:\Windows\system32\iernonce.dll
2009-10-23 20:25:15 ----A---- C:\Windows\system32\iepeers.dll
2009-10-23 20:25:15 ----A---- C:\Windows\system32\ie4uinit.exe
2009-10-23 20:24:54 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-10-23 20:24:53 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-10-23 20:23:50 ----D---- C:\Users\Am\AppData\Roaming\SoftwareDetectionScripts
2009-10-23 20:22:04 ----A---- C:\Windows\system32\msasn1.dll
2009-10-23 20:17:11 ----N---- C:\Windows\system32\MpSigStub.exe
2009-10-23 20:13:39 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2009-10-22 20:15:44 ----DC---- C:\Program Files\Microsoft Office

======List of files/folders modified in the last 1 months======

2009-11-03 18:20:35 ----D---- C:\Windows\Temp
2009-11-03 18:20:32 ----D---- C:\Windows\Prefetch
2009-11-03 17:46:16 ----D---- C:\Windows\System32
2009-11-03 17:46:16 ----D---- C:\Windows\inf
2009-11-03 17:46:16 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-11-03 17:44:18 ----D---- C:\Windows\system32\Tasks
2009-11-03 17:42:24 ----D---- C:\Windows\registration
2009-11-03 17:41:41 ----SHD---- C:\System Volume Information
2009-11-02 21:54:49 ----SHD---- C:\Windows\Installer
2009-11-02 21:54:45 ----D---- C:\Program Files\Windows Live Safety Center
2009-11-02 21:47:34 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-02 21:45:26 ----HD---- C:\ProgramData
2009-11-02 21:45:25 ----D---- C:\Windows\system32\drivers
2009-11-02 21:36:55 ----DC---- C:\Windows\system32\DRVSTORE
2009-11-02 21:36:55 ----D---- C:\Windows\system32\catroot2
2009-11-02 21:36:55 ----D---- C:\Windows\system32\catroot
2009-11-02 21:32:37 ----RDC---- C:\Program Files
2009-11-02 21:32:32 ----D---- C:\Windows\winsxs
2009-11-02 20:48:04 ----D---- C:\Program Files\Common Files
2009-11-02 20:43:46 ----D---- C:\Windows
2009-11-02 18:44:53 ----A---- C:\Windows\NeroDigital.ini
2009-11-02 18:44:14 ----D---- C:\Windows\Debug
2009-11-02 12:42:54 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-11-02 12:42:49 ----D---- C:\Windows\system32\LogFiles
2009-11-02 12:31:06 ----D---- C:\Program Files\CCleaner
2009-11-01 18:17:15 ----SD---- C:\Windows\Downloaded Program Files
2009-10-31 16:44:07 ----D---- C:\Windows\rescache
2009-10-31 16:27:50 ----D---- C:\Windows\system32\en-US
2009-10-29 20:34:42 ----D---- C:\Users\Am\AppData\Roaming\Apple Computer
2009-10-29 20:17:39 ----D---- C:\Program Files\Common Files\Apple
2009-10-29 19:47:09 ----D---- C:\Program Files\Internet Explorer
2009-10-29 19:47:08 ----D---- C:\Program Files\Windows Media Player
2009-10-26 19:03:32 ----SD---- C:\ProgramData\Microsoft
2009-10-24 20:15:31 ----D---- C:\Program Files\Common Files\microsoft shared
2009-10-24 20:14:36 ----SD---- C:\Users\Am\AppData\Roaming\Microsoft
2009-10-24 19:56:43 ----DC---- C:\Program Files\Microsoft Windows OneCare Live
2009-10-23 21:49:57 ----D---- C:\Windows\ehome
2009-10-23 21:49:57 ----D---- C:\Program Files\Windows Mail
2009-10-23 21:49:56 ----D---- C:\Windows\system32\migration
2009-10-23 21:49:54 ----D---- C:\Windows\AppPatch
2009-10-23 20:27:42 ----D---- C:\Program Files\Java
2009-10-23 20:09:58 ----D---- C:\Program Files\Microsoft Silverlight
2009-10-23 20:00:18 ----RSD---- C:\Windows\Fonts
2009-10-23 20:00:05 ----D---- C:\Windows\system32\wbem
2009-10-23 19:58:43 ----D---- C:\Windows\system32\config
2009-10-23 19:56:17 ----D---- C:\Windows\Tasks
2009-10-23 19:56:17 ----D---- C:\Windows\system32\spool
2009-10-23 19:56:17 ----D---- C:\Windows\system32\restore
2009-10-23 19:56:16 ----D---- C:\Windows\system32\Msdtc
2009-10-23 19:56:15 ----D---- C:\Windows\system32\CodeIntegrity
2009-10-23 19:56:07 ----RSD---- C:\Windows\assembly
2009-10-23 19:56:07 ----RD---- C:\Users
2009-10-23 19:56:01 ----DC---- C:\Program Files\Movie Maker 2.6
2009-10-23 19:56:01 ----D---- C:\ProgramData\HP Product Assistant
2009-10-23 19:56:00 ----DC---- C:\Program Files\Microsoft LifeCam
2009-10-23 19:55:59 ----DC---- C:\Program Files\CA
2009-10-23 19:55:59 ----DC---- C:\Program Files\Apple Software Update
2009-10-23 19:55:59 ----D---- C:\Program Files\Common Files\Scanner
2009-10-23 19:55:59 ----D---- C:\Program Files\Common Files\PX Storage Engine
2009-10-23 19:55:59 ----D---- C:\Program Files\Common Files\LightScribe
2009-10-23 19:55:59 ----D---- C:\Program Files\Bonjour
2009-10-23 19:54:07 ----D---- C:\Windows\Help
2009-10-23 19:54:07 ----D---- C:\Windows\Boot
2009-10-23 19:54:06 ----D---- C:\Program Files\Foxit Software
2009-10-23 19:54:06 ----D---- C:\Program Files\Common Files\Ahead
2009-10-23 19:54:05 ----DC---- C:\Program Files\LightScribe
2009-10-23 19:54:05 ----D---- C:\Windows\servicing
2009-10-23 19:54:05 ----D---- C:\ProgramData\Apple
2009-10-23 19:54:05 ----D---- C:\Program Files\Common Files\HP
2009-10-23 19:54:04 ----D---- C:\Windows\WindowsMobile
2009-10-23 19:54:04 ----D---- C:\Windows\Web
2009-10-23 19:54:04 ----D---- C:\Windows\system32\XPSViewer
2009-10-23 19:54:04 ----D---- C:\Windows\system32\winrm
2009-10-23 19:54:04 ----D---- C:\Windows\system32\WCN
2009-10-23 19:54:04 ----D---- C:\Windows\system32\sysprep
2009-10-23 19:54:04 ----D---- C:\Windows\system32\Speech
2009-10-23 19:54:04 ----D---- C:\Windows\system32\SMI
2009-10-23 19:54:04 ----D---- C:\Windows\system32\slmgr
2009-10-23 19:54:04 ----D---- C:\Windows\system32\RemInst
2009-10-23 19:54:04 ----D---- C:\Windows\system32\Printing_Admin_Scripts
2009-10-23 19:54:04 ----D---- C:\Windows\system32\oobe
2009-10-23 19:54:04 ----D---- C:\Windows\system32\MUI
2009-10-23 19:54:04 ----D---- C:\Windows\system32\migwiz
2009-10-23 19:54:04 ----D---- C:\Windows\system32\licensing
2009-10-23 19:54:04 ----D---- C:\Windows\system32\IME
2009-10-23 19:54:03 ----D---- C:\Windows\system32\DriverStore
2009-10-23 19:54:03 ----D---- C:\Windows\system32\com
2009-10-23 19:54:03 ----D---- C:\Windows\system32\Boot
2009-10-23 19:54:03 ----D---- C:\Windows\Speech
2009-10-23 19:54:03 ----D---- C:\Windows\schemas
2009-10-23 19:54:03 ----D---- C:\Windows\Resources
2009-10-23 19:54:03 ----D---- C:\Windows\Provisioning
2009-10-23 19:54:03 ----D---- C:\Windows\PolicyDefinitions
2009-10-23 19:54:03 ----D---- C:\Windows\PLA
2009-10-23 19:54:03 ----D---- C:\Windows\Performance
2009-10-23 19:54:03 ----D---- C:\Windows\MSAgent
2009-10-23 19:54:02 ----D---- C:\Windows\IME
2009-10-23 19:54:02 ----D---- C:\Windows\DigitalLocker
2009-10-23 19:54:02 ----D---- C:\Windows\Branding
2009-10-23 19:54:02 ----D---- C:\Program Files\Windows Sidebar
2009-10-23 19:54:02 ----D---- C:\Program Files\Windows Photo Gallery
2009-10-23 19:54:02 ----D---- C:\Program Files\Windows NT
2009-10-23 19:54:02 ----D---- C:\Program Files\Windows Journal
2009-10-23 19:54:02 ----D---- C:\Program Files\Windows Defender
2009-10-23 19:54:02 ----D---- C:\Program Files\Windows Collaboration
2009-10-23 19:54:02 ----D---- C:\Program Files\Windows Calendar
2009-10-23 19:54:02 ----D---- C:\Program Files\Reference Assemblies
2009-10-23 19:54:01 ----D---- C:\Program Files\Movie Maker
2009-10-23 19:54:01 ----D---- C:\Program Files\Microsoft Games
2009-10-23 19:54:01 ----D---- C:\Program Files\Common Files\System
2009-10-23 19:54:01 ----D---- C:\Program Files\Common Files\SpeechEngines

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6x.sys [2009-10-24 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-10-24 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-10-24 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-10-24 108552]
R1 MSFWHLPR;MSFWHLPR; C:\Windows\system32\DRIVERS\msfwhlpr.sys [2007-11-27 37440]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-06-26 5632]
R2 CSS DVP;Dynamic Virus Protection; C:\Windows\system32\DRIVERS\css-dvp.sys [2007-11-26 835792]
R2 MSFWDrv;MSFWDrv; C:\Windows\system32\DRIVERS\msfwdrv.sys [2007-11-27 91200]
R2 RPSKT;Security Services Driver (x86); C:\Windows\system32\DRIVERS\rp_skt32.sys [2009-05-09 53192]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-17 7379872]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
R3 RPPKT;Radialpoint Filter (x86); C:\Windows\system32\DRIVERS\rp_pkt32.sys [2007-04-19 48384]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104]
R3 SaiH8000;SaiH8000; C:\Windows\system32\DRIVERS\SaiH8000.sys [2008-04-04 136832]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S1 SASKUTIL;SASKUTIL; \??\F:\Software\SASKUTIL.sys []
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-06-19 79664]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-06-19 81200]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-06-19 16432]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 dvd43llh;dvd43llh; C:\Windows\System32\DRIVERS\dvd43llh.sys [2009-08-09 18816]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
S3 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2008-05-15 53168]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 Profos;Profos; \??\F:\Software\BullGuard\antirootkit\profos.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\Windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\Windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\Windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 Trufos;Trufos; \??\F:\Software\BullGuard\antirootkit\trufos.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 VX1000;VX-1000; C:\Windows\system32\DRIVERS\VX1000.sys [2009-06-26 1956096]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-10-24 297752]
R2 avgfws8;AVG8 Firewall; C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2009-10-24 1370488]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe [2006-12-19 280080]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-04-13 73728]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2009-07-24 139120]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-17 196608]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Radialpoint Security Services;Virgin Broadband PCguard; C:\Windows\system32\dllhost.exe [2006-11-02 7168]
R2 RP_FWS;PCguard Firewall; C:\Program Files\Virgin Broadband\PCguard\Fws.exe [2007-09-05 293104]
R2 RPSUpdaterR;Virgin Broadband PCguard Update Service; C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe [2009-05-09 99056]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 dvpapi;DvpApi; C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe []
S2 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-11-02 1179232]
S2 msfwsvc;@C:\Program Files\Microsoft Windows OneCare Live\Firewall\\MSFWSVCResource.dll,-10000; C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe [2007-11-27 869952]
S2 OcHealthMon;Windows Live OneCare Health Monitor; C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe [2009-07-09 26104]
S2 OneCareMP;OneCare AntiSpyware and AntiVirus; C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe [2008-07-09 18704]
S2 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S2 SBSDWSCService;SBSD Security Center Service; G:\Software\Spybot - Search & Destroy\SDWinSec.exe []
S2 winss;Windows Live OneCare; C:\Program Files\Microsoft Windows OneCare Live\winss.exe [2009-07-09 1139536]
S3 getPlusHelper;@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]

-----------------EOF--------------
molly_malone
Regular Member
 
Posts: 21
Joined: October 28th, 2009, 12:37 pm
Location: England

Re: PC infected, please help...

Unread postby molly_malone » November 3rd, 2009, 2:30 pm

info.txt:

nfo.txt logfile of random's system information tool 1.06 2009-11-03 18:20:43

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA}
Ad-Aware-->"C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
Adobe Download Manager-->"C:\Windows\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Apple Application Support-->MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Authentium AntiVirus SDK - 2-->MsiExec.exe /I{C70EF769-8296-4ED0-966F-D624BC6D4927}
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BELKIN Bluetooth Software 6.0.1.4400-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
CoffeeCup Free HTML Editor-->D:\PROGRA~1\COFFEE~1\COFFEE~1\UNWISE.EXE D:\PROGRA~1\COFFEE~1\COFFEE~1\INSTALL.LOG
DHTML Editing Component-->MsiExec.exe /I{2EA870FA-585F-4187-903D-CB9FFD21E2E0}
DVD Shrink 3.2-->"D:\Software\DVD Shrink\unins000.exe"
DVD43 v4.3.1-->"C:\Program Files\dvd43\unins000.exe"
EVEREST Home Edition v1.51-->"D:\EVEREST Home Edition\unins000.exe"
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
GTOneCare-->MsiExec.exe /X{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart.All-In-One Driver Software 8.0 .A-->C:\Program Files\HP\Digital Imaging\{282E5AB2-8E47-4571-B6FA-6B512555B557}\setup\hpzscr01.exe -datfile hposcr18.dat -onestop -showdisconnect -forcereboot
HP Print Diagnostic Utility-->MsiExec.exe /I{5E06C076-E4E7-4239-A886-B3D8AC84C166}
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{25771101-7948-4591-ABF3-B1ECE7A7F45F}
HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
LightScribe Applications-->MsiExec.exe /X{88A4002B-BDBA-49A2-927C-D81E8DF32B1B}
LightScribe System Software-->MsiExec.exe /X{2EC502F7-CBB0-44F8-8F5D-C9A6FC1E5A2A}
Malwarebytes' Anti-Malware-->"D:\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Corporation-->MsiExec.exe /I{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}
Microsoft LifeCam-->MsiExec.exe /X{36C97B5B-5593-45B8-B50E-DAD87036BD9D}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Protection Service-->MsiExec.exe /I{F3B58D4E-7324-44E4-A6B3-65D2DB8D1FE9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Live OneCare Resources v2.5.2900.28-->MsiExec.exe /I{5660022E-F3F2-4126-8CC5-9726C47150EB}
Mozilla Firefox (3.5.4)-->D:\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7 Premium-->MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
PPSDKRedistributables-->MsiExec.exe /I{C869F4FF-E5FF-4FBB-9A31-33C23605E170}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Radialpoint Security Services-->MsiExec.exe /X{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF}
RPS Ad Blocker-->MsiExec.exe /I{6EA0ABC4-172B-48D4-AF26-93322D7FDE72}
RPS AntiFraud-->MsiExec.exe /I{C831972C-3834-4D9D-A095-8350B324AC3C}
RPS AntiSpyware-->MsiExec.exe /I{EE1D5780-AF29-4DC4-A107-3FD5F79AC63A}
RPS AntiVirus-->MsiExec.exe /I{05BCCF27-DC23-4ED9-87A2-F8D5B244B4C4}
RPS App Detector-->MsiExec.exe /I{3C441434-737C-4D54-8EAB-B409BE54E734}
RPS AsRealtime-->MsiExec.exe /I{D8AEA1D1-78FE-4CE1-9405-D7E55E797C4D}
RPS Backup-->MsiExec.exe /I{B5C0FD16-3A5D-40D5-8B59-4B43279BB5D0}
RPS Burn-->MsiExec.exe /I{A542D695-16D3-4F89-A6F1-091F009B8ABA}
RPS Diagnostic Utility-->MsiExec.exe /I{3A836186-46F8-4388-9830-820E35C02992}
RPS Firewall-->MsiExec.exe /I{ECBDDBD7-43CC-417C-B87A-943AFED8EB57}
RPS ParentalControl-->MsiExec.exe /I{53C32728-D434-4143-9C9D-D73D68D00893}
RPS Performance Tool-->MsiExec.exe /I{DD1C392B-226D-42C9-B8E6-2A9BEF7583B4}
RPS PopupBlocker-->MsiExec.exe /I{324D4909-7A7B-45CD-B199-E975DC108249}
RPS Privacy Manager-->MsiExec.exe /I{FD2EC356-DB5E-40AE-907A-9A1D38F9396D}
RPS RpsCore-->MsiExec.exe /I{AFE0D559-DAC2-4DF0-B432-4CBA15769AA9}
RPS Security Cleanup-->MsiExec.exe /I{5E7EBB6D-F44B-4D8B-9C52-F0F9173FD166}
RPS Zip-->MsiExec.exe /I{3AFF4279-A590-4010-8C8A-3B096A220CFC}
Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0009 -removeonly
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Spybot - Search & Destroy-->"D:\Spybot - Search & Destroy\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Virgin Broadband advisor 1.5.24-->"C:\Program Files\Virgin Broadband\advisor\unins000.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Movie Maker 2.6-->MsiExec.exe /X{B3DAF54F-DB25-4586-9EF1-96D24BB14088}

=====HijackThis Backups=====

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll [2009-10-25]
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2009-10-25]
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) [2009-10-25]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local [2009-10-25]
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [2009-10-25]
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe [2009-10-25]
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-10-26]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) [2009-10-26]
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) [2009-10-26]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Freedom
AV: Windows Live OneCare
FW: Freedom
FW: Windows Live OneCare Firewall
AS: Spybot - Search and Destroy
AS: Windows Defender
AS: SUPERAntiSpyware (disabled)
AS: Windows Live OneCare
AS: Freedom

======System event log======

Computer Name: Am-PC
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.
Record Number: 44869
Source Name: Service Control Manager
Time Written: 20090615211434.000000-000
Event Type: Error
User:

Computer Name: Am-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 44797
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090615211257.847484-000
Event Type: Error
User:

Computer Name: Am-PC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
SASKUTIL
Record Number: 44711
Source Name: Service Control Manager
Time Written: 20090615164351.000000-000
Event Type: Error
User:

Computer Name: Am-PC
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.
Record Number: 44710
Source Name: Service Control Manager
Time Written: 20090615164351.000000-000
Event Type: Error
User:

Computer Name: Am-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 44640
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090615164215.391270-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Am-PC
Event Code: 10010
Message: Application 'C:\Program Files\Common Files\Symantec Shared\ccApp.exe' (pid 576) cannot be restarted - Application SID does not match Conductor SID..
Record Number: 214
Source Name: Microsoft-Windows-RestartManager
Time Written: 20090410114826.804525-000
Event Type: Warning
User: Am-PC\Am

Computer Name: Am-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2288853121-1104657220-1213784097-1000:
Process 552 (\Device\HarddiskVolume1\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-2288853121-1104657220-1213784097-1000

Record Number: 101
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090410111148.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Am-PC
Event Code: 3086
Message: The system locale has changed. Existing data will be deleted and the index must be recreated.

Context: Windows Application, SystemIndex Catalog

Record Number: 51
Source Name: Microsoft-Windows-Search
Time Written: 20090410110106.000000-000
Event Type: Warning
User:

Computer Name: Am-PC
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.

Record Number: 26
Source Name: Microsoft-Windows-Search
Time Written: 20090410105455.000000-000
Event Type: Warning
User:

Computer Name: 26L2233B2-11
Event Code: 1036
Message: InitializePrintProvider failed for provider inetpp.dll. This can occur because of system instability or a lack of system resources.
Record Number: 13
Source Name: Microsoft-Windows-SpoolerSpoolss
Time Written: 20090411024709.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: 26L2233B2-11
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: 26L2233B2-11$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x204
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090411024434.453125-000
Event Type: Audit Success
User:

Computer Name: 26L2233B2-11
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements: 0
Policy ID: 0x594d8
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090411024426.718750-000
Event Type: Audit Success
User:

Computer Name: 26L2233B2-11
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 0

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090411024424.906250-000
Event Type: Audit Success
User:

Computer Name: 26L2233B2-11
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090411024424.906250-000
Event Type: Audit Success
User:

Computer Name: 26L2233B2-11
Event Code: 4647
Message: User initiated logoff:

Subject:
Security ID: S-1-5-21-2152478756-3922319563-605102323-500
Account Name: Administrator
Account Domain: 26L2233B2-11
Logon ID: 0x8496a

This event is generated when a logoff is initiated but the token reference count is not zero and the logon session cannot be destroyed. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20061102130954.400000-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CA\PPRT\bin;G:\Software;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0409
"NUMBER_OF_PROCESSORS"=1
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Thanks
molly_malone
Regular Member
 
Posts: 21
Joined: October 28th, 2009, 12:37 pm
Location: England

Re: PC infected, please help...

Unread postby Dakeyras » November 3rd, 2009, 5:55 pm

Hi. :)

Nice to meet you.

Thanks a bunch for helping me out, i really do appreciate it.
Likewise and you are very welcome!

I feel such a fool that i didn't realise straight away that there was something more sinister going on.
Dont worry about it, first things first we will get your machine more stable.

I can however, say that it looked something like this : [DOS Smurf attack:IP: (192.168.1.X)] to MAC address 00:XX:XX:XX:XX:XX, Monday, Nov 02,2009 21:38:34
I have checked my router status daily and i haven't come across it since. What does it mean?
Basically it pertains to what is known as a denial of service attack against a specific IP(internet protocol) address, usually these types of attacks are aimed at specific servers/websites rather that a individual home computer. The lowlifes who do such constantly ping a IP to the point the server is overloaded and the site go's offline due to the overload and or becomes compromised and sometimes used unwittingly as a zombie computer to further infect others............Though not completely rare for a individual to be targeted, I suspect in your case it was a random occurrence and your Router Firewall(NAT) did its job.

As a precaution though I do advise you reset the Router and apply a new Admin' password.

Next:

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete this folder (if present):

C:\rsit

Microsoft OneCare Uninstall Cleanup Tool:

Click here to download the MS OneCare Removal tool, save it to your Desktop.

  • Right click on OneCareCleanUp.exe and select Run as Administrator.
  • Follow the prompts and reboot your machine if prompted to do so.
  • Then delete OneCareCleanUp.exe from your desktop.

Norton/Symantec RT:

Please download the Norton Removal Tool and Save it to your Desktop.

  • Close all programs and right click the Norton_Removal_Tool.exe and select Run as Administrator.
  • Follow the on-screen instructions.
  • Restart the computer if asked.
  • Then delete Norton_Removal_Tool.exe from your desktop.

Next:

Now please go to Start >> Control Panel >> Programs and Features and remove the following (if present):

Ad-Aware
Choice Guard
Spybot - Search & Destroy
Radialpoint Security Services


To do so click once on each of the below and click on Uninstall/Change and follow the prompts.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

TFC(Temp File Cleaner):

No need to right click and run in Admin' mode it does this automatically.

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

Next:

Make sure that RSIT.exe is on the your Desktop before running the application!

  • Right click on RSIT.exe and select Run as Administrator to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • A new set of RSIT logs. <-- Post them individually please, IE: one Log per post/reply.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: PC infected, please help...

Unread postby molly_malone » November 4th, 2009, 4:43 pm

Hi,

Thanks for your speedy response.

I now think i understand the 'DOS Smurf attack', thanks for your explanation of that by the way :)

[Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete this folder (if present):

C:\rsit

/quote]

All done! found the file, no problem.

Microsoft OneCare Uninstall Cleanup Tool:

Click here to download the MS OneCare Removal tool, save it to your Desktop.


Again, all done, no problems.

Now please go to Start >> Control Panel >> Programs and Features and remove the following (if present):

Ad-Aware
Choice Guard
Spybot - Search & Destroy
Radialpoint Security Services


Managed to delete Ad-Adware & Spybot, but couldn't find the other files ?? possibly already removed?

[quote]TFC(Temp File Cleaner):

Ran the software, no problem. Re-booted, as requested.

I've rang the RSIT as requested, reports to follow.

Thanks again for all your help. i really do appreciate it!

Molly
molly_malone
Regular Member
 
Posts: 21
Joined: October 28th, 2009, 12:37 pm
Location: England

Re: PC infected, please help...

Unread postby molly_malone » November 4th, 2009, 4:47 pm

log.txt report:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Am at 2009-11-04 20:26:45
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 97 GB (64%) free of 153 GB
Total RAM: 3071 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:26:55, on 04/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\vVX1000.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
D:\itunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Am\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Am.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\itunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Extermin ... iVirus.dll
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - http://h20264.www2.hp.com/ediags/dd/ins ... sVista.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Unknown owner - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe

--
End of file - 6359 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{D8BF1B68-5BE8-4A48-850B-39E17F070BA5}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-09-02 1107200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"VX1000"=C:\Windows\vVX1000.exe [2009-06-26 757248]
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2009-07-24 118640]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-11-03 2028312]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=D:\itunes\iTunesHelper.exe [2009-10-28 141600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\-FreedomNeedsReboot]
C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe [2007-09-05 13552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2008-09-17 92704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UniblueRegistryBooster]
D:\RegistryBooster 2010\launcher.exe delay 20000 []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-11-04 20:22:21 ----DC---- C:\rsit
2009-11-04 18:55:10 ----DC---- C:\WINSSLog
2009-11-03 20:44:30 ----DC---- C:\Program Files\Windows Portable Devices
2009-11-03 20:43:13 ----A---- C:\Windows\system32\UIAnimation.dll
2009-11-03 20:43:12 ----A---- C:\Windows\system32\UIRibbonRes.dll
2009-11-03 20:43:12 ----A---- C:\Windows\system32\UIRibbon.dll
2009-11-03 20:42:34 ----A---- C:\Windows\system32\WMPhoto.dll
2009-11-03 20:42:34 ----A---- C:\Windows\system32\cdd.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\xpsservices.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\XpsRasterService.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\XpsPrint.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-11-03 20:42:33 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\OpcServices.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\FntCache.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\dxdiagn.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\dxdiag.exe
2009-11-03 20:42:33 ----A---- C:\Windows\system32\DWrite.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\d3d10warp.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\d3d10level9.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\d3d10core.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\d3d10_1core.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\d2d1.dll
2009-11-03 20:42:32 ----A---- C:\Windows\system32\dxgi.dll
2009-11-03 20:42:32 ----A---- C:\Windows\system32\d3d11.dll
2009-11-03 20:42:32 ----A---- C:\Windows\system32\d3d10_1.dll
2009-11-03 20:42:32 ----A---- C:\Windows\system32\d3d10.dll
2009-11-03 20:42:03 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2009-11-03 20:42:02 ----A---- C:\Windows\system32\wpdbusenum.dll
2009-11-03 20:42:02 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2009-11-03 20:41:46 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2009-11-03 20:41:45 ----A---- C:\Windows\system32\WPDSp.dll
2009-11-03 20:41:45 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2009-11-03 20:41:45 ----A---- C:\Windows\system32\wpdshext.dll
2009-11-03 20:41:45 ----A---- C:\Windows\system32\WpdMtpUS.dll
2009-11-03 20:41:45 ----A---- C:\Windows\system32\WpdMtp.dll
2009-11-03 20:41:45 ----A---- C:\Windows\system32\WpdConns.dll
2009-11-03 20:41:45 ----A---- C:\Windows\system32\wpd_ci.dll
2009-11-03 20:41:45 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2009-11-03 20:41:45 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-11-03 20:41:45 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-11-03 20:41:45 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-11-03 20:40:37 ----A---- C:\Windows\system32\UIAutomationCore.dll
2009-11-03 20:40:37 ----A---- C:\Windows\system32\oleaccrc.dll
2009-11-03 20:40:37 ----A---- C:\Windows\system32\oleacc.dll
2009-11-03 20:40:16 ----A---- C:\Windows\system32\mshtml.dll
2009-11-02 21:32:37 ----D---- C:\ProgramData\Lavasoft
2009-11-02 18:43:52 ----A---- C:\Windows\ntbtlog.txt
2009-11-02 17:40:52 ----D---- C:\Users\Am\AppData\Roaming\Mozilla
2009-11-02 12:23:04 ----D---- C:\Users\Am\AppData\Roaming\Uniblue
2009-10-30 22:02:26 ----A---- C:\Windows\system32\wups2.dll
2009-10-30 22:02:25 ----A---- C:\Windows\system32\wucltux.dll
2009-10-30 22:02:25 ----A---- C:\Windows\system32\wuaueng.dll
2009-10-30 22:02:25 ----A---- C:\Windows\system32\wuauclt.exe
2009-10-30 22:01:56 ----A---- C:\Windows\system32\wups.dll
2009-10-30 22:01:56 ----A---- C:\Windows\system32\wudriver.dll
2009-10-30 22:01:56 ----A---- C:\Windows\system32\wuapi.dll
2009-10-30 22:01:41 ----A---- C:\Windows\system32\wuwebv.dll
2009-10-30 22:01:41 ----A---- C:\Windows\system32\wuapp.exe
2009-10-29 20:18:35 ----A---- C:\Windows\system32\GEARAspi.dll
2009-10-29 20:17:41 ----DC---- C:\Program Files\iPod
2009-10-29 20:17:26 ----D---- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-29 20:09:44 ----DC---- C:\Program Files\QuickTime
2009-10-28 21:18:04 ----D---- C:\Users\Am\AppData\Roaming\WinPatrol
2009-10-28 20:51:08 ----D---- C:\Users\Am\AppData\Roaming\InstallShield
2009-10-28 15:54:07 ----A---- C:\Windows\system32\wmp.dll
2009-10-28 15:53:53 ----A---- C:\Windows\system32\unregmp2.exe
2009-10-28 15:53:50 ----A---- C:\Windows\system32\wmploc.DLL
2009-10-26 21:18:41 ----D---- C:\ProgramData\PCPitstop
2009-10-26 21:16:30 ----D---- C:\Users\Am\AppData\Roaming\Registry Mechanic
2009-10-26 21:15:39 ----D---- C:\Users\Am\AppData\Roaming\TrojanHunter
2009-10-26 19:18:22 ----R---- C:\Windows\system32\streamhlp.dll
2009-10-26 19:13:29 ----AD---- C:\ProgramData\TEMP
2009-10-26 19:12:54 ----D---- C:\Program Files\Common Files\PC Tools
2009-10-26 19:10:20 ----HDC---- C:\$AVG8.VAULT$
2009-10-25 22:53:56 ----D---- C:\Users\Am\AppData\Roaming\Yahoo!
2009-10-25 19:41:15 ----DC---- C:\Program Files\Trend Micro
2009-10-24 21:53:01 ----D---- C:\Windows\system32\Adobe
2009-10-24 21:52:20 ----DC---- C:\Program Files\NOS
2009-10-24 20:18:20 ----A---- C:\Windows\system32\avgrsstx.dll
2009-10-24 20:16:04 ----DC---- C:\Program Files\AVG
2009-10-24 20:16:02 ----D---- C:\ProgramData\avg8
2009-10-23 20:30:16 ----D---- C:\Program Files\Common Files\Authentium
2009-10-23 20:27:50 ----A---- C:\Windows\system32\javaws.exe
2009-10-23 20:27:50 ----A---- C:\Windows\system32\javaw.exe
2009-10-23 20:27:50 ----A---- C:\Windows\system32\java.exe
2009-10-23 20:27:24 ----A---- C:\Windows\system32\jscript.dll
2009-10-23 20:27:10 ----A---- C:\Windows\system32\netiohlp.dll
2009-10-23 20:27:08 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-10-23 20:27:08 ----A---- C:\Windows\system32\ROUTE.EXE
2009-10-23 20:27:08 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-10-23 20:27:08 ----A---- C:\Windows\system32\MRINFO.EXE
2009-10-23 20:27:08 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-10-23 20:27:08 ----A---- C:\Windows\system32\finger.exe
2009-10-23 20:27:08 ----A---- C:\Windows\system32\ARP.EXE
2009-10-23 20:27:07 ----A---- C:\Windows\system32\netevent.dll
2009-10-23 20:26:22 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-10-23 20:26:20 ----A---- C:\Windows\system32\mf.dll
2009-10-23 20:26:10 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-10-23 20:26:10 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-10-23 20:25:44 ----A---- C:\Windows\system32\wlansec.dll
2009-10-23 20:25:44 ----A---- C:\Windows\system32\wlanmsm.dll
2009-10-23 20:25:44 ----A---- C:\Windows\system32\L2SecHC.dll
2009-10-23 20:25:43 ----A---- C:\Windows\system32\wlanapi.dll
2009-10-23 20:25:42 ----A---- C:\Windows\system32\wlansvc.dll
2009-10-23 20:25:33 ----A---- C:\Windows\system32\msv1_0.dll
2009-10-23 20:25:19 ----A---- C:\Windows\system32\ieframe.dll
2009-10-23 20:25:17 ----A---- C:\Windows\system32\wininet.dll
2009-10-23 20:25:17 ----A---- C:\Windows\system32\urlmon.dll
2009-10-23 20:25:17 ----A---- C:\Windows\system32\iertutil.dll
2009-10-23 20:25:16 ----A---- C:\Windows\system32\occache.dll
2009-10-23 20:25:16 ----A---- C:\Windows\system32\msfeeds.dll
2009-10-23 20:25:16 ----A---- C:\Windows\system32\iedkcs32.dll
2009-10-23 20:25:15 ----A---- C:\Windows\system32\msfeedssync.exe
2009-10-23 20:25:15 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-10-23 20:25:15 ----A---- C:\Windows\system32\jsproxy.dll
2009-10-23 20:25:15 ----A---- C:\Windows\system32\ieUnatt.exe
2009-10-23 20:25:15 ----A---- C:\Windows\system32\ieui.dll
2009-10-23 20:25:15 ----A---- C:\Windows\system32\iesysprep.dll
2009-10-23 20:25:15 ----A---- C:\Windows\system32\iesetup.dll
2009-10-23 20:25:15 ----A---- C:\Windows\system32\iernonce.dll
2009-10-23 20:25:15 ----A---- C:\Windows\system32\iepeers.dll
2009-10-23 20:25:15 ----A---- C:\Windows\system32\ie4uinit.exe
2009-10-23 20:24:54 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-10-23 20:24:53 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-10-23 20:23:50 ----D---- C:\Users\Am\AppData\Roaming\SoftwareDetectionScripts
2009-10-23 20:22:04 ----A---- C:\Windows\system32\msasn1.dll
2009-10-23 20:17:11 ----N---- C:\Windows\system32\MpSigStub.exe
2009-10-23 20:13:39 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2009-10-22 20:15:44 ----DC---- C:\Program Files\Microsoft Office

======List of files/folders modified in the last 1 months======

2009-11-04 20:26:54 ----D---- C:\Windows\Temp
2009-11-04 20:22:54 ----D---- C:\Windows\System32
2009-11-04 20:22:54 ----D---- C:\Windows\inf
2009-11-04 20:22:54 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-11-04 20:16:13 ----D---- C:\Windows\registration
2009-11-04 20:13:59 ----D---- C:\Windows\Prefetch
2009-11-04 20:07:37 ----HD---- C:\ProgramData
2009-11-04 20:04:01 ----RDC---- C:\Program Files
2009-11-04 20:02:43 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-04 20:02:33 ----SHD---- C:\Windows\Installer
2009-11-04 20:02:28 ----SHD---- C:\System Volume Information
2009-11-04 20:00:25 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-11-04 19:58:56 ----DC---- C:\Windows\system32\DRVSTORE
2009-11-04 19:58:56 ----D---- C:\Windows\system32\drivers
2009-11-04 19:44:31 ----D---- C:\Windows\system32\Tasks
2009-11-04 18:56:36 ----SD---- C:\Windows\Downloaded Program Files
2009-11-04 18:56:36 ----SD---- C:\ProgramData\Microsoft
2009-11-04 18:56:05 ----D---- C:\Windows\system32\catroot
2009-11-04 18:56:05 ----D---- C:\Program Files\Common Files
2009-11-04 18:48:43 ----D---- C:\Windows\rescache
2009-11-03 20:44:45 ----D---- C:\Windows
2009-11-03 20:44:34 ----D---- C:\Windows\system32\en-US
2009-11-03 20:44:30 ----D---- C:\Windows\system32\wbem
2009-11-03 20:44:25 ----D---- C:\Windows\system32\pt-PT
2009-11-03 20:44:25 ----D---- C:\Windows\system32\pt-BR
2009-11-03 20:44:25 ----D---- C:\Windows\system32\pl-PL
2009-11-03 20:44:25 ----D---- C:\Windows\system32\it-IT
2009-11-03 20:44:25 ----D---- C:\Windows\system32\he-IL
2009-11-03 20:44:25 ----D---- C:\Windows\system32\bg-BG
2009-11-03 20:44:24 ----D---- C:\Windows\system32\zh-HK
2009-11-03 20:44:24 ----D---- C:\Windows\system32\uk-UA
2009-11-03 20:44:24 ----D---- C:\Windows\system32\sl-SI
2009-11-03 20:44:24 ----D---- C:\Windows\system32\nl-NL
2009-11-03 20:44:24 ----D---- C:\Windows\system32\ko-KR
2009-11-03 20:44:24 ----D---- C:\Windows\system32\hu-HU
2009-11-03 20:44:24 ----D---- C:\Windows\system32\hr-HR
2009-11-03 20:44:24 ----D---- C:\Windows\system32\fr-FR
2009-11-03 20:44:24 ----D---- C:\Windows\system32\el-GR
2009-11-03 20:44:23 ----D---- C:\Windows\system32\zh-TW
2009-11-03 20:44:23 ----D---- C:\Windows\system32\zh-CN
2009-11-03 20:44:23 ----D---- C:\Windows\system32\tr-TR
2009-11-03 20:44:23 ----D---- C:\Windows\system32\th-TH
2009-11-03 20:44:23 ----D---- C:\Windows\system32\sv-SE
2009-11-03 20:44:23 ----D---- C:\Windows\system32\sr-Latn-CS
2009-11-03 20:44:23 ----D---- C:\Windows\system32\sk-SK
2009-11-03 20:44:23 ----D---- C:\Windows\system32\ru-RU
2009-11-03 20:44:23 ----D---- C:\Windows\system32\ro-RO
2009-11-03 20:44:23 ----D---- C:\Windows\system32\lv-LV
2009-11-03 20:44:23 ----D---- C:\Windows\system32\lt-LT
2009-11-03 20:44:23 ----D---- C:\Windows\system32\ja-JP
2009-11-03 20:44:23 ----D---- C:\Windows\system32\fi-FI
2009-11-03 20:44:23 ----D---- C:\Windows\system32\et-EE
2009-11-03 20:44:23 ----D---- C:\Windows\system32\es-ES
2009-11-03 20:44:23 ----D---- C:\Windows\system32\de-DE
2009-11-03 20:44:23 ----D---- C:\Windows\system32\cs-CZ
2009-11-03 20:44:23 ----D---- C:\Windows\system32\ar-SA
2009-11-03 20:44:22 ----D---- C:\Windows\system32\nb-NO
2009-11-03 20:44:22 ----D---- C:\Windows\system32\da-DK
2009-11-03 20:43:37 ----D---- C:\Windows\winsxs
2009-11-03 20:42:24 ----D---- C:\Windows\system32\catroot2
2009-11-02 21:54:45 ----D---- C:\Program Files\Windows Live Safety Center
2009-11-02 18:44:53 ----A---- C:\Windows\NeroDigital.ini
2009-11-02 18:44:14 ----D---- C:\Windows\Debug
2009-11-02 12:42:49 ----D---- C:\Windows\system32\LogFiles
2009-11-02 12:31:06 ----D---- C:\Program Files\CCleaner
2009-10-29 20:34:42 ----D---- C:\Users\Am\AppData\Roaming\Apple Computer
2009-10-29 20:17:39 ----D---- C:\Program Files\Common Files\Apple
2009-10-29 19:47:09 ----D---- C:\Program Files\Internet Explorer
2009-10-29 19:47:08 ----D---- C:\Program Files\Windows Media Player
2009-10-24 20:15:31 ----D---- C:\Program Files\Common Files\microsoft shared
2009-10-24 20:14:36 ----SD---- C:\Users\Am\AppData\Roaming\Microsoft
2009-10-23 21:49:57 ----D---- C:\Windows\ehome
2009-10-23 21:49:57 ----D---- C:\Program Files\Windows Mail
2009-10-23 21:49:56 ----D---- C:\Windows\system32\migration
2009-10-23 21:49:54 ----D---- C:\Windows\AppPatch
2009-10-23 20:27:42 ----D---- C:\Program Files\Java
2009-10-23 20:09:58 ----D---- C:\Program Files\Microsoft Silverlight
2009-10-23 20:00:18 ----RSD---- C:\Windows\Fonts
2009-10-23 19:58:43 ----D---- C:\Windows\system32\config
2009-10-23 19:56:17 ----D---- C:\Windows\Tasks
2009-10-23 19:56:17 ----D---- C:\Windows\system32\spool
2009-10-23 19:56:17 ----D---- C:\Windows\system32\restore
2009-10-23 19:56:16 ----D---- C:\Windows\system32\Msdtc
2009-10-23 19:56:15 ----D---- C:\Windows\system32\CodeIntegrity
2009-10-23 19:56:07 ----RSD---- C:\Windows\assembly
2009-10-23 19:56:07 ----RD---- C:\Users
2009-10-23 19:56:01 ----DC---- C:\Program Files\Movie Maker 2.6
2009-10-23 19:56:01 ----D---- C:\ProgramData\HP Product Assistant
2009-10-23 19:56:00 ----DC---- C:\Program Files\Microsoft LifeCam
2009-10-23 19:55:59 ----DC---- C:\Program Files\CA
2009-10-23 19:55:59 ----DC---- C:\Program Files\Apple Software Update
2009-10-23 19:55:59 ----D---- C:\Program Files\Common Files\Scanner
2009-10-23 19:55:59 ----D---- C:\Program Files\Common Files\LightScribe
2009-10-23 19:55:59 ----D---- C:\Program Files\Bonjour
2009-10-23 19:54:07 ----D---- C:\Windows\Help
2009-10-23 19:54:07 ----D---- C:\Windows\Boot
2009-10-23 19:54:06 ----D---- C:\Program Files\Foxit Software
2009-10-23 19:54:06 ----D---- C:\Program Files\Common Files\Ahead
2009-10-23 19:54:05 ----DC---- C:\Program Files\LightScribe
2009-10-23 19:54:05 ----D---- C:\Windows\servicing
2009-10-23 19:54:05 ----D---- C:\ProgramData\Apple
2009-10-23 19:54:05 ----D---- C:\Program Files\Common Files\HP
2009-10-23 19:54:04 ----D---- C:\Windows\WindowsMobile
2009-10-23 19:54:04 ----D---- C:\Windows\Web
2009-10-23 19:54:04 ----D---- C:\Windows\system32\XPSViewer
2009-10-23 19:54:04 ----D---- C:\Windows\system32\winrm
2009-10-23 19:54:04 ----D---- C:\Windows\system32\WCN
2009-10-23 19:54:04 ----D---- C:\Windows\system32\sysprep
2009-10-23 19:54:04 ----D---- C:\Windows\system32\Speech
2009-10-23 19:54:04 ----D---- C:\Windows\system32\SMI
2009-10-23 19:54:04 ----D---- C:\Windows\system32\slmgr
2009-10-23 19:54:04 ----D---- C:\Windows\system32\RemInst
2009-10-23 19:54:04 ----D---- C:\Windows\system32\Printing_Admin_Scripts
2009-10-23 19:54:04 ----D---- C:\Windows\system32\oobe
2009-10-23 19:54:04 ----D---- C:\Windows\system32\MUI
2009-10-23 19:54:04 ----D---- C:\Windows\system32\migwiz
2009-10-23 19:54:04 ----D---- C:\Windows\system32\licensing
2009-10-23 19:54:04 ----D---- C:\Windows\system32\IME
2009-10-23 19:54:03 ----D---- C:\Windows\system32\DriverStore
2009-10-23 19:54:03 ----D---- C:\Windows\system32\com
2009-10-23 19:54:03 ----D---- C:\Windows\system32\Boot
2009-10-23 19:54:03 ----D---- C:\Windows\Speech
2009-10-23 19:54:03 ----D---- C:\Windows\schemas
2009-10-23 19:54:03 ----D---- C:\Windows\Resources
2009-10-23 19:54:03 ----D---- C:\Windows\Provisioning
2009-10-23 19:54:03 ----D---- C:\Windows\PolicyDefinitions
2009-10-23 19:54:03 ----D---- C:\Windows\PLA
2009-10-23 19:54:03 ----D---- C:\Windows\Performance
2009-10-23 19:54:03 ----D---- C:\Windows\MSAgent
2009-10-23 19:54:02 ----D---- C:\Windows\IME
2009-10-23 19:54:02 ----D---- C:\Windows\DigitalLocker
2009-10-23 19:54:02 ----D---- C:\Windows\Branding
2009-10-23 19:54:02 ----D---- C:\Program Files\Windows Sidebar
2009-10-23 19:54:02 ----D---- C:\Program Files\Windows Photo Gallery
2009-10-23 19:54:02 ----D---- C:\Program Files\Windows NT
2009-10-23 19:54:02 ----D---- C:\Program Files\Windows Journal
2009-10-23 19:54:02 ----D---- C:\Program Files\Windows Defender
2009-10-23 19:54:02 ----D---- C:\Program Files\Windows Collaboration
2009-10-23 19:54:02 ----D---- C:\Program Files\Windows Calendar
2009-10-23 19:54:02 ----D---- C:\Program Files\Reference Assemblies
2009-10-23 19:54:01 ----D---- C:\Program Files\Movie Maker
2009-10-23 19:54:01 ----D---- C:\Program Files\Microsoft Games
2009-10-23 19:54:01 ----D---- C:\Program Files\Common Files\System
2009-10-23 19:54:01 ----D---- C:\Program Files\Common Files\SpeechEngines

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6x.sys [2009-10-24 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-10-24 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-10-24 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-10-24 108552]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-06-26 5632]
R2 CSS DVP;Dynamic Virus Protection; C:\Windows\system32\DRIVERS\css-dvp.sys [2007-11-26 835792]
R2 RPSKT;Security Services Driver (x86); C:\Windows\system32\DRIVERS\rp_skt32.sys [2009-05-09 53192]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-17 7379872]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
R3 RPPKT;Radialpoint Filter (x86); C:\Windows\system32\DRIVERS\rp_pkt32.sys [2007-04-19 48384]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104]
R3 SaiH8000;SaiH8000; C:\Windows\system32\DRIVERS\SaiH8000.sys [2008-04-04 136832]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S1 SASKUTIL;SASKUTIL; \??\F:\Software\SASKUTIL.sys []
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-06-19 79664]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-06-19 81200]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-06-19 16432]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 dvd43llh;dvd43llh; C:\Windows\System32\DRIVERS\dvd43llh.sys [2009-08-09 18816]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 Profos;Profos; \??\F:\Software\BullGuard\antirootkit\profos.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\Windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\Windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\Windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 Trufos;Trufos; \??\F:\Software\BullGuard\antirootkit\trufos.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 VX1000;VX-1000; C:\Windows\system32\DRIVERS\VX1000.sys [2009-06-26 1956096]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-10-24 297752]
R2 avgfws8;AVG8 Firewall; C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2009-10-24 1370488]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe [2006-12-19 280080]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-04-13 73728]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2009-07-24 139120]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-17 196608]
R2 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Radialpoint Security Services;Virgin Broadband PCguard; C:\Windows\system32\dllhost.exe [2006-11-02 7168]
R2 RP_FWS;PCguard Firewall; C:\Program Files\Virgin Broadband\PCguard\Fws.exe [2007-09-05 293104]
R2 RPSUpdaterR;Virgin Broadband PCguard Update Service; C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe [2009-05-09 99056]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S2 dvpapi;DvpApi; C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe []
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 getPlusHelper;@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]

-----------------EOF-----------------
molly_malone
Regular Member
 
Posts: 21
Joined: October 28th, 2009, 12:37 pm
Location: England

Re: PC infected, please help...

Unread postby molly_malone » November 4th, 2009, 4:54 pm

info.txt report:

info.txt logfile of random's system information tool 1.06 2009-11-04 20:49:24

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA}
Adobe Download Manager-->"C:\Windows\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Apple Application Support-->MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Authentium AntiVirus SDK - 2-->MsiExec.exe /I{C70EF769-8296-4ED0-966F-D624BC6D4927}
AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BELKIN Bluetooth Software 6.0.1.4400-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
CoffeeCup Free HTML Editor-->D:\PROGRA~1\COFFEE~1\COFFEE~1\UNWISE.EXE D:\PROGRA~1\COFFEE~1\COFFEE~1\INSTALL.LOG
DHTML Editing Component-->MsiExec.exe /I{2EA870FA-585F-4187-903D-CB9FFD21E2E0}
DVD Shrink 3.2-->"D:\Software\DVD Shrink\unins000.exe"
DVD43 v4.3.1-->"C:\Program Files\dvd43\unins000.exe"
EVEREST Home Edition v1.51-->"D:\EVEREST Home Edition\unins000.exe"
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart.All-In-One Driver Software 8.0 .A-->C:\Program Files\HP\Digital Imaging\{282E5AB2-8E47-4571-B6FA-6B512555B557}\setup\hpzscr01.exe -datfile hposcr18.dat -onestop -showdisconnect -forcereboot
HP Print Diagnostic Utility-->MsiExec.exe /I{5E06C076-E4E7-4239-A886-B3D8AC84C166}
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{25771101-7948-4591-ABF3-B1ECE7A7F45F}
HPSSupply-->MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
LightScribe Applications-->MsiExec.exe /X{88A4002B-BDBA-49A2-927C-D81E8DF32B1B}
LightScribe System Software-->MsiExec.exe /X{2EC502F7-CBB0-44F8-8F5D-C9A6FC1E5A2A}
Malwarebytes' Anti-Malware-->"D:\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Corporation-->MsiExec.exe /I{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}
Microsoft LifeCam-->MsiExec.exe /X{36C97B5B-5593-45B8-B50E-DAD87036BD9D}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.5.4)-->D:\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7 Premium-->MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
PPSDKRedistributables-->MsiExec.exe /I{C869F4FF-E5FF-4FBB-9A31-33C23605E170}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Radialpoint Security Services-->MsiExec.exe /X{5DFDEAAA-E050-482E-A5B6-138CAE53F7BF}
RPS Ad Blocker-->MsiExec.exe /I{6EA0ABC4-172B-48D4-AF26-93322D7FDE72}
RPS AntiFraud-->MsiExec.exe /I{C831972C-3834-4D9D-A095-8350B324AC3C}
RPS AntiSpyware-->MsiExec.exe /I{EE1D5780-AF29-4DC4-A107-3FD5F79AC63A}
RPS AntiVirus-->MsiExec.exe /I{05BCCF27-DC23-4ED9-87A2-F8D5B244B4C4}
RPS App Detector-->MsiExec.exe /I{3C441434-737C-4D54-8EAB-B409BE54E734}
RPS AsRealtime-->MsiExec.exe /I{D8AEA1D1-78FE-4CE1-9405-D7E55E797C4D}
RPS Backup-->MsiExec.exe /I{B5C0FD16-3A5D-40D5-8B59-4B43279BB5D0}
RPS Burn-->MsiExec.exe /I{A542D695-16D3-4F89-A6F1-091F009B8ABA}
RPS Diagnostic Utility-->MsiExec.exe /I{3A836186-46F8-4388-9830-820E35C02992}
RPS Firewall-->MsiExec.exe /I{ECBDDBD7-43CC-417C-B87A-943AFED8EB57}
RPS ParentalControl-->MsiExec.exe /I{53C32728-D434-4143-9C9D-D73D68D00893}
RPS Performance Tool-->MsiExec.exe /I{DD1C392B-226D-42C9-B8E6-2A9BEF7583B4}
RPS PopupBlocker-->MsiExec.exe /I{324D4909-7A7B-45CD-B199-E975DC108249}
RPS Privacy Manager-->MsiExec.exe /I{FD2EC356-DB5E-40AE-907A-9A1D38F9396D}
RPS RpsCore-->MsiExec.exe /I{AFE0D559-DAC2-4DF0-B432-4CBA15769AA9}
RPS Security Cleanup-->MsiExec.exe /I{5E7EBB6D-F44B-4D8B-9C52-F0F9173FD166}
RPS Zip-->MsiExec.exe /I{3AFF4279-A590-4010-8C8A-3B096A220CFC}
Samsung Mobile phone USB driver Software-->C:\Windows\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\Windows\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\Windows\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Virgin Broadband advisor 1.5.24-->"C:\Program Files\Virgin Broadband\advisor\unins000.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Movie Maker 2.6-->MsiExec.exe /X{B3DAF54F-DB25-4586-9EF1-96D24BB14088}

=====HijackThis Backups=====

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll [2009-10-25]
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2009-10-25]
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) [2009-10-25]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local [2009-10-25]
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [2009-10-25]
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe [2009-10-25]
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-10-26]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) [2009-10-26]
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) [2009-10-26]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Freedom
FW: Freedom
AS: Windows Defender
AS: SUPERAntiSpyware (disabled)
AS: Freedom

======System event log======

Computer Name: Am-PC
Event Code: 36
Message: The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization.
Record Number: 47167
Source Name: Microsoft-Windows-Time-Service
Time Written: 20090619164809.000000-000
Event Type: Warning
User:

Computer Name: Am-PC
Event Code: 7011
Message: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
Record Number: 47118
Source Name: Service Control Manager
Time Written: 20090618141414.000000-000
Event Type: Error
User:

Computer Name: Am-PC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
SASKUTIL
Record Number: 47084
Source Name: Service Control Manager
Time Written: 20090618141021.000000-000
Event Type: Error
User:

Computer Name: Am-PC
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.
Record Number: 47083
Source Name: Service Control Manager
Time Written: 20090618141021.000000-000
Event Type: Error
User:

Computer Name: Am-PC
Event Code: 15016
Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
Record Number: 47013
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090618140835.298750-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Am-PC
Event Code: 10010
Message: Application 'C:\Program Files\Common Files\Symantec Shared\ccApp.exe' (pid 576) cannot be restarted - Application SID does not match Conductor SID..
Record Number: 214
Source Name: Microsoft-Windows-RestartManager
Time Written: 20090410114826.804525-000
Event Type: Warning
User: Am-PC\Am

Computer Name: Am-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2288853121-1104657220-1213784097-1000:
Process 552 (\Device\HarddiskVolume1\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-2288853121-1104657220-1213784097-1000

Record Number: 101
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090410111148.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Am-PC
Event Code: 3086
Message: The system locale has changed. Existing data will be deleted and the index must be recreated.

Context: Windows Application, SystemIndex Catalog

Record Number: 51
Source Name: Microsoft-Windows-Search
Time Written: 20090410110106.000000-000
Event Type: Warning
User:

Computer Name: Am-PC
Event Code: 1008
Message: The Windows Search Service is attempting to remove the old catalog.

Record Number: 26
Source Name: Microsoft-Windows-Search
Time Written: 20090410105455.000000-000
Event Type: Warning
User:

Computer Name: 26L2233B2-11
Event Code: 1036
Message: InitializePrintProvider failed for provider inetpp.dll. This can occur because of system instability or a lack of system resources.
Record Number: 13
Source Name: Microsoft-Windows-SpoolerSpoolss
Time Written: 20090411024709.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: 26L2233B2-11
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: 26L2233B2-11$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x204
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090411024434.453125-000
Event Type: Audit Success
User:

Computer Name: 26L2233B2-11
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements: 0
Policy ID: 0x594d8
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090411024426.718750-000
Event Type: Audit Success
User:

Computer Name: 26L2233B2-11
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 0

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090411024424.906250-000
Event Type: Audit Success
User:

Computer Name: 26L2233B2-11
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090411024424.906250-000
Event Type: Audit Success
User:

Computer Name: 26L2233B2-11
Event Code: 4647
Message: User initiated logoff:

Subject:
Security ID: S-1-5-21-2152478756-3922319563-605102323-500
Account Name: Administrator
Account Domain: 26L2233B2-11
Logon ID: 0x8496a

This event is generated when a logoff is initiated but the token reference count is not zero and the logon session cannot be destroyed. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20061102130954.400000-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CA\PPRT\bin;G:\Software;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0409
"NUMBER_OF_PROCESSORS"=1
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
molly_malone
Regular Member
 
Posts: 21
Joined: October 28th, 2009, 12:37 pm
Location: England

Re: PC infected, please help...

Unread postby molly_malone » November 4th, 2009, 5:02 pm

Regarding my pc, i haven't really noticed any difference in the running side of things.
One thing i have noticed however, is my internet connection (i do apologise that i didn't mention this in my previous posts.... so much to remember!)
Even though i am connected to the router via ethernet, i keep loosing connection, say 3/4 times an evening (this never used to happen)
We have an iphone, itouch and ps3 connected wirelessley and they also have a problem with the connection.

I shall look forward to hearing from you soon.

Regards
Molly
molly_malone
Regular Member
 
Posts: 21
Joined: October 28th, 2009, 12:37 pm
Location: England

Re: PC infected, please help...

Unread postby Dakeyras » November 4th, 2009, 7:19 pm

Hi. :)

I now think i understand the 'DOS Smurf attack', thanks for your explanation of that by the way :)
You're welcome!

Managed to delete Ad-Adware & Spybot, but couldn't find the other files ?? possibly already removed?
OK, not a problem we will try something else.

Regarding my pc, i haven't really noticed any difference in the running side of things.
One thing i have noticed however, is my internet connection (i do apologise that i didn't mention this in my previous posts.... so much to remember!)
Even though i am connected to the router via ethernet, i keep loosing connection, say 3/4 times an evening (this never used to happen)
We have an iphone, itouch and ps3 connected wirelessley and they also have a problem with the connection.
OK thank you for bringing this to my attention. It may be actually due to your ISP but by all means we will investigate this.

Have you reset your Router and applied a new Admin password? If not please do so after carrying out the below, thank you.

Radialpoint Security Services Removal:

Please download the RPSS Removal Tool and Save it to your Desktop.

  • Close all programs and right click on RpsUU.exe and select Run as Administrator.
  • Click Yes to confirm that you want to uninstall.
  • Restart the computer when prompted.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Right-click mbam-setup.exe and select Run as Administrator then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Next:

Please make sure that RSIT.exe is still on the Desktop.(if not inform myself straight away please)

  • Right click once on RSIT.exe and select Run as Administrator.
  • RSIT will start running, at the disclaimer click on Continue.
  • When done, 1 log will be produced.
  • Post that in your next reply.

When completed the above, please post back the following:

  • How is you computer performing now? Any problems encountered and or any further symptoms?
  • Malwarebytes' Anti-Malware Log.
  • A new RSIT Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: PC infected, please help...

Unread postby molly_malone » November 5th, 2009, 5:46 pm

Hi Dakeyras,

Hope your well. :D

First things first, i've just re-set my router and password, hopefully stopping those 'Smurfs'

I dl'd the RPSS Removal tool and all went well. Re-booted upon request without any problems.

The Malwarebytes log is attached below:

Malwarebytes' Anti-Malware 1.41
Database version: 3105
Windows 6.0.6002 Service Pack 2

05/11/2009 18:02:51
mbam-log-2009-11-05 (18-02-51).txt

Scan type: Quick Scan
Objects scanned: 90801
Time elapsed: 7 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
molly_malone
Regular Member
 
Posts: 21
Joined: October 28th, 2009, 12:37 pm
Location: England

Re: PC infected, please help...

Unread postby molly_malone » November 5th, 2009, 5:49 pm

Please find attached the RSIT log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Am at 2009-11-05 18:03:52
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 98 GB (64%) free of 153 GB
Total RAM: 3071 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:04:11, on 05/11/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\vVX1000.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
D:\itunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Am\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Am.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\itunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Desktop\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Extermin ... iVirus.dll
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - http://h20264.www2.hp.com/ediags/dd/ins ... sVista.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 6135 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{D8BF1B68-5BE8-4A48-850B-39E17F070BA5}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-09-02 1107200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"VX1000"=C:\Windows\vVX1000.exe [2009-06-26 757248]
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2009-07-24 118640]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-11-03 2028312]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=D:\itunes\iTunesHelper.exe [2009-10-28 141600]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Desktop\mbamgui.exe [2009-09-10 420176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\-FreedomNeedsReboot]
C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2008-09-17 92704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UniblueRegistryBooster]
D:\RegistryBooster 2010\launcher.exe delay 20000 []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-11-05 13:16:42 ----DC---- C:\Desktop
2009-11-05 13:04:05 ----SHDC---- C:\Config.Msi
2009-11-04 20:22:21 ----DC---- C:\rsit
2009-11-04 18:55:10 ----DC---- C:\WINSSLog
2009-11-03 20:44:30 ----DC---- C:\Program Files\Windows Portable Devices
2009-11-03 20:43:13 ----A---- C:\Windows\system32\UIAnimation.dll
2009-11-03 20:43:12 ----A---- C:\Windows\system32\UIRibbonRes.dll
2009-11-03 20:43:12 ----A---- C:\Windows\system32\UIRibbon.dll
2009-11-03 20:42:34 ----A---- C:\Windows\system32\WMPhoto.dll
2009-11-03 20:42:34 ----A---- C:\Windows\system32\cdd.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\xpsservices.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\XpsRasterService.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\XpsPrint.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\WindowsCodecs.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2009-11-03 20:42:33 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\OpcServices.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\FntCache.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\dxdiagn.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\dxdiag.exe
2009-11-03 20:42:33 ----A---- C:\Windows\system32\DWrite.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\d3d10warp.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\d3d10level9.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\d3d10core.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\d3d10_1core.dll
2009-11-03 20:42:33 ----A---- C:\Windows\system32\d2d1.dll
2009-11-03 20:42:32 ----A---- C:\Windows\system32\dxgi.dll
2009-11-03 20:42:32 ----A---- C:\Windows\system32\d3d11.dll
2009-11-03 20:42:32 ----A---- C:\Windows\system32\d3d10_1.dll
2009-11-03 20:42:32 ----A---- C:\Windows\system32\d3d10.dll
2009-11-03 20:42:03 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2009-11-03 20:42:02 ----A---- C:\Windows\system32\wpdbusenum.dll
2009-11-03 20:42:02 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2009-11-03 20:41:46 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2009-11-03 20:41:45 ----A---- C:\Windows\system32\WPDSp.dll
2009-11-03 20:41:45 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2009-11-03 20:41:45 ----A---- C:\Windows\system32\wpdshext.dll
2009-11-03 20:41:45 ----A---- C:\Windows\system32\WpdMtpUS.dll
2009-11-03 20:41:45 ----A---- C:\Windows\system32\WpdMtp.dll
2009-11-03 20:41:45 ----A---- C:\Windows\system32\WpdConns.dll
2009-11-03 20:41:45 ----A---- C:\Windows\system32\wpd_ci.dll
2009-11-03 20:41:45 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2009-11-03 20:41:45 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2009-11-03 20:41:45 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2009-11-03 20:41:45 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-11-03 20:40:37 ----A---- C:\Windows\system32\UIAutomationCore.dll
2009-11-03 20:40:37 ----A---- C:\Windows\system32\oleaccrc.dll
2009-11-03 20:40:37 ----A---- C:\Windows\system32\oleacc.dll
2009-11-03 20:40:16 ----A---- C:\Windows\system32\mshtml.dll
2009-11-02 21:32:37 ----D---- C:\ProgramData\Lavasoft
2009-11-02 18:43:52 ----A---- C:\Windows\ntbtlog.txt
2009-11-02 17:40:52 ----D---- C:\Users\Am\AppData\Roaming\Mozilla
2009-11-02 12:23:04 ----D---- C:\Users\Am\AppData\Roaming\Uniblue
2009-10-30 22:02:26 ----A---- C:\Windows\system32\wups2.dll
2009-10-30 22:02:25 ----A---- C:\Windows\system32\wucltux.dll
2009-10-30 22:02:25 ----A---- C:\Windows\system32\wuaueng.dll
2009-10-30 22:02:25 ----A---- C:\Windows\system32\wuauclt.exe
2009-10-30 22:01:56 ----A---- C:\Windows\system32\wups.dll
2009-10-30 22:01:56 ----A---- C:\Windows\system32\wudriver.dll
2009-10-30 22:01:56 ----A---- C:\Windows\system32\wuapi.dll
2009-10-30 22:01:41 ----A---- C:\Windows\system32\wuwebv.dll
2009-10-30 22:01:41 ----A---- C:\Windows\system32\wuapp.exe
2009-10-29 20:18:35 ----A---- C:\Windows\system32\GEARAspi.dll
2009-10-29 20:17:41 ----DC---- C:\Program Files\iPod
2009-10-29 20:17:26 ----D---- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-29 20:09:44 ----DC---- C:\Program Files\QuickTime
2009-10-28 21:18:04 ----D---- C:\Users\Am\AppData\Roaming\WinPatrol
2009-10-28 20:51:08 ----D---- C:\Users\Am\AppData\Roaming\InstallShield
2009-10-28 15:54:07 ----A---- C:\Windows\system32\wmp.dll
2009-10-28 15:53:53 ----A---- C:\Windows\system32\unregmp2.exe
2009-10-28 15:53:50 ----A---- C:\Windows\system32\wmploc.DLL
2009-10-26 21:18:41 ----D---- C:\ProgramData\PCPitstop
2009-10-26 21:16:30 ----D---- C:\Users\Am\AppData\Roaming\Registry Mechanic
2009-10-26 21:15:39 ----D---- C:\Users\Am\AppData\Roaming\TrojanHunter
2009-10-26 19:18:22 ----R---- C:\Windows\system32\streamhlp.dll
2009-10-26 19:13:29 ----AD---- C:\ProgramData\TEMP
2009-10-26 19:12:54 ----D---- C:\Program Files\Common Files\PC Tools
2009-10-26 19:10:20 ----HDC---- C:\$AVG8.VAULT$
2009-10-25 22:53:56 ----D---- C:\Users\Am\AppData\Roaming\Yahoo!
2009-10-25 19:41:15 ----DC---- C:\Program Files\Trend Micro
2009-10-24 21:53:01 ----D---- C:\Windows\system32\Adobe
2009-10-24 21:52:20 ----DC---- C:\Program Files\NOS
2009-10-24 20:18:20 ----A---- C:\Windows\system32\avgrsstx.dll
2009-10-24 20:16:04 ----DC---- C:\Program Files\AVG
2009-10-24 20:16:02 ----D---- C:\ProgramData\avg8
2009-10-23 20:27:50 ----A---- C:\Windows\system32\javaws.exe
2009-10-23 20:27:50 ----A---- C:\Windows\system32\javaw.exe
2009-10-23 20:27:50 ----A---- C:\Windows\system32\java.exe
2009-10-23 20:27:24 ----A---- C:\Windows\system32\jscript.dll
2009-10-23 20:27:10 ----A---- C:\Windows\system32\netiohlp.dll
2009-10-23 20:27:08 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-10-23 20:27:08 ----A---- C:\Windows\system32\ROUTE.EXE
2009-10-23 20:27:08 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-10-23 20:27:08 ----A---- C:\Windows\system32\MRINFO.EXE
2009-10-23 20:27:08 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-10-23 20:27:08 ----A---- C:\Windows\system32\finger.exe
2009-10-23 20:27:08 ----A---- C:\Windows\system32\ARP.EXE
2009-10-23 20:27:07 ----A---- C:\Windows\system32\netevent.dll
2009-10-23 20:26:22 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-10-23 20:26:20 ----A---- C:\Windows\system32\mf.dll
2009-10-23 20:26:10 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-10-23 20:26:10 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-10-23 20:25:44 ----A---- C:\Windows\system32\wlansec.dll
2009-10-23 20:25:44 ----A---- C:\Windows\system32\wlanmsm.dll
2009-10-23 20:25:44 ----A---- C:\Windows\system32\L2SecHC.dll
2009-10-23 20:25:43 ----A---- C:\Windows\system32\wlanapi.dll
2009-10-23 20:25:42 ----A---- C:\Windows\system32\wlansvc.dll
2009-10-23 20:25:33 ----A---- C:\Windows\system32\msv1_0.dll
2009-10-23 20:25:19 ----A---- C:\Windows\system32\ieframe.dll
2009-10-23 20:25:17 ----A---- C:\Windows\system32\wininet.dll
2009-10-23 20:25:17 ----A---- C:\Windows\system32\urlmon.dll
2009-10-23 20:25:17 ----A---- C:\Windows\system32\iertutil.dll
2009-10-23 20:25:16 ----A---- C:\Windows\system32\occache.dll
2009-10-23 20:25:16 ----A---- C:\Windows\system32\msfeeds.dll
2009-10-23 20:25:16 ----A---- C:\Windows\system32\iedkcs32.dll
2009-10-23 20:25:15 ----A---- C:\Windows\system32\msfeedssync.exe
2009-10-23 20:25:15 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-10-23 20:25:15 ----A---- C:\Windows\system32\jsproxy.dll
2009-10-23 20:25:15 ----A---- C:\Windows\system32\ieUnatt.exe
2009-10-23 20:25:15 ----A---- C:\Windows\system32\ieui.dll
2009-10-23 20:25:15 ----A---- C:\Windows\system32\iesysprep.dll
2009-10-23 20:25:15 ----A---- C:\Windows\system32\iesetup.dll
2009-10-23 20:25:15 ----A---- C:\Windows\system32\iernonce.dll
2009-10-23 20:25:15 ----A---- C:\Windows\system32\iepeers.dll
2009-10-23 20:25:15 ----A---- C:\Windows\system32\ie4uinit.exe
2009-10-23 20:24:54 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-10-23 20:24:53 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-10-23 20:23:50 ----D---- C:\Users\Am\AppData\Roaming\SoftwareDetectionScripts
2009-10-23 20:22:04 ----A---- C:\Windows\system32\msasn1.dll
2009-10-23 20:17:11 ----N---- C:\Windows\system32\MpSigStub.exe
2009-10-23 20:13:39 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2009-10-22 20:15:44 ----DC---- C:\Program Files\Microsoft Office

======List of files/folders modified in the last 1 months======

2009-11-05 18:04:11 ----D---- C:\Windows\Temp
2009-11-05 18:04:07 ----D---- C:\Windows\Prefetch
2009-11-05 15:24:54 ----SHD---- C:\System Volume Information
2009-11-05 13:16:44 ----D---- C:\Windows\system32\drivers
2009-11-05 13:10:12 ----D---- C:\Windows\registration
2009-11-05 13:07:20 ----HD---- C:\ProgramData
2009-11-05 13:07:19 ----D---- C:\Windows\System32
2009-11-05 13:07:19 ----D---- C:\Windows\inf
2009-11-05 13:07:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-11-05 13:07:03 ----D---- C:\Program Files\Virgin Broadband
2009-11-05 13:06:38 ----SHD---- C:\Windows\Installer
2009-11-05 13:06:36 ----D---- C:\Windows\winsxs
2009-11-05 13:04:40 ----DC---- C:\Windows\system32\DRVSTORE
2009-11-05 13:04:13 ----D---- C:\Program Files\Common Files
2009-11-05 13:04:06 ----RDC---- C:\Program Files
2009-11-05 13:03:55 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-05 13:03:55 ----D---- C:\Users\Am\AppData\Roaming\Virgin Broadband
2009-11-05 13:03:55 ----D---- C:\ProgramData\Virgin Broadband
2009-11-05 13:03:37 ----D---- C:\Windows
2009-11-04 20:00:25 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-11-04 19:44:31 ----D---- C:\Windows\system32\Tasks
2009-11-04 18:56:36 ----SD---- C:\Windows\Downloaded Program Files
2009-11-04 18:56:36 ----SD---- C:\ProgramData\Microsoft
2009-11-04 18:56:05 ----D---- C:\Windows\system32\catroot
2009-11-04 18:48:43 ----D---- C:\Windows\rescache
2009-11-03 20:44:34 ----D---- C:\Windows\system32\en-US
2009-11-03 20:44:30 ----D---- C:\Windows\system32\wbem
2009-11-03 20:44:25 ----D---- C:\Windows\system32\pt-PT
2009-11-03 20:44:25 ----D---- C:\Windows\system32\pt-BR
2009-11-03 20:44:25 ----D---- C:\Windows\system32\pl-PL
2009-11-03 20:44:25 ----D---- C:\Windows\system32\it-IT
2009-11-03 20:44:25 ----D---- C:\Windows\system32\he-IL
2009-11-03 20:44:25 ----D---- C:\Windows\system32\bg-BG
2009-11-03 20:44:24 ----D---- C:\Windows\system32\zh-HK
2009-11-03 20:44:24 ----D---- C:\Windows\system32\uk-UA
2009-11-03 20:44:24 ----D---- C:\Windows\system32\sl-SI
2009-11-03 20:44:24 ----D---- C:\Windows\system32\nl-NL
2009-11-03 20:44:24 ----D---- C:\Windows\system32\ko-KR
2009-11-03 20:44:24 ----D---- C:\Windows\system32\hu-HU
2009-11-03 20:44:24 ----D---- C:\Windows\system32\hr-HR
2009-11-03 20:44:24 ----D---- C:\Windows\system32\fr-FR
2009-11-03 20:44:24 ----D---- C:\Windows\system32\el-GR
2009-11-03 20:44:23 ----D---- C:\Windows\system32\zh-TW
2009-11-03 20:44:23 ----D---- C:\Windows\system32\zh-CN
2009-11-03 20:44:23 ----D---- C:\Windows\system32\tr-TR
2009-11-03 20:44:23 ----D---- C:\Windows\system32\th-TH
2009-11-03 20:44:23 ----D---- C:\Windows\system32\sv-SE
2009-11-03 20:44:23 ----D---- C:\Windows\system32\sr-Latn-CS
2009-11-03 20:44:23 ----D---- C:\Windows\system32\sk-SK
2009-11-03 20:44:23 ----D---- C:\Windows\system32\ru-RU
2009-11-03 20:44:23 ----D---- C:\Windows\system32\ro-RO
2009-11-03 20:44:23 ----D---- C:\Windows\system32\lv-LV
2009-11-03 20:44:23 ----D---- C:\Windows\system32\lt-LT
2009-11-03 20:44:23 ----D---- C:\Windows\system32\ja-JP
2009-11-03 20:44:23 ----D---- C:\Windows\system32\fi-FI
2009-11-03 20:44:23 ----D---- C:\Windows\system32\et-EE
2009-11-03 20:44:23 ----D---- C:\Windows\system32\es-ES
2009-11-03 20:44:23 ----D---- C:\Windows\system32\de-DE
2009-11-03 20:44:23 ----D---- C:\Windows\system32\cs-CZ
2009-11-03 20:44:23 ----D---- C:\Windows\system32\ar-SA
2009-11-03 20:44:22 ----D---- C:\Windows\system32\nb-NO
2009-11-03 20:44:22 ----D---- C:\Windows\system32\da-DK
2009-11-03 20:42:24 ----D---- C:\Windows\system32\catroot2
2009-11-02 21:54:45 ----D---- C:\Program Files\Windows Live Safety Center
2009-11-02 18:44:53 ----A---- C:\Windows\NeroDigital.ini
2009-11-02 18:44:14 ----D---- C:\Windows\Debug
2009-11-02 12:42:49 ----D---- C:\Windows\system32\LogFiles
2009-11-02 12:31:06 ----D---- C:\Program Files\CCleaner
2009-10-29 20:34:42 ----D---- C:\Users\Am\AppData\Roaming\Apple Computer
2009-10-29 20:17:39 ----D---- C:\Program Files\Common Files\Apple
2009-10-29 19:47:09 ----D---- C:\Program Files\Internet Explorer
2009-10-29 19:47:08 ----D---- C:\Program Files\Windows Media Player
2009-10-24 20:15:31 ----D---- C:\Program Files\Common Files\microsoft shared
2009-10-24 20:14:36 ----SD---- C:\Users\Am\AppData\Roaming\Microsoft
2009-10-23 21:49:57 ----D---- C:\Windows\ehome
2009-10-23 21:49:57 ----D---- C:\Program Files\Windows Mail
2009-10-23 21:49:56 ----D---- C:\Windows\system32\migration
2009-10-23 21:49:54 ----D---- C:\Windows\AppPatch
2009-10-23 20:27:42 ----D---- C:\Program Files\Java
2009-10-23 20:09:58 ----D---- C:\Program Files\Microsoft Silverlight
2009-10-23 20:00:18 ----RSD---- C:\Windows\Fonts
2009-10-23 19:58:43 ----D---- C:\Windows\system32\config
2009-10-23 19:56:17 ----D---- C:\Windows\Tasks
2009-10-23 19:56:17 ----D---- C:\Windows\system32\spool
2009-10-23 19:56:17 ----D---- C:\Windows\system32\restore
2009-10-23 19:56:16 ----D---- C:\Windows\system32\Msdtc
2009-10-23 19:56:15 ----D---- C:\Windows\system32\CodeIntegrity
2009-10-23 19:56:07 ----RSD---- C:\Windows\assembly
2009-10-23 19:56:07 ----RD---- C:\Users
2009-10-23 19:56:01 ----DC---- C:\Program Files\Movie Maker 2.6
2009-10-23 19:56:01 ----D---- C:\ProgramData\HP Product Assistant
2009-10-23 19:56:00 ----DC---- C:\Program Files\Microsoft LifeCam
2009-10-23 19:55:59 ----DC---- C:\Program Files\Apple Software Update
2009-10-23 19:55:59 ----D---- C:\Program Files\Common Files\LightScribe
2009-10-23 19:55:59 ----D---- C:\Program Files\Bonjour
2009-10-23 19:54:07 ----D---- C:\Windows\Help
2009-10-23 19:54:07 ----D---- C:\Windows\Boot
2009-10-23 19:54:06 ----D---- C:\Program Files\Foxit Software
2009-10-23 19:54:06 ----D---- C:\Program Files\Common Files\Ahead
2009-10-23 19:54:05 ----DC---- C:\Program Files\LightScribe
2009-10-23 19:54:05 ----D---- C:\Windows\servicing
2009-10-23 19:54:05 ----D---- C:\ProgramData\Apple
2009-10-23 19:54:05 ----D---- C:\Program Files\Common Files\HP
2009-10-23 19:54:04 ----D---- C:\Windows\WindowsMobile
2009-10-23 19:54:04 ----D---- C:\Windows\Web
2009-10-23 19:54:04 ----D---- C:\Windows\system32\XPSViewer
2009-10-23 19:54:04 ----D---- C:\Windows\system32\winrm
2009-10-23 19:54:04 ----D---- C:\Windows\system32\WCN
2009-10-23 19:54:04 ----D---- C:\Windows\system32\sysprep
2009-10-23 19:54:04 ----D---- C:\Windows\system32\Speech
2009-10-23 19:54:04 ----D---- C:\Windows\system32\SMI
2009-10-23 19:54:04 ----D---- C:\Windows\system32\slmgr
2009-10-23 19:54:04 ----D---- C:\Windows\system32\RemInst
2009-10-23 19:54:04 ----D---- C:\Windows\system32\Printing_Admin_Scripts
2009-10-23 19:54:04 ----D---- C:\Windows\system32\oobe
2009-10-23 19:54:04 ----D---- C:\Windows\system32\MUI
2009-10-23 19:54:04 ----D---- C:\Windows\system32\migwiz
2009-10-23 19:54:04 ----D---- C:\Windows\system32\licensing
2009-10-23 19:54:04 ----D---- C:\Windows\system32\IME
2009-10-23 19:54:03 ----D---- C:\Windows\system32\DriverStore
2009-10-23 19:54:03 ----D---- C:\Windows\system32\com
2009-10-23 19:54:03 ----D---- C:\Windows\system32\Boot
2009-10-23 19:54:03 ----D---- C:\Windows\Speech
2009-10-23 19:54:03 ----D---- C:\Windows\schemas
2009-10-23 19:54:03 ----D---- C:\Windows\Resources
2009-10-23 19:54:03 ----D---- C:\Windows\Provisioning
2009-10-23 19:54:03 ----D---- C:\Windows\PolicyDefinitions
2009-10-23 19:54:03 ----D---- C:\Windows\PLA
2009-10-23 19:54:03 ----D---- C:\Windows\Performance
2009-10-23 19:54:03 ----D---- C:\Windows\MSAgent
2009-10-23 19:54:02 ----D---- C:\Windows\IME
2009-10-23 19:54:02 ----D---- C:\Windows\DigitalLocker
2009-10-23 19:54:02 ----D---- C:\Windows\Branding
2009-10-23 19:54:02 ----D---- C:\Program Files\Windows Sidebar
2009-10-23 19:54:02 ----D---- C:\Program Files\Windows Photo Gallery
2009-10-23 19:54:02 ----D---- C:\Program Files\Windows NT
2009-10-23 19:54:02 ----D---- C:\Program Files\Windows Journal
2009-10-23 19:54:02 ----D---- C:\Program Files\Windows Defender
2009-10-23 19:54:02 ----D---- C:\Program Files\Windows Collaboration
2009-10-23 19:54:02 ----D---- C:\Program Files\Windows Calendar
2009-10-23 19:54:02 ----D---- C:\Program Files\Reference Assemblies
2009-10-23 19:54:01 ----D---- C:\Program Files\Movie Maker
2009-10-23 19:54:01 ----D---- C:\Program Files\Microsoft Games
2009-10-23 19:54:01 ----D---- C:\Program Files\Common Files\System
2009-10-23 19:54:01 ----D---- C:\Program Files\Common Files\SpeechEngines

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6x.sys [2009-10-24 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-10-24 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-10-24 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-10-24 108552]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-17 7379872]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104]
R3 SaiH8000;SaiH8000; C:\Windows\system32\DRIVERS\SaiH8000.sys [2008-04-04 136832]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S1 SASKUTIL;SASKUTIL; \??\F:\Software\SASKUTIL.sys []
S2 RPSKT;Security Services Driver (x86); C:\Windows\system32\DRIVERS\rp_skt32.sys []
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2007-06-19 79664]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2007-06-19 81200]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-06-19 16432]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 dvd43llh;dvd43llh; C:\Windows\System32\DRIVERS\dvd43llh.sys [2009-08-09 18816]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 Profos;Profos; \??\F:\Software\BullGuard\antirootkit\profos.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\Windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\Windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\Windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2005-08-17 8272]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2005-08-17 93872]
S3 Trufos;Trufos; \??\F:\Software\BullGuard\antirootkit\trufos.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 VX1000;VX-1000; C:\Windows\system32\DRIVERS\VX1000.sys [2009-06-26 1956096]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-10-24 297752]
R2 avgfws8;AVG8 Firewall; C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2009-10-24 1370488]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-04-13 73728]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2009-07-24 139120]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-17 196608]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S2 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 getPlusHelper;@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]

-----------------EOF-----------------
molly_malone
Regular Member
 
Posts: 21
Joined: October 28th, 2009, 12:37 pm
Location: England
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 29 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware