Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HijackThis log/ logon.exe error

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HijackThis log/ logon.exe error

Unread postby woody01 » October 31st, 2009, 1:40 pm

I began to get many pop-ups and page redirects when on Firefox. May AVG scan didn't seem to get rid of them. I now get an error every time I logon that says cannot find logon.exe, but when I hit OK, I can still use my computer. My AVG scan shows a Trojan, but it seems to return with every scan. Here is my log|:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:38:56 PM, on 10/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html ... P&M=GT4024
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html ... P&M=GT4024
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
F2 - REG:system.ini: Shell=Explorer.exe logon.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: padamori.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 5522 bytes
woody01
Active Member
 
Posts: 6
Joined: October 31st, 2009, 1:31 pm
Advertisement
Register to Remove

Re: HijackThis log/ logon.exe error

Unread postby MWR 3 day Mod » November 4th, 2009, 3:46 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: HijackThis log/ logon.exe error

Unread postby xixo_12 » November 5th, 2009, 7:25 am

Hello and Welcome to Malware Removal Forums.
  • My name is xixo_12 and i will guide you to encounter the problem that you have now.
  • We will work together and I need your attention to read all those instruction carefully.
  • Please do not make any changes to your system except following my instruction.
  • You may wish to print them off or copy them into Notepad.
  • If you have any question please don't hesitate to ask.
  • The instructions that i will give to you later are specific to your current problem and shouldn't be used on other systems.
  • If you are receiving help or have received help on this problem elsewhere, please let us know.
  • Please post your replies to this thread only and keep interact with me until your computer is clean.

Everything I post to you will be review by MRU Teacher. This process will impact my response time to you. Be patient. ;)
Please! If you need more time to do all the instructions, let me know before 72hours is done. Otherwise, your thread will be closed

Next,
Uninstall List.
  • Run the HiJack This.
  • Click at Open the Misc Tools section button.
  • Click at Misc Tools tab.
  • Under the System tools, click at Open Uninstall Manager button.
  • Find the Save list… button and save to the Desktop
  • Copy the content and paste the uninstall list here.

Next,
Checklist.
Please post.
  • uninstall list.
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: HijackThis log/ logon.exe error

Unread postby woody01 » November 6th, 2009, 8:18 pm

Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Agere Systems PCI-SV92PP Soft Modem
AOL Coach Version 2.0(Build:20041026.5 en)
AOL You've Got Pictures Screensaver
ATI - Software Uninstall Utility
ATI Display Driver
ATI Parental Control & Encoder
AVG Free 9.0
BigAnt
BigFix
Browser Address Error Redirector
Canon iP1600
ChartNet Login 4.0
Digital Media Reader
DVD Solution
Google Desktop
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
gtw_logo
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
J2SE Runtime Environment 5.0 Update 2
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Starter Edition 2006
Microsoft Money 2006
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.5.4)
MSXML 4.0 SP2 (KB954430)
Multimedia Keyboard Driver
Napster Burn Engine
Power2Go 4.0
PowerDVD
QuickTime
woody01
Active Member
 
Posts: 6
Joined: October 31st, 2009, 1:31 pm

Re: HijackThis log/ logon.exe error

Unread postby xixo_12 » November 7th, 2009, 6:25 pm

Hi,
Let's get them.

Next,
MGADiag
Please download from HERE and save to the desktop.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in. Save this file MGADiag.txt and post it in your next reply.

Next,
RSIT.
Please download Random's System Information Tool by random/random from HERE and save to the desktop.
  • Double-click RSIT.exe to run the tool.
  • Click Continue at the disclaimer screen.
  • Once it finishes, two logs will open...
    • log.txt will be opened maximized
    • info.txt will be opened minimized
  • Please post the contents of both logs in your next post.
***You can find manually the log at C:\rsit

Next,
GMER.
Please download from HERE and save to the desktop.
  • Unzip/extract the file to its own folder.
  • Disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan,click NO.
  • Click on >>> symbol and choose on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..

Next,
Discussion.
Do you care to explain about this software? What is the function of the program?
ChartNet Login 4.0


Next,
Checklist.
Please post.
  • Content of MGADiag.txt
  • Content of log.txt and info.txt.
  • Content of GMER.txt
  • Answer for discussion.
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: HijackThis log/ logon.exe error

Unread postby woody01 » November 7th, 2009, 7:39 pm

Thank you for your help. Here are the things you requested:

Diagnostic Report (1.9.0011.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0

Cached Validation Code: N/A
Windows Product Key: *****-*****-GDTF9-B9QW7-BBVH6
Windows Product Key Hash: 5kEO8pH8rfJkr7/tAGdnxv6zALo=
Windows Product ID: 76487-OEM-2211906-00806
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010100.3.0.med
ID: {CA8B3254-ED1C-4331-B077-6E7517183AEF}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Edition 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{CA8B3254-ED1C-4331-B077-6E7517183AEF}</UGUID><Version>1.9.0011.0</Version><OS>5.1.2600.2.00010100.3.0.med</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-BBVH6</PKey><PID>76487-OEM-2211906-00806</PID><PIDType>2</PIDType><SID>S-1-5-21-3668628768-4077671946-321310473</SID><SYSTEM><Manufacturer>Gateway</Manufacturer><Model>GT4024</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>W7248AG2 1.0K</Version><SMBIOSVersion major="2" minor="4"/><Date>20060516000000.000000+000</Date><SLPBIOS>Gateway,Gateway,Gateway,Gateway</SLPBIOS></BIOS><HWID>EB9F375F0184C06C</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Gateway</name><model>GT4024</model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>5BD7BCCE41315DE</Val><Hash>jCWGKYHnRpjo3ohGxhYeQTLV2SM=</Hash><Pid>70145-751-4127124-57328</Pid><PidType>1</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1CBE0:emachines inc|1CBE0:Gateway, Inc|1E840:Gateway, Inc
Marker string from OEMBIOS.DAT: Gateway,Gateway,Gateway,Gateway

OEM Activation 2.0 Data-->
N/A

Logfile of random's system information tool 1.06 (written by random/random)
Run by Yancy at 2009-11-07 17:40:50
Microsoft Windows XP Professional Service Pack 3
System drive C: has 222 GB (95%) free of 234 GB
Total RAM: 894 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:40:59 PM, on 11/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Yancy\My Documents\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Yancy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html ... P&M=GT4024
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html ... P&M=GT4024
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
F2 - REG:system.ini: Shell=Explorer.exe logon.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [gabadivaj] Rundll32.exe "c:\windows\system32\higudolo.dll",a
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: padamori.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL c:\windows\system32\forobevo.dll c:\windows\system32\zivebire.dll c:\windows\system32\higudolo.dll
O21 - SSODL: newanorek - {e5f11f17-d410-47e9-a701-a4bc8fa7f37f} - c:\windows\system32\zivebire.dll (file missing)
O21 - SSODL: dezurerur - {8cfb50a6-9237-4535-be81-062010b66e68} - c:\windows\system32\higudolo.dll
O22 - SharedTaskScheduler: mujuzedij - {e5f11f17-d410-47e9-a701-a4bc8fa7f37f} - c:\windows\system32\zivebire.dll (file missing)
O22 - SharedTaskScheduler: mujuzedij - {8cfb50a6-9237-4535-be81-062010b66e68} - c:\windows\system32\higudolo.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

--
End of file - 6286 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\anoidpnj.job
C:\WINDOWS\tasks\blhqwbuv.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2009-10-24 1471768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-10-16 1119488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-10-15 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-15 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-10-15 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - c:\windows\system32\BAE.dll [2006-02-01 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-10-15 256112]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-10-16 1119488]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-10-15 169984]
"readericon"=C:\Program Files\Digital Media Reader\readericon45G.exe [2005-12-09 139264]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-01-11 15961088]
"CHotkey"=C:\WINDOWS\zHotkey.exe [2004-12-08 550912]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2005-02-25 966656]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2005-08-12 1121792]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2009-10-25 2010904]
"gabadivaj"=c:\windows\system32\higudolo.dll [2009-08-07 90112]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-10-15 68856]
"AOL Fast Start"=C:\Program Files\America Online 9.0\AOL.EXE -b []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="padamori.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL c:\windows\system32\forobevo.dll c:\windows\system32\zivebire.dll c:\windows\system32\higudolo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-01-25 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
newanorek - {e5f11f17-d410-47e9-a701-a4bc8fa7f37f} - c:\windows\system32\zivebire.dll []
dezurerur - {8cfb50a6-9237-4535-be81-062010b66e68} - c:\windows\system32\higudolo.dll [2009-08-07 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
mujuzedij - {e5f11f17-d410-47e9-a701-a4bc8fa7f37f} - c:\windows\system32\zivebire.dll []
mujuzedij - {8cfb50a6-9237-4535-be81-062010b66e68} - c:\windows\system32\higudolo.dll [2009-08-07 90112]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
zazovuba.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1255594202\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1255594202\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe:*:Enabled:GoogleDesktop"
"C:\Program Files\Digital Media Reader\readericon45G.exe"="C:\Program Files\Digital Media Reader\readericon45G.exe:*:Enabled:readericon45G"
"C:\WINDOWS\RTHDCPL.exe"="C:\WINDOWS\RTHDCPL.exe:*:Enabled:RTHDCPL"
"C:\Program Files\BigFix\bigfix.exe"="C:\Program Files\BigFix\bigfix.exe:*:Enabled:bigfix"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
"C:\WINDOWS\system32\dllhost.exe"="C:\WINDOWS\system32\dllhost.exe:*:Enabled:dllhost"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-11-07 17:40:50 ----D---- C:\rsit
2009-11-07 17:38:01 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2009-11-02 19:01:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-02 19:01:02 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-31 11:58:05 ----D---- C:\Program Files\Trend Micro
2009-10-31 10:02:10 ----D---- C:\Documents and Settings\Yancy\Application Data\Malwarebytes
2009-10-29 04:13:00 ----SH---- C:\WINDOWS\system32\yakikeru.dll
2009-10-29 03:49:56 ----SH---- C:\WINDOWS\system32\vuhofafa.dll
2009-10-29 03:26:52 ----SH---- C:\WINDOWS\system32\fineloto.dll
2009-10-29 03:03:49 ----SH---- C:\WINDOWS\system32\fetezeme.dll
2009-10-26 22:08:53 ----D---- C:\WINDOWS\Minidump
2009-10-24 22:43:08 ----HD---- C:\$AVG
2009-10-24 22:42:40 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2009-10-24 22:41:56 ----D---- C:\WINDOWS\SxsCaPendDel
2009-10-24 20:25:59 ----D---- C:\Program Files\NOS
2009-10-22 05:27:18 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-10-20 21:36:11 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-10-20 21:35:45 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-10-20 21:15:55 ----A---- C:\WINDOWS\system32\CNMVS75.DLL
2009-10-20 21:15:54 ----A---- C:\WINDOWS\system32\CNMLM75.DLL
2009-10-20 21:15:53 ----A---- C:\WINDOWS\system32\CNMCP75.exe
2009-10-20 21:15:51 ----HD---- C:\Documents and Settings\All Users\Application Data\CanonBJ
2009-10-19 21:35:51 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-10-19 21:35:50 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-10-19 21:35:24 ----D---- C:\Program Files\Windows Media Connect 2
2009-10-19 21:35:08 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-10-19 21:34:19 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-10-19 21:33:56 ----D---- C:\WINDOWS\system32\LogFiles
2009-10-19 21:33:51 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-10-19 21:33:19 ----HDC---- C:\WINDOWS\$NtUninstallKB925766$
2009-10-19 10:01:03 ----A---- C:\WINDOWS\system32\wmv9vcm.dll
2009-10-19 10:01:02 ----D---- C:\Program Files\im
2009-10-18 22:30:33 ----D---- C:\Documents and Settings\Yancy\Application Data\Adobe
2009-10-18 22:27:49 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-10-15 18:17:49 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-10-15 18:17:36 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2009-10-15 18:17:26 ----D---- C:\Program Files\AVG
2009-10-15 08:06:35 ----D---- C:\Program Files\SetupInfo
2009-10-15 08:06:31 ----D---- C:\Program Files\BigAntSoft-OLD
2009-10-15 07:56:59 ----D---- C:\Program Files\ChartNet
2009-10-15 07:48:49 ----D---- C:\WINDOWS\system32\appmgmt
2009-10-15 06:17:08 ----D---- C:\WINDOWS\Sun
2009-10-15 05:50:14 ----A---- C:\WINDOWS\msoffice.ini
2009-10-15 05:41:42 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-10-15 05:24:13 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-15 05:23:58 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-10-15 05:23:55 ----D---- C:\Program Files\MSXML 4.0
2009-10-15 05:22:11 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-15 05:22:00 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-15 05:21:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-15 05:21:30 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-15 05:21:18 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-15 05:21:03 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-15 05:20:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-15 05:20:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-15 05:20:18 ----HDC---- C:\WINDOWS\$NtUninstallKB974455$
2009-10-15 05:18:58 ----HDC---- C:\WINDOWS\$NtUninstallKB953295$
2009-10-15 05:18:22 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-10-15 05:18:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-10-15 05:17:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-10-15 05:17:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973768$
2009-10-15 05:16:06 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-10-15 05:15:53 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-10-15 05:15:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-10-15 05:15:29 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-10-15 05:15:16 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-10-15 05:15:00 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-10-15 05:14:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-10-15 05:14:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-10-15 05:14:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-10-15 05:14:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-10-15 05:13:53 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-10-15 05:13:32 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-10-15 05:09:04 ----D---- C:\WINDOWS\system32\XPSViewer
2009-10-15 05:09:00 ----D---- C:\Program Files\MSBuild
2009-10-15 05:08:53 ----D---- C:\Program Files\Reference Assemblies
2009-10-15 05:08:26 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-10-15 05:08:26 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-10-15 05:08:26 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-10-15 05:08:25 ----D---- C:\94a905a7a493a35b1b2d4d7d28
2009-10-15 05:03:59 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-10-15 05:03:47 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-10-15 05:03:35 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-10-15 05:03:23 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-10-15 05:03:11 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-10-15 05:02:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-10-15 05:02:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-10-15 05:02:23 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-10-15 05:02:08 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-10-15 05:01:56 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-10-15 05:01:45 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-10-15 05:01:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-10-15 05:01:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-10-15 05:01:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-10-15 05:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-10-15 05:00:46 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-10-15 05:00:34 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-10-15 05:00:23 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-10-15 05:00:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-10-15 05:00:01 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-10-15 04:59:50 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-10-15 04:59:38 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-10-15 04:59:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-10-15 04:59:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-10-15 04:59:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-10-15 04:58:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-10-15 04:58:38 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-10-15 04:58:15 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-10-15 04:45:19 ----D---- C:\Documents and Settings\Yancy\Application Data\AOL
2009-10-15 04:39:48 ----D---- C:\Documents and Settings\Yancy\Application Data\Mozilla
2009-10-15 04:39:40 ----D---- C:\Program Files\Mozilla Firefox
2009-10-15 04:36:18 ----D---- C:\Documents and Settings\Yancy\Application Data\Macromedia
2009-10-15 04:33:49 ----D---- C:\Documents and Settings\Yancy\Application Data\Google
2009-10-15 04:33:19 ----D---- C:\Documents and Settings\Yancy\Application Data\McAfee.com Personal Firewall
2009-10-15 04:33:05 ----ASH---- C:\Documents and Settings\Yancy\Application Data\desktop.ini
2009-10-15 04:33:02 ----SD---- C:\Documents and Settings\Yancy\Application Data\Microsoft
2009-10-15 04:33:02 ----D---- C:\Documents and Settings\Yancy\Application Data\You've Got Pictures Screensaver
2009-10-15 04:33:02 ----D---- C:\Documents and Settings\Yancy\Application Data\SampleView
2009-10-15 04:33:02 ----D---- C:\Documents and Settings\Yancy\Application Data\Identities
2009-10-15 04:32:01 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-10-15 04:26:51 ----D---- C:\WINDOWS\Prefetch
2009-10-15 04:20:54 ----D---- C:\WINDOWS\system32\en-us
2009-10-15 04:20:53 ----D---- C:\WINDOWS\system32\scripting
2009-10-15 04:20:52 ----D---- C:\WINDOWS\system32\en
2009-10-15 04:20:52 ----D---- C:\WINDOWS\l2schemas
2009-10-15 04:20:51 ----D---- C:\WINDOWS\system32\bits
2009-10-15 04:17:47 ----D---- C:\WINDOWS\ServicePackFiles
2009-10-15 04:15:08 ----D---- C:\WINDOWS\network diagnostic
2009-10-15 04:10:47 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-10-15 03:51:16 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-10-15 03:47:46 ----D---- C:\WINDOWS\system32\PreInstall
2009-10-15 03:47:44 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-10-15 03:47:03 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-10-15 03:44:48 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-10-15 03:41:14 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-10-15 03:36:28 ----SHD---- C:\RECYCLER
2009-10-15 03:35:42 ----D---- C:\WINDOWS\system32\Lang
2009-10-15 03:35:26 ----A---- C:\WINDOWS\ModemLog_Agere Systems PCI-SV92PP Soft Modem.txt
2009-10-15 03:30:22 ----HDC---- C:\WINDOWS\$NtUninstallKB912919$
2009-10-15 03:30:05 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2009-10-15 03:29:45 ----HDC---- C:\WINDOWS\$NtUninstallKB912067$
2009-10-15 03:29:24 ----HDC---- C:\WINDOWS\$NtUninstallKB912024$
2009-10-15 03:28:44 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2009-10-15 03:28:22 ----HDC---- C:\WINDOWS\$NtUninstallKB905915$
2009-10-15 03:28:03 ----HDC---- C:\WINDOWS\$NtUninstallKB904706$
2009-10-15 03:27:47 ----HDC---- C:\WINDOWS\$NtUninstallKB896424$
2009-10-15 03:27:26 ----HDC---- C:\WINDOWS\$NtUninstallKB896256$
2009-10-15 03:23:10 ----HDC---- C:\WINDOWS\$NtUninstallKB910728$
2009-10-15 03:21:58 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
2009-10-15 03:21:25 ----HDC---- C:\WINDOWS\$NtUninstallKB911565$
2009-10-15 03:21:02 ----HDC---- C:\WINDOWS\$NtUninstallKB910393$
2009-10-15 03:16:40 ----D---- C:\Program Files\McAfee
2009-10-15 03:16:40 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-10-15 03:15:45 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee.com
2009-10-15 03:15:19 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2009-10-15 03:13:31 ----D---- C:\Program Files\gtw_logo
2009-10-15 03:13:31 ----A---- C:\WINDOWS\system32\jesterss.dll
2009-10-15 03:13:15 ----A---- C:\WINDOWS\POWERCFG.EXE
2009-10-15 03:12:34 ----D---- C:\Program Files\Microsoft Money 2006
2009-10-15 03:11:46 ----D---- C:\Program Files\Microsoft Works
2009-10-15 03:11:25 ----D---- C:\Program Files\MSN Encarta Plus
2009-10-15 03:11:12 ----D---- C:\Program Files\Common Files\Nullsoft
2009-10-15 03:11:00 ----A---- C:\WINDOWS\unvise32qt.exe
2009-10-15 03:10:55 ----D---- C:\WINDOWS\system32\QuickTime
2009-10-15 03:10:55 ----D---- C:\Program Files\QuickTime
2009-10-15 03:10:55 ----D---- C:\Documents and Settings\All Users\Application Data\QuickTime
2009-10-15 03:10:50 ----D---- C:\My Music
2009-10-15 03:10:47 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-10-15 03:10:45 ----D---- C:\Program Files\Real
2009-10-15 03:10:45 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-10-15 03:10:45 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-10-15 03:10:44 ----D---- C:\Program Files\Common Files\Real
2009-10-15 03:10:44 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-10-15 03:10:37 ----A---- C:\WINDOWS\system32\aamd532.dll
2009-10-15 03:10:36 ----A---- C:\WINDOWS\system32\SimpleRegistry.dll
2009-10-15 03:10:33 ----D---- C:\Program Files\Viewpoint
2009-10-15 03:10:33 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-10-15 03:10:32 ----D---- C:\Documents and Settings\All Users\Application Data\Pure Networks
2009-10-15 03:10:29 ----D---- C:\Program Files\Pure Networks
2009-10-15 03:10:22 ----D---- C:\Program Files\Common Files\AolCoach
2009-10-15 03:10:01 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2009-10-15 03:09:53 ----D---- C:\Program Files\Common Files\AOL
2009-10-15 03:09:44 ----D---- C:\Program Files\Common Files\Roxio Shared
2009-10-15 03:09:34 ----D---- C:\Documents and Settings\All Users\Application Data\Napster
2009-10-15 03:09:30 ----D---- C:\Program Files\Napster
2009-10-15 03:09:10 ----A---- C:\WINDOWS\zHotkey.exe
2009-10-15 03:09:10 ----A---- C:\WINDOWS\ShowWnd.exe
2009-10-15 03:09:10 ----A---- C:\WINDOWS\PIC.dll
2009-10-15 03:09:10 ----A---- C:\WINDOWS\PatchWnd.exe
2009-10-15 03:09:10 ----A---- C:\WINDOWS\HKNTDLL.dll
2009-10-15 03:09:10 ----A---- C:\WINDOWS\HIDMNT.dll
2009-10-15 03:08:25 ----D---- C:\Program Files\Microsoft Digital Image 2006
2009-10-15 03:08:10 ----D---- C:\Program Files\Common Files\Adobe
2009-10-15 03:08:10 ----A---- C:\WINDOWS\system32\atl71.dll
2009-10-15 03:07:58 ----D---- C:\Program Files\Adobe
2009-10-15 03:07:57 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-10-15 03:07:47 ----A---- C:\WINDOWS\system32\Marker32.exe
2009-10-15 03:07:35 ----A---- C:\WINDOWS\system32\javaws.exe
2009-10-15 03:07:35 ----A---- C:\WINDOWS\system32\javaw.exe
2009-10-15 03:07:35 ----A---- C:\WINDOWS\system32\java.exe
2009-10-15 03:07:12 ----D---- C:\Program Files\Java
2009-10-15 03:07:11 ----D---- C:\Program Files\Common Files\Java
2009-10-15 03:05:49 ----A---- C:\WINDOWS\system32\bae.dll
2009-10-15 03:05:43 ----A---- C:\WINDOWS\system32\RtlCPAPI.dll
2009-10-15 03:05:43 ----A---- C:\WINDOWS\system32\ChCfg.exe
2009-10-15 03:05:24 ----D---- C:\WINDOWS\system32\RTCOM
2009-10-15 03:05:21 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-10-15 03:04:48 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2009-10-15 03:04:44 ----A---- C:\WINDOWS\SoundMan.exe
2009-10-15 03:04:44 ----A---- C:\WINDOWS\RtlUpd.exe
2009-10-15 03:04:41 ----A---- C:\WINDOWS\RTLCPL.exe
2009-10-15 03:04:38 ----A---- C:\WINDOWS\RTHDCPL.exe
2009-10-15 03:04:37 ----A---- C:\WINDOWS\MicCal.exe
2009-10-15 03:04:35 ----D---- C:\Program Files\Realtek
2009-10-15 03:04:35 ----A---- C:\WINDOWS\alcwzrd.exe
2009-10-15 03:04:35 ----A---- C:\WINDOWS\Alcmtr.exe
2009-10-15 03:04:30 ----A---- C:\WINDOWS\RtlExUpd.dll
2009-10-15 03:04:19 ----A---- C:\WINDOWS\BigFixClientOverride.dll
2009-10-15 03:04:18 ----D---- C:\Program Files\BigFix
2009-10-15 03:03:58 ----D---- C:\Program Files\Digital Media Reader
2009-10-15 03:03:50 ----D---- C:\WINDOWS\Downloaded Installations
2009-10-15 03:03:09 ----D---- C:\Program Files\Common Files\ATI Technologies
2009-10-15 02:59:22 ----D---- C:\Program Files\ATI Technologies
2009-10-15 02:57:16 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-10-15 02:57:11 ----A---- C:\WINDOWS\ODBC.INI
2009-10-15 02:57:07 ----A---- C:\WINDOWS\system32\mdimon.dll
2009-10-15 02:56:43 ----D---- C:\Program Files\Microsoft ActiveSync
2009-10-15 02:56:41 ----D---- C:\Program Files\Common Files\DESIGNER
2009-10-15 02:56:30 ----D---- C:\WINDOWS\SHELLNEW
2009-10-15 02:56:16 ----D---- C:\Program Files\Microsoft.NET
2009-10-15 02:56:16 ----D---- C:\Program Files\Microsoft Office
2009-10-15 02:55:53 ----RHD---- C:\MSOCache
2009-10-15 02:55:43 ----D---- C:\Program Files\Google
2009-10-15 02:51:04 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-15 02:51:04 ----D---- C:\Program Files\CyberLink
2009-10-15 02:51:01 ----D---- C:\Program Files\Common Files\New Boundary
2009-10-15 02:51:01 ----D---- C:\Program Files\Common Files\InstallShield
2009-10-15 02:51:01 ----D---- C:\Documents and Settings\All Users\Application Data\Prism Deploy
2009-10-15 02:45:49 ----A---- C:\WINDOWS\system32\hccoin.dll
2009-10-15 02:43:21 ----SHD---- C:\System Volume Information
2009-10-15 01:42:02 ----D---- C:\WINDOWS\creator
2009-10-15 01:40:41 ----D---- C:\WINDOWS\SMINST
2009-10-15 01:40:41 ----A---- C:\WINDOWS\agrsmdel.exe
2009-10-15 01:40:38 ----D---- C:\WINDOWS\I386
2009-10-15 01:40:20 ----A---- C:\WINDOWS\system32\wowfaxui.dll
2009-10-15 01:40:17 ----A---- C:\WINDOWS\system32\wowfax.dll
2009-10-15 01:40:06 ----A---- C:\WINDOWS\system32\usrvpa.dll
2009-10-15 01:40:02 ----A---- C:\WINDOWS\system32\usrvoica.dll
2009-10-15 01:39:59 ----A---- C:\WINDOWS\system32\usrv80a.dll
2009-10-15 01:39:55 ----A---- C:\WINDOWS\system32\usrv42a.dll
2009-10-15 01:39:52 ----A---- C:\WINDOWS\system32\usrsvpia.dll
2009-10-15 01:39:48 ----A---- C:\WINDOWS\system32\usrshuta.exe
2009-10-15 01:39:45 ----A---- C:\WINDOWS\system32\usrsdpia.dll
2009-10-15 01:39:41 ----A---- C:\WINDOWS\system32\usrrtosa.dll
2009-10-15 01:39:38 ----A---- C:\WINDOWS\system32\usrprbda.exe
2009-10-15 01:39:34 ----A---- C:\WINDOWS\system32\usrmlnka.exe
2009-10-15 01:39:31 ----A---- C:\WINDOWS\system32\usrlbva.dll
2009-10-15 01:39:27 ----A---- C:\WINDOWS\system32\usrfaxa.dll
2009-10-15 01:39:24 ----A---- C:\WINDOWS\system32\usrdtea.dll
2009-10-15 01:39:21 ----A---- C:\WINDOWS\system32\usrdpa.dll
2009-10-15 01:39:17 ----A---- C:\WINDOWS\system32\usrcoina.dll
2009-10-15 01:39:14 ----A---- C:\WINDOWS\system32\usrcntra.dll
2009-10-15 01:39:13 ----A---- C:\WINDOWS\system32\usbui.dll
2009-10-15 01:39:09 ----A---- C:\WINDOWS\system32\tsbyuv.dll
2009-10-15 01:39:05 ----A---- C:\WINDOWS\system32\streamci.dll
2009-10-15 01:39:05 ----A---- C:\WINDOWS\system32\storprop.dll
2009-10-15 01:39:02 ----A---- C:\WINDOWS\system32\sprio800.dll
2009-10-15 01:38:59 ----A---- C:\WINDOWS\system32\sprio600.dll
2009-10-15 01:38:53 ----A---- C:\WINDOWS\system32\spnike.dll
2009-10-15 01:38:46 ----A---- C:\WINDOWS\system32\pjlmon.dll
2009-10-15 01:38:46 ----A---- C:\WINDOWS\system32\pid.dll
2009-10-15 01:38:43 ----A---- C:\WINDOWS\system32\paqsp.dll
2009-10-15 01:38:37 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2009-10-15 01:38:35 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-10-15 01:38:29 ----A---- C:\WINDOWS\system32\msyuv.dll
2009-10-15 01:38:20 ----A---- C:\WINDOWS\system32\mdwmdmsp.dll
2009-10-15 01:38:17 ----A---- C:\WINDOWS\system32\iyuv_32.dll
2009-10-15 01:38:14 ----A---- C:\WINDOWS\system32\hid.dll
2009-10-15 01:38:11 ----A---- C:\WINDOWS\system32\dvdplay.exe
2009-10-15 01:37:15 ----A---- C:\WINDOWS\system32\dmutil.dll
2009-10-15 01:37:12 ----A---- C:\WINDOWS\system32\cnbjmon.dll

======List of files/folders modified in the last 1 months======

2009-11-07 17:38:04 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-07 17:35:46 ----D---- C:\WINDOWS
2009-11-07 17:35:43 ----A---- C:\WINDOWS\win.ini
2009-11-07 17:35:41 ----D---- C:\WINDOWS\Temp
2009-11-07 09:32:35 ----D---- C:\WINDOWS\system32
2009-11-06 18:20:25 ----D---- C:\WINDOWS\Registration
2009-11-06 18:19:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-05 18:27:34 ----SD---- C:\WINDOWS\Tasks
2009-11-02 19:19:02 ----D---- C:\Program Files\Common Files\Services
2009-11-02 19:01:04 ----D---- C:\WINDOWS\system32\drivers
2009-11-02 19:01:02 ----RD---- C:\Program Files
2009-11-01 14:35:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-30 06:45:00 ----A---- C:\WINDOWS\setuplog.txt
2009-10-27 15:21:27 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-10-26 22:10:27 ----D---- C:\WINDOWS\system32\Restore
2009-10-24 22:42:13 ----SHD---- C:\WINDOWS\Installer
2009-10-24 22:42:12 ----D---- C:\WINDOWS\WinSxS
2009-10-24 22:41:35 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-10-22 05:27:27 ----HD---- C:\WINDOWS\inf
2009-10-22 05:27:27 ----A---- C:\WINDOWS\imsins.BAK
2009-10-20 21:40:35 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-20 05:27:24 ----D---- C:\WINDOWS\Help
2009-10-19 22:42:46 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-19 21:37:19 ----D---- C:\WINDOWS\ehome
2009-10-19 21:35:24 ----D---- C:\Program Files\Windows Media Player
2009-10-19 10:09:14 ----RASH---- C:\boot.ini
2009-10-15 10:25:47 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-15 08:03:07 ----D---- C:\WINDOWS\system
2009-10-15 07:45:01 ----RSD---- C:\WINDOWS\Fonts
2009-10-15 06:01:41 ----RSD---- C:\WINDOWS\assembly
2009-10-15 05:51:56 ----D---- C:\Program Files\Common Files
2009-10-15 05:34:59 ----D---- C:\WINDOWS\system32\wbem
2009-10-15 05:34:59 ----D---- C:\WINDOWS\AppPatch
2009-10-15 05:21:42 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-15 05:14:49 ----D---- C:\Program Files\Outlook Express
2009-10-15 05:08:36 ----D---- C:\WINDOWS\system32\spool
2009-10-15 05:07:10 ----D---- C:\Program Files\Internet Explorer
2009-10-15 04:59:40 ----D---- C:\Program Files\Messenger
2009-10-15 04:33:14 ----A---- C:\WINDOWS\OEWABLog.txt
2009-10-15 04:33:01 ----D---- C:\Documents and Settings
2009-10-15 04:26:22 ----D---- C:\WINDOWS\system32\Setup
2009-10-15 04:26:22 ----D---- C:\Program Files\Common Files\System
2009-10-15 04:25:38 ----D---- C:\WINDOWS\security
2009-10-15 04:21:07 ----D---- C:\WINDOWS\system32\inetsrv
2009-10-15 04:21:07 ----D---- C:\WINDOWS\ime
2009-10-15 04:20:54 ----D---- C:\WINDOWS\system32\usmt
2009-10-15 04:20:51 ----D---- C:\WINDOWS\PeerNet
2009-10-15 04:20:51 ----D---- C:\Program Files\Movie Maker
2009-10-15 04:17:34 ----D---- C:\WINDOWS\system32\npp
2009-10-15 04:17:34 ----D---- C:\WINDOWS\mui
2009-10-15 04:17:32 ----D---- C:\WINDOWS\msagent
2009-10-15 04:17:31 ----D---- C:\WINDOWS\srchasst
2009-10-15 04:17:30 ----D---- C:\Program Files\NetMeeting
2009-10-15 04:17:29 ----D---- C:\WINDOWS\system32\Com
2009-10-15 04:17:25 ----D---- C:\Program Files\Windows NT
2009-10-15 04:17:04 ----D---- C:\WINDOWS\system32\oobe
2009-10-15 03:51:54 ----D---- C:\WINDOWS\Debug
2009-10-15 03:45:14 ----D---- C:\WINDOWS\SoftwareDistribution
2009-10-15 03:42:45 ----D---- C:\WINDOWS\system32\config
2009-10-15 03:36:35 ----D---- C:\WINDOWS\OPTIONS
2009-10-15 03:17:09 ----A---- C:\WINDOWS\system32\emver.ini
2009-10-15 03:13:31 ----A---- C:\WINDOWS\system.ini
2009-10-15 03:13:29 ----D---- C:\WINDOWS\RegisteredPackages
2009-10-15 01:40:25 ----D---- C:\WINDOWS\twain_32
2009-10-15 01:38:47 ----D---- C:\WINDOWS\system32\ras
2009-10-15 01:38:16 ----D---- C:\WINDOWS\system32\icsxml
2009-10-15 01:38:16 ----D---- C:\WINDOWS\system32\ias
2009-10-15 01:37:03 ----D---- C:\WINDOWS\system32\1033
2009-10-15 01:36:52 ----RD---- C:\WINDOWS\Web
2009-10-15 01:36:45 ----D---- C:\WINDOWS\Media
2009-10-15 01:36:19 ----D---- C:\WINDOWS\Cursors
2009-10-15 01:36:16 ----HDC---- C:\WINDOWS\$NtUninstallKB903157$
2009-10-15 01:36:16 ----HDC---- C:\WINDOWS\$NtUninstallKB900325$
2009-10-15 01:36:15 ----SHD---- C:\System Recovery
2009-10-15 01:36:15 ----HDC---- C:\WINDOWS\$NtUninstallKB899337$
2009-10-15 01:36:15 ----HDC---- C:\WINDOWS\$NtUninstallKB895961$
2009-10-15 01:36:15 ----HDC---- C:\WINDOWS\$NtUninstallKB891593$
2009-10-15 01:36:15 ----HDC---- C:\WINDOWS\$NtUninstallKB888795$
2009-10-15 01:36:15 ----D---- C:\Program Files\xerox
2009-10-15 01:36:10 ----D---- C:\Program Files\Windows Plus
2009-10-15 01:36:10 ----D---- C:\Program Files\Online Services
2009-10-15 01:36:10 ----D---- C:\Program Files\MSN Gaming Zone
2009-10-15 01:36:10 ----D---- C:\Program Files\MSN
2009-10-15 01:36:09 ----D---- C:\Program Files\microsoft frontpage
2009-10-15 01:36:09 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-10-15 01:36:09 ----D---- C:\Program Files\Common Files\ODBC
2009-10-15 01:36:09 ----D---- C:\Program Files\Common Files\MSSoap
2009-10-15 01:36:09 ----D---- C:\Drivers
2009-10-15 01:35:37 ----D---- C:\CMPNENTS
2009-10-15 01:35:02 ----D---- C:\WINDOWS\pchealth
2009-10-15 01:35:02 ----D---- C:\WINDOWS\msapps
2009-10-15 01:34:10 ----D---- C:\WINDOWS\Resources
2009-10-15 01:34:08 ----D---- C:\WINDOWS\Provisioning
2009-10-15 01:34:06 ----RD---- C:\WINDOWS\Offline Web Pages
2009-10-15 01:33:42 ----SHD---- C:\WINDOWS\CSC
2009-10-15 01:33:42 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-15 01:33:42 ----D---- C:\WINDOWS\Driver Cache
2009-10-15 01:33:36 ----HDC---- C:\WINDOWS\$NtUninstallKB902841$
2009-10-15 01:33:36 ----HDC---- C:\WINDOWS\$NtUninstallKB899510$
2009-10-15 01:33:33 ----D---- C:\WINDOWS\system32\mui
2009-10-15 01:33:31 ----D---- C:\WINDOWS\system32\URTTemp
2009-10-15 01:33:30 ----SD---- C:\WINDOWS\system32\Microsoft
2009-10-15 01:33:30 ----D---- C:\WINDOWS\system32\MsDtc
2009-10-15 01:33:30 ----D---- C:\WINDOWS\system32\Macromed
2009-10-15 01:33:30 ----D---- C:\WINDOWS\system32\IME
2009-10-15 01:33:30 ----D---- C:\WINDOWS\system32\DirectX
2009-10-15 01:33:22 ----D---- C:\WINDOWS\java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-10-24 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-10-24 28424]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-10-25 360584]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2004-11-10 44288]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2004-11-10 24832]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-09-23 1094751]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-01-25 1478656]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-01-13 4137984]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-04-13 70144]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-13 42752]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\mxnic.sys [2001-08-17 19968]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-01-25 405504]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-10-24 285392]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2009-10-15 172032]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-15 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2009-11-07 17:41:01

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Agere Systems PCI-SV92PP Soft Modem-->agrsmdel
AOL Coach Version 2.0(Build:20041026.5 en)-->C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL You've Got Pictures Screensaver-->C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder-->MsiExec.exe /I{9862B19F-4CAD-4EED-920F-2F378D84393F}
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
BigAnt-->C:\Program Files\SetupInfo\{B05ABDE0-7B54-4970-AA05-032452A13AF9}\UnInstall.exe
BigFix-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Browser Address Error Redirector-->regsvr32 /u /s "c:\windows\system32\BAE.dll"
Canon iP1600-->C:\WINDOWS\system32\CNMCP75.exe "-PRINTERNAMECanon iP1600" "-HELPERDLLC:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0409.dll"
ChartNet Login 4.0-->MsiExec.exe /I{7E3D0220-E10A-438C-A397-FCDE09F74801}
Digital Media Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875} /l1033
DVD Solution-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
gtw_logo-->C:\WINDOWS\system32\gtw_logo.scr /UNINSTALL "C:\WINDOWS\system32\gtw_logo.log"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.0 Hotfix (KB953295)-->"C:\WINDOWS\$NtUninstallKB953295$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Digital Image Starter Edition 2006-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=11
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (3.5.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Multimedia Keyboard Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}\Setup.exe" -l0x9
Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Power2Go 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

=====HijackThis Backups=====

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE [2009-10-31]
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) [2009-10-31]
O22 - SharedTaskScheduler: kupuhivus - {282d60ae-1569-4c7d-a351-f5b7769e817b} - c:\windows\system32\fogehile.dll (file missing) [2009-10-31]
O21 - SSODL: yuvivukeb - {282d60ae-1569-4c7d-a351-f5b7769e817b} - c:\windows\system32\fogehile.dll (file missing) [2009-10-31]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll [2009-10-31]
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 [2009-10-31]
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL padamori.dll c:\windows\system32\fogehile.dll [2009-10-31]
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll [2009-10-31]
O20 - AppInit_DLLs: padamori.dll [2009-10-31]
O20 - AppInit_DLLs: padamori.dll [2009-10-31]

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: HOMEPC
Event Code: 20
Message: Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 7 for Windows XP.

Record Number: 361
Source Name: Windows Update Agent
Time Written: 20091015064128.000000-240
Event Type: error
User:

Computer Name: HOMEPC
Event Code: 20
Message: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP.

Record Number: 285
Source Name: Windows Update Agent
Time Written: 20091015061716.000000-240
Event Type: error
User:

Computer Name: HOMEPC
Event Code: 20
Message: Printer Driver Microsoft XPS Document Writer for Windows NT x86 Version-3 was added or updated. Files:- mxdwdrv.dll, unidrvui.dll, mxdwdui.gpd, unidrv.hlp, mxdwdui.dll, mxdwdui.ini, stddtype.gdl, stdnames.gpd, stdschem.gdl, stdschmx.gdl, unidrv.dll, unires.dll, XpsSvcs.dll.

Record Number: 227
Source Name: Print
Time Written: 20091015060838.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: HOMEPC
Event Code: 20
Message: Printer Driver Microsoft XPS Document Writer for Windows NT x86 Version-3 was added or updated. Files:- mxdwdrv.dll, unidrvui.dll, mxdwdui.gpd, unidrv.hlp, mxdwdui.dll, mxdwdui.ini, stddtype.gdl, stdnames.gpd, stdschem.gdl, stdschmx.gdl, unidrv.dll, unires.dll, XpsSvcs.dll.

Record Number: 226
Source Name: Print
Time Written: 20091015060835.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: HOMEPC
Event Code: 2504
Message: The server could not bind to the transport \Device\NetBT_Tcpip_{01247469-C47B-4D74-8056-EAFFCFD0CE2C}.

Record Number: 76
Source Name: Server
Time Written: 20091015052938.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: HOMEPC
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 23
Source Name: WinMgmt
Time Written: 20091015053109.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: HOMEPC
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 22
Source Name: WinMgmt
Time Written: 20091015053109.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: HOMEPC
Event Code: 1
Message: Service registration successful.

Record Number: 17
Source Name: Media Center Receiver
Time Written: 20091015053019.000000-240
Event Type:
User:

Computer Name: HOMEPC
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 12
Source Name: WinMgmt
Time Written: 20091015052151.000000-240
Event Type: warning
User: HOMEPC\Owner

Computer Name: HomePC
Event Code: 1517
Message: Windows saved user HomePC\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 6
Source Name: Userenv
Time Written: 20091015044813.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0407
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------


GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-07 18:32:53
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Yancy\LOCALS~1\Temp\uwtdipow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


The chartnet program is used by my wife for work (medical transcription).

Again, Thank you
woody01
Active Member
 
Posts: 6
Joined: October 31st, 2009, 1:31 pm

Re: HijackThis log/ logon.exe error

Unread postby xixo_12 » November 8th, 2009, 11:01 am

Hi,
Let's proceed.

Next,
ComboFix
Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links)
Save as Combo-Fix.exe <<Please have a look on file name. You have to change.
Link 1
Link 2

**IMPORTANT !!! Save Combo-Fix.exe to your Desktop**

  • Disable your AntiVirus/AntiSpyware/Firewall applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
  • Double click on Combo-Fix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Next,
Checklist.
Please post.
  • Content of ComboFix.txt
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: HijackThis log/ logon.exe error

Unread postby woody01 » November 8th, 2009, 3:17 pm

Here is the log from Combofix:

ComboFix 09-11-07.04 - Yancy 11/08/2009 13:58.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.490 [GMT -5:00]
Running from: c:\documents and settings\Yancy\My Documents\Downloads\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\recycler\S-1-5-21-2091938775-3313555101-2769154680-500
c:\windows\system32\bedepeba.dll
c:\windows\system32\fegakaya.dll
c:\windows\system32\fetezeme.dll
c:\windows\system32\fineloto.dll
c:\windows\system32\gebegimi.dll.tmp
c:\windows\system32\hefihiru.dll.tmp
c:\windows\system32\howiduga.dll.tmp
c:\windows\system32\lodirefe.dll
c:\windows\system32\nuvanifi.dll
c:\windows\system32\rekomuzu.dll
c:\windows\system32\rurisugo.dll.tmp
c:\windows\system32\rusagimo.dll
c:\windows\system32\sabepune.dll
c:\windows\system32\suhahebu.dll.tmp
c:\windows\system32\tibiyoni.dll
c:\windows\system32\tihaduza.dll.tmp
c:\windows\system32\tujarame.dll
c:\windows\system32\tujozugi.dll
c:\windows\system32\tuzoyefo.dll
c:\windows\system32\vakezise.dll
c:\windows\system32\vidajadu.dll
c:\windows\system32\vobulofo.dll
c:\windows\system32\vozafiwu.dll
c:\windows\system32\vuhofafa.dll
c:\windows\system32\yakikeru.dll
c:\windows\system32\yawevodu.dll
c:\windows\system32\zewamufa.dll
c:\windows\system32\zisewofu.dll
c:\windows\Tasks\anoidpnj.job
c:\windows\Tasks\blhqwbuv.job
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://82.98.231.98
.
((((((((((((((((((((((((( Files Created from 2009-10-08 to 2009-11-08 )))))))))))))))))))))))))))))))
.

2009-11-08 18:12 . 2009-11-08 18:12 -------- d-----w- C:\AVGTemp
2009-11-08 17:30 . 2009-11-08 17:30 -------- d-----w- c:\documents and settings\Yancy\Application Data\AVG9
2009-11-07 22:40 . 2009-11-07 22:41 -------- d-----w- C:\rsit
2009-11-07 22:38 . 2009-11-07 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-11-03 19:50 . 2009-11-03 19:50 -------- d-----w- c:\documents and settings\Owner.HomePC\Local Settings\Application Data\Adobe
2009-11-03 00:01 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-03 00:01 . 2009-11-03 00:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-03 00:01 . 2009-11-03 00:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-03 00:01 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-31 16:58 . 2009-10-31 16:58 -------- d-----w- c:\program files\Trend Micro
2009-10-31 15:02 . 2009-10-31 15:02 -------- d-----w- c:\documents and settings\Yancy\Application Data\Malwarebytes
2009-10-26 16:42 . 2009-11-08 17:18 0 ----a-w- c:\documents and settings\Owner.HomePC\Local Settings\Application Data\prvlcl.dat
2009-10-25 19:59 . 2009-10-25 03:42 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2009-10-25 19:59 . 2009-10-25 03:42 842520 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2009-10-25 19:59 . 2009-10-25 03:42 1656088 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-10-25 03:43 . 2009-10-25 03:46 -------- d-----w- C:\$AVG
2009-10-25 03:42 . 2009-11-08 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-10-25 03:41 . 2009-10-25 03:41 -------- d-----w- c:\windows\SxsCaPendDel
2009-10-25 02:29 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-10-25 01:37 . 2009-10-25 01:37 -------- d-----w- c:\documents and settings\Yancy\Local Settings\Application Data\Adobe
2009-10-25 01:26 . 2009-10-25 01:26 1925024 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2009-10-25 01:25 . 2009-10-25 02:10 -------- d-----w- c:\program files\NOS
2009-10-21 02:23 . 2006-07-11 09:00 90624 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules\0409\CNMlr75.dll
2009-10-21 02:23 . 2006-07-11 09:00 69632 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules\0409\CNMsr75.dll
2009-10-21 02:23 . 2006-07-11 09:00 54272 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules\0411\CNMlr75.dll
2009-10-21 02:23 . 2006-07-11 09:00 40448 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules\0411\CNMsr75.dll
2009-10-21 02:23 . 2006-07-11 09:00 254464 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules\0409\CNMur75.dll
2009-10-21 02:23 . 2006-07-11 09:00 192512 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules\0411\CNMur75.dll
2009-10-20 02:35 . 2009-10-20 02:35 -------- d-----w- c:\program files\Windows Media Connect 2
2009-10-20 02:33 . 2009-10-20 02:34 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-10-20 02:33 . 2009-10-20 02:33 -------- d-----w- c:\windows\system32\LogFiles
2009-10-19 15:01 . 2007-10-02 21:12 1565480 ----a-w- c:\windows\system32\wmv9vcm.dll
2009-10-19 15:01 . 2009-10-19 15:01 -------- d-----w- c:\program files\im
2009-10-19 11:36 . 2009-09-02 15:58 1107200 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-10-19 03:27 . 2009-10-25 02:12 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-16 11:21 . 2009-10-16 11:21 -------- d-----w- c:\documents and settings\Owner.HomePC\Local Settings\Application Data\AVG Security Toolbar
2009-10-15 23:38 . 2009-10-15 23:38 -------- d-----w- c:\documents and settings\Yancy\Local Settings\Application Data\AVG Security Toolbar
2009-10-15 23:17 . 2009-10-25 03:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-15 23:17 . 2009-10-25 19:59 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-15 23:17 . 2009-10-25 03:43 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-15 23:17 . 2009-10-25 03:42 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-15 23:17 . 2009-11-08 18:23 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-15 23:17 . 2009-10-19 11:36 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-10-15 23:17 . 2009-11-08 18:26 -------- d-----w- c:\program files\AVG
2009-10-15 13:06 . 2009-10-19 15:01 -------- d-----w- c:\program files\SetupInfo
2009-10-15 13:06 . 2009-10-15 13:06 -------- d-----w- c:\program files\BigAntSoft-OLD
2009-10-15 13:02 . 2009-10-15 13:02 -------- d-----w- c:\documents and settings\Owner.HomePC\Application Data\AnyModalEdit
2009-10-15 13:02 . 2009-11-07 20:56 -------- d-----w- c:\documents and settings\Owner.HomePC\Application Data\chartnet
2009-10-15 12:56 . 2009-10-15 12:58 -------- d-----w- c:\program files\ChartNet
2009-10-15 12:56 . 2009-10-15 12:56 40960 ----a-r- c:\documents and settings\Owner.HomePC\Application Data\Microsoft\Installer\{7E3D0220-E10A-438C-A397-FCDE09F74801}\mtlogin.exe1_7E3D0220E10A438CA397FCDE09F74801.exe
2009-10-15 12:56 . 2009-10-15 12:56 40960 ----a-r- c:\documents and settings\Owner.HomePC\Application Data\Microsoft\Installer\{7E3D0220-E10A-438C-A397-FCDE09F74801}\mtlogin.exe_7E3D0220E10A438CA397FCDE09F74801.exe
2009-10-15 12:56 . 2009-10-15 12:56 10134 ----a-r- c:\documents and settings\Owner.HomePC\Application Data\Microsoft\Installer\{7E3D0220-E10A-438C-A397-FCDE09F74801}\ARPPRODUCTICON.exe
2009-10-15 11:17 . 2009-10-15 11:17 -------- d-----w- c:\windows\Sun
2009-10-15 10:41 . 2009-10-15 10:41 -------- d-----w- c:\documents and settings\Owner.HomePC\Local Settings\Application Data\Mozilla
2009-10-15 10:23 . 2009-10-15 10:23 -------- d-----w- c:\program files\MSXML 4.0
2009-10-15 10:09 . 2009-10-15 10:09 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-15 10:09 . 2009-10-15 10:09 -------- d-----w- c:\program files\MSBuild
2009-10-15 10:08 . 2009-10-15 10:08 -------- d-----w- c:\program files\Reference Assemblies
2009-10-15 10:08 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-15 10:08 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-15 10:08 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-15 10:08 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-15 10:08 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-15 10:08 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-15 10:08 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-15 10:08 . 2009-10-15 10:08 -------- d-----w- C:\94a905a7a493a35b1b2d4d7d28
2009-10-15 09:55 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-10-15 09:54 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-10-15 09:49 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-10-15 09:49 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-15 09:48 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-10-15 09:48 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-10-15 09:48 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-10-15 09:48 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-15 09:47 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-15 09:47 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-10-15 09:46 . 2009-10-15 09:46 -------- d-s---w- c:\documents and settings\Yancy\UserData
2009-10-15 09:45 . 2009-10-15 09:45 -------- d-----w- c:\documents and settings\Yancy\Application Data\AOL
2009-10-15 09:39 . 2009-10-15 09:39 -------- d-----w- c:\documents and settings\Yancy\Local Settings\Application Data\Mozilla
2009-10-15 09:32 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-10-15 09:32 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-10-15 09:29 . 2009-10-15 09:29 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee.com Personal Firewall
2009-10-15 09:29 . 2009-10-15 12:58 -------- d-----w- c:\documents and settings\Owner.HomePC\Application Data\McAfee.com Personal Firewall
2009-10-15 09:20 . 2009-10-15 09:20 -------- d-----w- c:\windows\system32\scripting
2009-10-15 09:20 . 2009-10-15 09:20 -------- d-----w- c:\windows\l2schemas
2009-10-15 09:20 . 2009-10-15 09:20 -------- d-----w- c:\windows\system32\en
2009-10-15 09:20 . 2009-10-15 09:20 -------- d-----w- c:\windows\system32\bits
2009-10-15 09:17 . 2009-10-15 09:17 -------- d-----w- c:\windows\ServicePackFiles
2009-10-15 09:02 . 2004-08-04 02:41 11868 ------w- c:\windows\system32\drivers\mdmxsdk.sys
2009-10-15 09:02 . 2004-08-04 02:41 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
2009-10-15 09:02 . 2004-08-04 02:41 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
2009-10-15 09:02 . 2004-08-04 02:41 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys
2009-10-15 08:45 . 2009-10-15 08:45 -------- d-s---w- c:\documents and settings\Owner.HomePC\UserData
2009-10-15 08:42 . 2009-10-15 08:12 49152 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut3_15377C3E9655400FB441E69F0A6BEAFE.EXE
2009-10-15 08:42 . 2009-10-15 08:12 45056 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut2_15377C3E9655400FB441E69F0A6BEAFE.EXE
2009-10-15 08:42 . 2009-10-15 08:12 45056 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut1_15377C3E9655400FB441E69F0A6BEAFE.exe
2009-10-15 08:42 . 2009-10-15 08:12 10134 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\ARPPRODUCTICON.exe
2009-10-15 08:42 . 2009-10-15 08:14 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SampleView
2009-10-15 08:42 . 2009-10-15 08:11 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\You've Got Pictures Screensaver
2009-10-15 08:42 . 2009-10-15 08:07 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150020}
2009-10-15 08:42 . 2009-10-15 06:36 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2009-10-15 08:42 . 2009-10-15 06:36 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory
2009-10-15 08:42 . 2005-01-10 01:26 13104 ----a-w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-15 08:35 . 2009-11-08 19:07 -------- d-----w- c:\windows\system32\Lang
2009-10-15 08:35 . 2009-10-15 08:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2009-10-15 08:16 . 2009-10-15 08:16 -------- d-----w- c:\program files\McAfee
2009-10-15 08:16 . 2009-10-15 08:16 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-15 08:15 . 2009-10-15 08:15 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com
2009-10-15 08:15 . 2009-10-15 09:29 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com Personal Firewall
2009-10-15 08:14 . 2009-10-15 08:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\SampleView
2009-10-15 08:13 . 2009-10-15 08:42 -------- d-----w- c:\documents and settings\Owner
2009-10-15 08:13 . 2009-10-15 08:13 -------- d-----w- c:\program files\gtw_logo
2009-10-15 08:13 . 2006-02-06 19:24 1239209 ----a-w- c:\windows\system32\gtw_logo.scr
2009-10-15 08:13 . 2003-07-03 22:48 23552 ----a-w- c:\windows\system32\jesterss.dll
2009-10-15 08:13 . 2003-03-25 12:00 67072 ----a-w- c:\windows\POWERCFG.EXE
2009-10-15 08:12 . 2009-10-15 08:13 -------- d-----w- c:\program files\Microsoft Money 2006
2009-10-15 08:12 . 2009-10-15 08:12 49152 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut3_15377C3E9655400FB441E69F0A6BEAFE.EXE
2009-10-15 08:12 . 2009-10-15 08:12 45056 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut2_15377C3E9655400FB441E69F0A6BEAFE.EXE
2009-10-15 08:12 . 2009-10-15 08:12 45056 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut1_15377C3E9655400FB441E69F0A6BEAFE.exe
2009-10-15 08:12 . 2009-10-15 08:12 10134 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\ARPPRODUCTICON.exe
2009-10-15 08:11 . 2009-10-15 08:12 -------- d-----w- c:\program files\Microsoft Works
2009-10-15 08:11 . 2009-10-15 08:11 -------- d-----w- c:\program files\MSN Encarta Plus
2009-10-15 08:11 . 2009-10-15 08:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\You've Got Pictures Screensaver
2009-10-15 08:11 . 2005-06-23 20:32 173184 ----a-w- c:\windows\system32\ygpss.scr
2009-10-15 08:11 . 2009-10-15 08:11 -------- d-----w- c:\program files\Common Files\Nullsoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-25 02:25 . 2005-01-10 01:26 48920 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-21 02:15 . 2009-10-21 02:15 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2009-10-15 10:51 . 2009-10-15 08:10 -------- d-----w- c:\program files\Pure Networks
2009-10-15 10:50 . 2009-10-15 08:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-10-15 09:39 . 2009-10-15 09:33 -------- d-----w- c:\documents and settings\Yancy\Application Data\McAfee.com Personal Firewall
2009-10-15 09:23 . 2005-01-10 01:10 86811 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-15 08:14 . 2009-10-15 09:33 -------- d-----w- c:\documents and settings\Yancy\Application Data\SampleView
2009-10-15 08:14 . 2009-10-15 08:43 -------- d-----w- c:\documents and settings\Owner.HomePC\Application Data\SampleView
2009-10-15 08:12 . 2009-10-15 09:33 10134 ----a-r- c:\documents and settings\Yancy\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\ARPPRODUCTICON.exe
2009-10-15 08:12 . 2009-10-15 08:43 10134 ----a-r- c:\documents and settings\Owner.HomePC\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\ARPPRODUCTICON.exe
2009-10-15 08:11 . 2009-10-15 09:33 -------- d-----w- c:\documents and settings\Yancy\Application Data\You've Got Pictures Screensaver
2009-10-15 08:11 . 2009-10-15 08:43 -------- d-----w- c:\documents and settings\Owner.HomePC\Application Data\You've Got Pictures Screensaver
2009-10-15 08:11 . 2009-10-15 08:10 -------- d-----w- c:\program files\QuickTime
2009-10-15 08:10 . 2009-10-15 08:10 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2009-10-15 08:10 . 2009-10-15 08:10 8552 ----a-w- c:\windows\system32\drivers\asctrm.sys
2009-10-15 08:10 . 2009-10-15 08:10 -------- d-----w- c:\program files\Common Files\Real
2009-10-15 08:10 . 2009-10-15 08:10 -------- d-----w- c:\program files\Real
2009-10-15 08:10 . 2009-10-15 08:10 -------- d-----w- c:\program files\Viewpoint
2009-10-15 08:10 . 2009-10-15 08:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-10-15 08:10 . 2009-10-15 08:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2009-10-15 08:10 . 2009-10-15 08:10 -------- d-----w- c:\program files\Common Files\AolCoach
2009-10-15 06:36 . 2005-01-10 01:06 -------- d-----w- c:\program files\Windows Plus
2009-10-15 06:36 . 2005-01-10 01:13 -------- d-----w- c:\program files\microsoft frontpage
2009-09-25 05:37 . 2009-03-19 01:34 667136 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2009-03-19 01:28 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:18 . 2009-03-19 01:31 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2009-03-19 01:31 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00 . 2009-03-19 01:33 247326 ----a-w- c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-10-16 16:12 1119488 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-15 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-15 169984]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-10-25 2010904]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-01-12 15961088]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2004-12-09 550912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2009-10-15 2168360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
"c:\\Program Files\\Digital Media Reader\\readericon45G.exe"=
"c:\\WINDOWS\\RTHDCPL.exe"=
"c:\\Program Files\\BigFix\\bigfix.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/15/2009 6:17 PM 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/15/2009 6:17 PM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/24/2009 10:42 PM 285392]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.gateway.com/g/startpage.html ... P&M=GT4024
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Yancy\Application Data\Mozilla\Firefox\Profiles\p1mor09o.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

BHO-{706472ce-15dd-41fc-8277-7f89a37944bf} - lomugiti.dll
HKCU-Run-AOL Fast Start - c:\program files\America Online 9.0\AOL.EXE
HKLM-Run-gabadivaj - c:\windows\system32\rihedova.dll
HKLM-Run-zigonewuge - zazovuba.dll
SharedTaskScheduler-{e5f11f17-d410-47e9-a701-a4bc8fa7f37f} - c:\windows\system32\zivebire.dll
SharedTaskScheduler-{a703840a-6ce1-4e0d-aab1-4a6b9becb64d} - c:\windows\system32\rihedova.dll
SSODL-newanorek-{e5f11f17-d410-47e9-a701-a4bc8fa7f37f} - c:\windows\system32\zivebire.dll
SSODL-kariwekaf-{a703840a-6ce1-4e0d-aab1-4a6b9becb64d} - c:\windows\system32\rihedova.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-08 14:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(604)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2280)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2009-11-08 14:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-08 19:13

Pre-Run: 231,394,873,344 bytes free
Post-Run: 233,441,579,008 bytes free

- - End Of File - - 9F02249B08B9C199A45C66D5DC78D0AB
woody01
Active Member
 
Posts: 6
Joined: October 31st, 2009, 1:31 pm

Re: HijackThis log/ logon.exe error

Unread postby xixo_12 » November 10th, 2009, 10:31 am

Hi,
Let's proceed.

First,
ERUNT by Lars Hederer
Download ERUNT and save to the desktop.
  • Double click erunt-setup.exe to install the program.
  • Follow the prompts > uncheck Create NTREGOPT desktop icon at the Additional Tasks screen.
  • Click No when you are prompted about creating an ERUNT entry in the startup folder.
  • Next screen, uncheck Show documentation and check Launch ERUNT.
  • If ERUNT doesnt start by itself, launch it from the desktop shortcut.
  • At the configuration screen, make sure all 3 checkboxes are checked
  • Click Ok to run the backup process

Note:
The backups can be restored from here:
C:\windows\ERDNT\<todays date>\ERDNT.exe

Next,
Analyze file(s).
Please visit Jotti or Virustotal
Copy and paste the path (one by one) into the white box at the top:
c:\documents and settings\Owner.HomePC\Local Settings\Application Data\prvlcl.dat
c:\windows\system32\jesterss.dll
c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut3_15377C3E9655400FB441E69F0A6BEAFE.EXE

  • Press Submit - this will submit the file for testing.
  • Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.

Next,
CFScript
Close any open browsers.
Open notepad and copy/paste the text in the code box below into it:
Code: Select all
Folder::
c:\program files\Viewpoint
c:\documents and settings\All Users\Application Data\Viewpoint

DirLook::
c:\program files\im

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"= 1

Save this as CFScript.txt, in the same location as ComboFix.exe
Image
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Next,
Malwarebytes' Anti-Malware
  • Double click to run it and choose Update tab.
  • Click Check for Updates and allow it to finish.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Next,
Checklist.
Please post.
  • Result of analyze (total = 3 links)
  • Content of ComboFix.txt
  • Content of MBAM log.
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: HijackThis log/ logon.exe error

Unread postby woody01 » November 11th, 2009, 11:23 pm

o bytes
analisis/28dd4cca385b585adba42a6b03b214bf499b7354120c3c05b81720dd8ec4b661-1255142811
analisis/78ab3cd26e19d66f0d83c07ff64dc697fc494bed6a66e9e07de781c017640435-1243575029

ComboFix 09-11-11.02 - Yancy 11/11/2009 21:23.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.428 [GMT -5:00]
Running from: c:\documents and settings\Yancy\My Documents\Downloads\Combo-Fix.exe
Command switches used :: c:\documents and settings\Yancy\My Documents\Downloads\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Viewpoint
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\URLCache.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\URLCache.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\URLCache.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\URLCache.ini
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9\FLFBootStrap.mtx
c:\documents and settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus\FLFBootStrap.mtx
c:\program files\Viewpoint
c:\program files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\ClassIDs.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\ComponentMgr.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLArt.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLShell.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\Cursors.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\DataTracking.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\GifReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\LensFlares.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\Mts3Reader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ObjectMovie.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ServiceComponent.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VectorView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPAudio.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPExtras.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPSpeech.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\WaveletReader.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\Components\ZoomView.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
c:\program files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe
c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.xpt

.
((((((((((((((((((((((((( Files Created from 2009-10-12 to 2009-11-12 )))))))))))))))))))))))))))))))
.

2009-11-12 01:48 . 2009-11-12 01:48 -------- d-----w- c:\program files\ERUNT
2009-11-11 11:11 . 2009-11-11 11:11 -------- d-----w- c:\windows\LastGood
2009-11-10 13:46 . 2009-10-25 03:42 610072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2009-11-09 04:06 . 2009-08-29 07:36 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-11-09 04:06 . 2009-08-29 07:36 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-11-09 04:06 . 2009-08-29 07:36 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-11-09 04:06 . 2009-08-29 07:36 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-11-09 04:06 . 2009-08-29 07:36 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2009-11-09 04:06 . 2009-08-29 07:36 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2009-11-09 04:06 . 2009-08-28 10:28 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2009-11-09 04:06 . 2009-06-29 08:33 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2009-11-08 18:12 . 2009-11-08 18:12 -------- d-----w- C:\AVGTemp
2009-11-08 17:30 . 2009-11-08 17:30 -------- d-----w- c:\documents and settings\Yancy\Application Data\AVG9
2009-11-07 22:40 . 2009-11-07 22:41 -------- d-----w- C:\rsit
2009-11-07 22:38 . 2009-11-07 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-11-03 19:50 . 2009-11-03 19:50 -------- d-----w- c:\documents and settings\Owner.HomePC\Local Settings\Application Data\Adobe
2009-11-03 00:01 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-03 00:01 . 2009-11-03 00:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-03 00:01 . 2009-11-03 00:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-03 00:01 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-31 16:58 . 2009-10-31 16:58 -------- d-----w- c:\program files\Trend Micro
2009-10-31 15:02 . 2009-10-31 15:02 -------- d-----w- c:\documents and settings\Yancy\Application Data\Malwarebytes
2009-10-26 16:42 . 2009-11-08 17:18 0 ----a-w- c:\documents and settings\Owner.HomePC\Local Settings\Application Data\prvlcl.dat
2009-10-25 19:59 . 2009-10-25 19:59 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2009-10-25 19:59 . 2009-10-25 19:59 1657112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-10-25 19:59 . 2009-10-25 03:42 842520 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2009-10-25 03:43 . 2009-10-25 03:46 -------- d-----w- C:\$AVG
2009-10-25 03:42 . 2009-11-08 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-10-25 03:41 . 2009-10-25 03:41 -------- d-----w- c:\windows\SxsCaPendDel
2009-10-25 02:29 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-10-25 01:37 . 2009-10-25 01:37 -------- d-----w- c:\documents and settings\Yancy\Local Settings\Application Data\Adobe
2009-10-25 01:26 . 2009-10-25 01:26 1925024 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2009-10-25 01:25 . 2009-10-25 02:10 -------- d-----w- c:\program files\NOS
2009-10-21 02:23 . 2006-07-11 09:00 90624 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules\0409\CNMlr75.dll
2009-10-21 02:23 . 2006-07-11 09:00 69632 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules\0409\CNMsr75.dll
2009-10-21 02:23 . 2006-07-11 09:00 54272 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules\0411\CNMlr75.dll
2009-10-21 02:23 . 2006-07-11 09:00 40448 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules\0411\CNMsr75.dll
2009-10-21 02:23 . 2006-07-11 09:00 254464 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules\0409\CNMur75.dll
2009-10-21 02:23 . 2006-07-11 09:00 192512 ----a-w- c:\documents and settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600\LanguageModules\0411\CNMur75.dll
2009-10-20 02:35 . 2009-10-20 02:35 -------- d-----w- c:\program files\Windows Media Connect 2
2009-10-20 02:33 . 2009-10-20 02:34 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-10-20 02:33 . 2009-10-20 02:33 -------- d-----w- c:\windows\system32\LogFiles
2009-10-19 15:01 . 2007-10-02 21:12 1565480 ----a-w- c:\windows\system32\wmv9vcm.dll
2009-10-19 15:01 . 2009-10-19 15:01 -------- d-----w- c:\program files\im
2009-10-19 11:36 . 2009-09-02 15:58 1107200 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-10-19 03:27 . 2009-10-25 02:12 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-16 11:21 . 2009-10-16 11:21 -------- d-----w- c:\documents and settings\Owner.HomePC\Local Settings\Application Data\AVG Security Toolbar
2009-10-15 23:38 . 2009-10-15 23:38 -------- d-----w- c:\documents and settings\Yancy\Local Settings\Application Data\AVG Security Toolbar
2009-10-15 23:17 . 2009-10-25 03:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-15 23:17 . 2009-11-10 13:47 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-15 23:17 . 2009-10-25 03:43 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-15 23:17 . 2009-10-25 03:42 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-15 23:17 . 2009-11-11 23:52 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-15 23:17 . 2009-10-19 11:36 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-10-15 23:17 . 2009-11-08 18:26 -------- d-----w- c:\program files\AVG
2009-10-15 13:06 . 2009-10-19 15:01 -------- d-----w- c:\program files\SetupInfo
2009-10-15 13:06 . 2009-10-15 13:06 -------- d-----w- c:\program files\BigAntSoft-OLD
2009-10-15 13:02 . 2009-10-15 13:02 -------- d-----w- c:\documents and settings\Owner.HomePC\Application Data\AnyModalEdit
2009-10-15 13:02 . 2009-11-11 23:51 -------- d-----w- c:\documents and settings\Owner.HomePC\Application Data\chartnet
2009-10-15 12:56 . 2009-10-15 12:58 -------- d-----w- c:\program files\ChartNet
2009-10-15 12:56 . 2009-10-15 12:56 40960 ----a-r- c:\documents and settings\Owner.HomePC\Application Data\Microsoft\Installer\{7E3D0220-E10A-438C-A397-FCDE09F74801}\mtlogin.exe1_7E3D0220E10A438CA397FCDE09F74801.exe
2009-10-15 12:56 . 2009-10-15 12:56 40960 ----a-r- c:\documents and settings\Owner.HomePC\Application Data\Microsoft\Installer\{7E3D0220-E10A-438C-A397-FCDE09F74801}\mtlogin.exe_7E3D0220E10A438CA397FCDE09F74801.exe
2009-10-15 12:56 . 2009-10-15 12:56 10134 ----a-r- c:\documents and settings\Owner.HomePC\Application Data\Microsoft\Installer\{7E3D0220-E10A-438C-A397-FCDE09F74801}\ARPPRODUCTICON.exe
2009-10-15 11:17 . 2009-10-15 11:17 -------- d-----w- c:\windows\Sun
2009-10-15 10:41 . 2009-10-15 10:41 -------- d-----w- c:\documents and settings\Owner.HomePC\Local Settings\Application Data\Mozilla
2009-10-15 10:23 . 2009-10-15 10:23 -------- d-----w- c:\program files\MSXML 4.0
2009-10-15 10:09 . 2009-10-15 10:09 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-15 10:09 . 2009-10-15 10:09 -------- d-----w- c:\program files\MSBuild
2009-10-15 10:08 . 2009-10-15 10:08 -------- d-----w- c:\program files\Reference Assemblies
2009-10-15 10:08 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-15 10:08 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-15 10:08 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-15 10:08 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-15 10:08 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-15 10:08 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-15 10:08 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-15 10:08 . 2009-10-15 10:08 -------- d-----w- C:\94a905a7a493a35b1b2d4d7d28
2009-10-15 09:55 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-10-15 09:54 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-10-15 09:49 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-10-15 09:49 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-15 09:48 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-10-15 09:48 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-10-15 09:48 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-10-15 09:48 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-15 09:47 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-15 09:47 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-10-15 09:46 . 2009-10-15 09:46 -------- d-s---w- c:\documents and settings\Yancy\UserData
2009-10-15 09:45 . 2009-10-15 09:45 -------- d-----w- c:\documents and settings\Yancy\Application Data\AOL
2009-10-15 09:39 . 2009-10-15 09:39 -------- d-----w- c:\documents and settings\Yancy\Local Settings\Application Data\Mozilla
2009-10-15 09:32 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-10-15 09:32 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-10-15 09:29 . 2009-10-15 09:29 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee.com Personal Firewall
2009-10-15 09:29 . 2009-10-15 12:58 -------- d-----w- c:\documents and settings\Owner.HomePC\Application Data\McAfee.com Personal Firewall
2009-10-15 09:20 . 2009-10-15 09:20 -------- d-----w- c:\windows\system32\scripting
2009-10-15 09:20 . 2009-10-15 09:20 -------- d-----w- c:\windows\l2schemas
2009-10-15 09:20 . 2009-10-15 09:20 -------- d-----w- c:\windows\system32\en
2009-10-15 09:20 . 2009-10-15 09:20 -------- d-----w- c:\windows\system32\bits
2009-10-15 09:17 . 2009-10-15 09:17 -------- d-----w- c:\windows\ServicePackFiles
2009-10-15 09:02 . 2004-08-04 02:41 11868 ------w- c:\windows\system32\drivers\mdmxsdk.sys
2009-10-15 09:02 . 2004-08-04 02:41 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
2009-10-15 09:02 . 2004-08-04 02:41 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
2009-10-15 09:02 . 2004-08-04 02:41 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys
2009-10-15 08:45 . 2009-10-15 08:45 -------- d-s---w- c:\documents and settings\Owner.HomePC\UserData
2009-10-15 08:42 . 2009-10-15 08:12 49152 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut3_15377C3E9655400FB441E69F0A6BEAFE.EXE
2009-10-15 08:42 . 2009-10-15 08:12 45056 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut2_15377C3E9655400FB441E69F0A6BEAFE.EXE
2009-10-15 08:42 . 2009-10-15 08:12 45056 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut1_15377C3E9655400FB441E69F0A6BEAFE.exe
2009-10-15 08:42 . 2009-10-15 08:12 10134 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\ARPPRODUCTICON.exe
2009-10-15 08:42 . 2009-10-15 08:14 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SampleView
2009-10-15 08:42 . 2009-10-15 08:11 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\You've Got Pictures Screensaver
2009-10-15 08:42 . 2009-10-15 08:07 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150020}
2009-10-15 08:42 . 2009-10-15 06:36 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2009-10-15 08:42 . 2009-10-15 06:36 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory
2009-10-15 08:42 . 2005-01-10 01:26 13104 ----a-w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-15 08:35 . 2009-11-12 01:39 -------- d-----w- c:\windows\system32\Lang
2009-10-15 08:35 . 2009-10-15 08:35 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2009-10-15 08:16 . 2009-10-15 08:16 -------- d-----w- c:\program files\McAfee
2009-10-15 08:16 . 2009-10-15 08:16 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-15 08:15 . 2009-10-15 08:15 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com
2009-10-15 08:15 . 2009-10-15 09:29 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com Personal Firewall
2009-10-15 08:14 . 2009-10-15 08:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\SampleView
2009-10-15 08:13 . 2009-10-15 08:42 -------- d-----w- c:\documents and settings\Owner
2009-10-15 08:13 . 2009-10-15 08:13 -------- d-----w- c:\program files\gtw_logo
2009-10-15 08:13 . 2006-02-06 19:24 1239209 ----a-w- c:\windows\system32\gtw_logo.scr
2009-10-15 08:13 . 2003-07-03 22:48 23552 ----a-w- c:\windows\system32\jesterss.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-25 02:25 . 2005-01-10 01:26 48920 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-21 02:15 . 2009-10-21 02:15 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2009-10-15 10:51 . 2009-10-15 08:10 -------- d-----w- c:\program files\Pure Networks
2009-10-15 10:50 . 2009-10-15 08:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-10-15 09:39 . 2009-10-15 09:33 -------- d-----w- c:\documents and settings\Yancy\Application Data\McAfee.com Personal Firewall
2009-10-15 09:23 . 2005-01-10 01:10 86811 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-15 08:14 . 2009-10-15 09:33 -------- d-----w- c:\documents and settings\Yancy\Application Data\SampleView
2009-10-15 08:14 . 2009-10-15 08:43 -------- d-----w- c:\documents and settings\Owner.HomePC\Application Data\SampleView
2009-10-15 08:12 . 2009-10-15 09:33 10134 ----a-r- c:\documents and settings\Yancy\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\ARPPRODUCTICON.exe
2009-10-15 08:12 . 2009-10-15 08:43 10134 ----a-r- c:\documents and settings\Owner.HomePC\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\ARPPRODUCTICON.exe
2009-10-15 08:11 . 2009-10-15 09:33 -------- d-----w- c:\documents and settings\Yancy\Application Data\You've Got Pictures Screensaver
2009-10-15 08:11 . 2009-10-15 08:43 -------- d-----w- c:\documents and settings\Owner.HomePC\Application Data\You've Got Pictures Screensaver
2009-10-15 08:11 . 2009-10-15 08:10 -------- d-----w- c:\program files\QuickTime
2009-10-15 08:10 . 2009-10-15 08:10 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2009-10-15 08:10 . 2009-10-15 08:10 8552 ----a-w- c:\windows\system32\drivers\asctrm.sys
2009-10-15 08:10 . 2009-10-15 08:10 -------- d-----w- c:\program files\Common Files\Real
2009-10-15 08:10 . 2009-10-15 08:10 -------- d-----w- c:\program files\Real
2009-10-15 08:10 . 2009-10-15 08:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2009-10-15 08:10 . 2009-10-15 08:10 -------- d-----w- c:\program files\Common Files\AolCoach
2009-10-15 06:36 . 2005-01-10 01:06 -------- d-----w- c:\program files\Windows Plus
2009-10-15 06:36 . 2005-01-10 01:13 -------- d-----w- c:\program files\microsoft frontpage
2009-09-11 14:18 . 2009-03-19 01:31 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2009-03-19 01:31 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2009-03-19 01:34 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2009-03-19 01:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2009-03-19 01:26 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2009-03-19 01:33 247326 ----a-w- c:\windows\system32\strmdll.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\im ----

2009-10-19 15:03 . 2007-10-02 21:12 1565480 ----a-w- c:\program files\im\BigAnt\wmv9vcm.dll
2009-10-19 15:03 . 2008-01-11 15:08 77824 ----a-w- c:\program files\im\BigAnt\AntSend.dll
2009-10-19 15:01 . 2008-06-06 17:49 72 ----a-w- c:\program files\im\BigAnt\BaseData\enu_lang.ini
2009-10-19 15:01 . 2008-08-13 01:14 13312 ----a-w- c:\program files\im\BigAnt\AddIns\ClientDoc\HardLink.dll
2009-10-19 15:01 . 2009-04-28 19:41 1175604 ----a-w- c:\program files\im\BigAnt\AddIns\ClientDoc\ClientDoc.dll
2009-10-19 15:01 . 2008-12-05 15:05 208941 ----a-w- c:\program files\im\BigAnt\AddIns\ClientDoc\ADCore.dll
2009-10-19 15:01 . 2008-06-19 02:49 24576 ----a-w- c:\program files\im\BigAnt\AddIns\ClientDoc\AtViewer.exe
2009-10-19 15:01 . 2009-04-28 17:20 307 ----a-w- c:\program files\im\BigAnt\AddIns\ClientDoc\Info.ini
2009-10-19 15:01 . 2008-04-24 02:48 86016 ----a-w- c:\program files\im\BigAnt\AddIns\ClientDoc\AsView.dll
2009-10-19 15:01 . 2008-06-27 20:48 14564 ----a-w- c:\program files\im\BigAnt\HeadPic\7.jpg
2009-10-19 15:01 . 2008-06-27 20:49 14227 ----a-w- c:\program files\im\BigAnt\HeadPic\8.jpg
2009-10-19 15:01 . 2008-06-27 20:45 13187 ----a-w- c:\program files\im\BigAnt\HeadPic\9.jpg
2009-10-19 15:01 . 2008-06-27 20:47 12526 ----a-w- c:\program files\im\BigAnt\HeadPic\3.jpg
2009-10-19 15:01 . 2008-06-27 20:47 15148 ----a-w- c:\program files\im\BigAnt\HeadPic\4.jpg
2009-10-19 15:01 . 2008-06-27 20:47 16469 ----a-w- c:\program files\im\BigAnt\HeadPic\5.jpg
2009-10-19 15:01 . 2008-06-27 20:48 14936 ----a-w- c:\program files\im\BigAnt\HeadPic\6.jpg
2009-10-19 15:01 . 2008-06-27 20:49 15575 ----a-w- c:\program files\im\BigAnt\HeadPic\10.jpg
2009-10-19 15:01 . 2008-06-27 20:53 20192 ----a-w- c:\program files\im\BigAnt\HeadPic\11.jpg
2009-10-19 15:01 . 2008-06-27 20:53 17976 ----a-w- c:\program files\im\BigAnt\HeadPic\12.jpg
2009-10-19 15:01 . 2008-06-27 20:54 14171 ----a-w- c:\program files\im\BigAnt\HeadPic\13.jpg
2009-10-19 15:01 . 2008-06-27 20:46 15135 ----a-w- c:\program files\im\BigAnt\HeadPic\2.jpg
2009-10-19 15:01 . 2008-06-27 20:42 13022 ----a-w- c:\program files\im\BigAnt\HeadPic\1.jpg
2009-10-19 15:01 . 2002-05-26 18:47 3856 ----a-w- c:\program files\im\BigAnt\RICHED32.DLL
2009-10-19 15:01 . 1999-11-14 20:00 431376 ----a-w- c:\program files\im\BigAnt\RICHED20.DLL
2009-10-19 15:01 . 1999-05-06 02:22 257440 ----a-w- c:\program files\im\BigAnt\RICHED.DLL
2009-10-19 15:01 . 2005-08-17 21:31 127282 ----a-w- c:\program files\im\BigAnt\Sound\CALL_IN.wav
2009-10-19 15:01 . 2005-11-08 17:10 11708 ----a-w- c:\program files\im\BigAnt\Sound\CALL_OUT.wav
2009-10-19 15:01 . 2003-09-11 20:15 14864 ----a-w- c:\program files\im\BigAnt\Sound\NewAlert.wav
2009-10-19 15:01 . 2003-09-11 20:15 14576 ----a-w- c:\program files\im\BigAnt\Sound\NewMsg.wav
2009-10-19 15:01 . 2007-05-15 02:58 172076 ----a-w- c:\program files\im\BigAnt\Sound\Nudge.wav
2009-10-19 15:01 . 2003-09-11 20:15 30820 ----a-w- c:\program files\im\BigAnt\Sound\Online.wav
2009-10-19 15:01 . 2003-09-11 20:15 38930 ----a-w- c:\program files\im\BigAnt\Sound\Phone.wav
2009-10-19 15:01 . 2009-08-04 20:33 1687601 ----a-w- c:\program files\im\BigAnt\BigAnt.exe
2009-10-19 15:01 . 2007-12-25 14:51 53248 ----a-w- c:\program files\im\BigAnt\AtBaseCom.dll
2009-10-19 15:01 . 2009-07-31 14:11 610384 ----a-w- c:\program files\im\BigAnt\AntCore.dll
2009-10-19 15:01 . 2008-10-23 18:24 213051 ----a-w- c:\program files\im\BigAnt\AntCom.dll
2009-10-19 15:01 . 1998-07-12 04:13 53760 ----a-w- c:\program files\im\BigAnt\zlib.dll
2009-10-19 15:01 . 2008-12-16 17:02 491732 ----a-w- c:\program files\im\BigAnt\sqlite3.dll
2009-10-19 15:01 . 2009-06-27 18:57 61440 ----a-w- c:\program files\im\BigAnt\RCortrol.dll
2009-10-19 15:01 . 2002-08-29 10:40 489984 ----a-w- c:\program files\im\BigAnt\dbghelp.dll
2009-10-19 15:01 . 2007-05-13 18:18 77914 ----a-w- c:\program files\im\BigAnt\CrashRpt.dll
2009-10-19 15:01 . 2008-11-25 17:41 7712 ----a-w- c:\program files\im\BigAnt\BigAnt.tlb
2009-10-19 15:01 . 2009-08-04 20:30 856118 ----a-w- c:\program files\im\BigAnt\AvApi.dll
2009-10-19 15:01 . 2009-03-11 20:00 131161 ----a-w- c:\program files\im\BigAnt\AtUpdate.exe
2009-10-19 15:01 . 2008-12-10 17:59 45114 ----a-w- c:\program files\im\BigAnt\AtUpApi.dll
2009-10-19 15:01 . 2008-01-28 19:01 122880 ----a-w- c:\program files\im\BigAnt\AtPic.dll
2009-10-19 15:01 . 2008-06-24 16:56 77898 ----a-w- c:\program files\im\BigAnt\AtHook.dll
2009-10-19 15:01 . 2009-08-04 20:32 2486322 ----a-w- c:\program files\im\BigAnt\AntView.dll
2009-10-19 15:01 . 2009-08-04 20:31 397361 ----a-w- c:\program files\im\BigAnt\AntKit.dll
2009-10-19 15:01 . 2009-08-04 20:30 73776 ----a-w- c:\program files\im\BigAnt\AntDB.dll
2009-10-19 15:01 . 2009-08-04 20:31 491568 ----a-w- c:\program files\im\BigAnt\AntAv.dll
2009-10-19 15:01 . 2009-04-29 18:55 1860166 ----a-w- c:\program files\im\BigAnt\Help\BigAnt IM Client Help.chm
2009-10-19 15:01 . 2003-06-19 16:05 286773 ----a-w- c:\program files\im\BigAnt\msvcrt.dll
2009-10-19 15:01 . 2000-08-29 04:00 401462 ----a-w- c:\program files\im\BigAnt\MSVCP60.DLL
2009-10-19 15:01 . 2000-01-11 08:00 995383 ----a-w- c:\program files\im\BigAnt\mfc42.dll


((((((((((((((((((((((((((((( SnapShot@2009-11-08_19.07.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-20 02:35 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2009-03-19 01:32 . 2009-08-29 07:36 44544 c:\windows\system32\pngfilt.dll
+ 2006-06-29 13:05 . 2006-06-29 13:05 23552 c:\windows\system32\normaliz.dll
+ 2006-06-28 22:59 . 2006-06-28 22:59 24576 c:\windows\system32\nlsdl.dll
+ 2009-03-19 01:31 . 2007-08-13 23:01 48128 c:\windows\system32\mshtmler.dll
+ 2009-03-19 01:31 . 2007-08-13 23:32 45568 c:\windows\system32\mshta.exe
+ 2007-08-13 23:36 . 2007-08-13 23:36 12288 c:\windows\system32\msfeedssync.exe
+ 2007-08-13 23:54 . 2009-08-29 07:36 52224 c:\windows\system32\msfeedsbs.dll
+ 2009-03-19 01:30 . 2007-08-13 23:44 40960 c:\windows\system32\licmgr10.dll
+ 2009-03-19 01:28 . 2009-08-29 07:36 27648 c:\windows\system32\jsproxy.dll
+ 2009-03-19 01:28 . 2007-08-13 23:39 92672 c:\windows\system32\inseng.dll
+ 2009-03-19 01:28 . 2007-08-13 23:36 36352 c:\windows\system32\imgutil.dll
+ 2007-08-13 23:39 . 2009-08-28 10:28 13824 c:\windows\system32\ieudinit.exe
+ 2009-03-19 01:28 . 2007-08-13 23:39 55296 c:\windows\system32\iesetup.dll
+ 2009-03-19 01:28 . 2009-08-29 07:36 44544 c:\windows\system32\iernonce.dll
+ 2009-03-19 01:28 . 2009-08-28 10:28 70656 c:\windows\system32\ie4uinit.exe
+ 2006-06-29 13:05 . 2006-06-29 13:05 26112 c:\windows\system32\idndl.dll
+ 2007-08-13 23:36 . 2009-08-29 07:36 63488 c:\windows\system32\icardie.dll
+ 2007-08-13 23:36 . 2009-08-29 07:36 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2007-08-13 23:01 . 2007-08-13 23:01 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2007-08-13 23:32 . 2007-08-13 23:32 45568 c:\windows\system32\dllcache\mshta.exe
+ 2007-08-13 23:44 . 2007-08-13 23:44 40960 c:\windows\system32\dllcache\licmgr10.dll
+ 2007-08-13 23:54 . 2009-08-29 07:36 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-08-13 23:39 . 2007-08-13 23:39 92672 c:\windows\system32\dllcache\inseng.dll
+ 2007-08-13 23:36 . 2007-08-13 23:36 36352 c:\windows\system32\dllcache\imgutil.dll
+ 2007-08-13 23:39 . 2007-08-13 23:39 55296 c:\windows\system32\dllcache\iesetup.dll
+ 2007-08-13 23:39 . 2009-08-29 07:36 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2009-09-25 05:37 . 2009-08-29 07:36 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2007-08-13 23:44 . 2007-08-13 23:44 69120 c:\windows\system32\dllcache\iedw.exe
+ 2007-08-13 23:39 . 2009-08-28 10:28 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-13 23:18 . 2007-08-13 23:18 60416 c:\windows\system32\dllcache\hmmapi.dll
+ 2007-08-13 23:54 . 2007-08-13 23:54 33792 c:\windows\system32\dllcache\custsat.dll
+ 2007-08-13 23:42 . 2009-08-29 07:36 17408 c:\windows\system32\dllcache\corpol.dll
+ 2007-08-13 23:39 . 2007-08-13 23:39 71680 c:\windows\system32\dllcache\admparse.dll
+ 2009-03-19 01:26 . 2007-08-13 23:39 71680 c:\windows\system32\admparse.dll
+ 2009-11-09 04:06 . 2007-08-13 23:36 44544 c:\windows\ie7updates\KB974455-IE7\pngfilt.dll
+ 2009-11-09 04:06 . 2007-08-13 23:54 50688 c:\windows\ie7updates\KB974455-IE7\msfeedsbs.dll
+ 2009-11-09 04:06 . 2007-08-13 23:54 27136 c:\windows\ie7updates\KB974455-IE7\jsproxy.dll
+ 2009-11-09 04:06 . 2007-08-13 23:39 13312 c:\windows\ie7updates\KB974455-IE7\ieudinit.exe
+ 2009-11-09 04:06 . 2007-08-13 23:39 43008 c:\windows\ie7updates\KB974455-IE7\iernonce.dll
+ 2009-11-09 04:06 . 2009-09-25 05:37 81920 c:\windows\ie7updates\KB974455-IE7\ieencode.dll
+ 2009-11-09 04:06 . 2007-08-13 23:39 54784 c:\windows\ie7updates\KB974455-IE7\ie4uinit.exe
+ 2009-11-09 04:06 . 2007-08-13 23:36 61952 c:\windows\ie7updates\KB974455-IE7\icardie.dll
+ 2009-11-09 04:06 . 2008-04-14 00:11 35328 c:\windows\ie7updates\KB974455-IE7\corpol.dll
+ 2009-11-09 04:04 . 2008-04-14 00:12 37888 c:\windows\ie7\url.dll
+ 2009-11-09 04:05 . 2007-08-13 23:52 66048 c:\windows\ie7\spuninst\ieResetIcons.exe
+ 2009-11-09 04:05 . 2007-08-13 23:54 32960 c:\windows\ie7\spuninst\iecustom.dll
+ 2009-11-09 04:04 . 2008-04-14 00:12 39424 c:\windows\ie7\pngfilt.dll
+ 2009-11-09 04:04 . 2008-04-14 00:12 96256 c:\windows\ie7\occache.dll
+ 2009-11-09 04:04 . 2008-04-13 16:26 56832 c:\windows\ie7\mshtmler.dll
+ 2009-11-09 04:04 . 2008-04-14 00:12 29184 c:\windows\ie7\mshta.exe
+ 2009-11-09 04:04 . 2008-04-14 00:11 22016 c:\windows\ie7\licmgr10.dll
+ 2009-11-09 04:04 . 2008-04-14 00:11 15872 c:\windows\ie7\jsproxy.dll
+ 2009-11-09 04:04 . 2008-04-14 00:11 96256 c:\windows\ie7\inseng.dll
+ 2009-11-09 04:04 . 2008-04-14 00:11 35840 c:\windows\ie7\imgutil.dll
+ 2009-11-09 04:04 . 2008-04-14 00:12 93184 c:\windows\ie7\iexplore.exe
+ 2009-11-09 04:04 . 2008-04-14 00:11 62976 c:\windows\ie7\iesetup.dll
+ 2009-11-09 04:04 . 2008-04-14 00:11 48640 c:\windows\ie7\iernonce.dll
+ 2009-11-09 04:04 . 2008-04-14 00:12 18432 c:\windows\ie7\iedw.exe
+ 2009-11-09 04:04 . 2008-04-14 00:12 34304 c:\windows\ie7\ie4uinit.exe
+ 2009-11-09 04:04 . 2008-04-14 00:11 38912 c:\windows\ie7\hmmapi.dll
+ 2009-11-09 04:04 . 2008-04-14 00:11 55808 c:\windows\ie7\extmgr.dll
+ 2009-11-09 04:04 . 2008-04-14 00:11 99840 c:\windows\ie7\advpack.dll
+ 2009-11-09 04:04 . 2008-04-14 00:11 61440 c:\windows\ie7\admparse.dll
+ 2009-11-12 01:49 . 2009-11-12 01:49 65536 c:\windows\ERDNT\11-11-2009\Users\00000006\UsrClass.dat
+ 2009-11-12 01:49 . 2009-11-12 01:49 8192 c:\windows\ERDNT\11-11-2009\Users\00000004\UsrClass.dat
+ 2009-11-12 01:49 . 2009-11-12 01:49 8192 c:\windows\ERDNT\11-11-2009\Users\00000002\UsrClass.dat
+ 2007-08-13 23:45 . 2007-08-13 23:45 206336 c:\windows\system32\WinFXDocObj.exe
+ 2009-03-19 01:34 . 2009-08-29 07:36 233472 c:\windows\system32\webcheck.dll
+ 2009-03-19 01:33 . 2009-08-29 07:36 105984 c:\windows\system32\url.dll
+ 2009-03-19 01:32 . 2009-08-29 07:36 102912 c:\windows\system32\occache.dll
+ 2009-03-19 01:31 . 2009-08-29 07:36 671232 c:\windows\system32\mstime.dll
+ 2009-03-19 01:31 . 2009-08-29 07:36 193024 c:\windows\system32\msrating.dll
+ 2009-03-19 01:31 . 2007-08-13 23:54 156160 c:\windows\system32\msls31.dll
+ 2009-03-19 01:31 . 2009-08-29 07:36 477696 c:\windows\system32\mshtmled.dll
+ 2007-08-13 23:54 . 2009-08-29 07:36 459264 c:\windows\system32\msfeeds.dll
+ 2007-08-13 23:54 . 2007-08-13 23:54 180736 c:\windows\system32\ieui.dll
+ 2007-08-13 23:34 . 2009-08-29 07:36 268288 c:\windows\system32\iertutil.dll
+ 2009-03-19 01:28 . 2007-08-13 23:54 191488 c:\windows\system32\iepeers.dll
+ 2009-03-19 01:28 . 2009-08-29 07:36 385024 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 17:27 . 2009-08-29 07:36 380928 c:\windows\system32\ieapfltr.dll
+ 2009-03-19 01:28 . 2009-08-27 05:18 161792 c:\windows\system32\ieakui.dll
+ 2009-03-19 01:28 . 2009-08-29 07:36 230400 c:\windows\system32\ieaksie.dll
+ 2009-03-19 01:28 . 2009-08-29 07:36 153088 c:\windows\system32\ieakeng.dll
+ 2009-03-19 01:28 . 2009-08-29 07:36 133120 c:\windows\system32\extmgr.dll
+ 2009-03-19 01:28 . 2009-08-29 07:36 214528 c:\windows\system32\dxtrans.dll
+ 2009-03-19 01:28 . 2009-08-29 07:36 347136 c:\windows\system32\dxtmsft.dll
+ 2009-09-25 05:37 . 2009-08-29 07:36 832512 c:\windows\system32\dllcache\wininet.dll
+ 2007-08-13 23:54 . 2009-08-29 07:36 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2007-08-13 23:54 . 2008-05-27 17:23 765952 c:\windows\system32\dllcache\vgx.dll
+ 2007-08-13 23:44 . 2009-08-29 07:36 105984 c:\windows\system32\dllcache\url.dll
+ 2006-09-23 18:12 . 2006-09-23 18:12 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2007-08-13 23:44 . 2009-08-29 07:36 102912 c:\windows\system32\dllcache\occache.dll
+ 2007-08-13 23:54 . 2009-08-29 07:36 671232 c:\windows\system32\dllcache\mstime.dll
+ 2007-08-13 23:44 . 2009-08-29 07:36 193024 c:\windows\system32\dllcache\msrating.dll
+ 2007-08-13 23:54 . 2007-08-13 23:54 156160 c:\windows\system32\dllcache\msls31.dll
+ 2007-08-13 23:54 . 2009-08-29 07:36 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-08-13 23:43 . 2009-08-27 05:18 634648 c:\windows\system32\dllcache\iexplore.exe
+ 2007-08-13 23:54 . 2007-08-13 23:54 191488 c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-13 23:39 . 2009-08-29 07:36 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-13 22:56 . 2009-08-27 05:18 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2007-08-13 23:39 . 2009-08-29 07:36 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2007-08-13 23:39 . 2009-08-29 07:36 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2007-08-13 23:54 . 2009-08-29 07:36 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2007-08-13 23:35 . 2009-08-29 07:36 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2007-08-13 23:35 . 2009-08-29 07:36 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2007-08-13 23:39 . 2009-08-29 07:36 124928 c:\windows\system32\dllcache\advpack.dll
+ 2009-03-19 01:26 . 2009-08-29 07:36 124928 c:\windows\system32\advpack.dll
+ 2009-11-10 01:25 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB976749-IE7\spuninst\updspapi.dll
+ 2009-11-10 01:25 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB976749-IE7\spuninst\spuninst.exe
+ 2009-11-09 04:06 . 2007-08-13 23:54 818688 c:\windows\ie7updates\KB974455-IE7\wininet.dll
+ 2009-11-09 04:06 . 2007-08-13 23:54 231424 c:\windows\ie7updates\KB974455-IE7\webcheck.dll
+ 2009-11-09 04:06 . 2007-08-13 23:44 105984 c:\windows\ie7updates\KB974455-IE7\url.dll
+ 2009-11-09 04:06 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB974455-IE7\spuninst\updspapi.dll
+ 2009-11-09 04:06 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB974455-IE7\spuninst\spuninst.exe
+ 2009-11-09 04:06 . 2007-08-13 23:44 101376 c:\windows\ie7updates\KB974455-IE7\occache.dll
+ 2009-11-09 04:06 . 2007-08-13 23:54 670720 c:\windows\ie7updates\KB974455-IE7\mstime.dll
+ 2009-11-09 04:06 . 2007-08-13 23:44 192000 c:\windows\ie7updates\KB974455-IE7\msrating.dll
+ 2009-11-09 04:06 . 2007-08-13 23:54 475648 c:\windows\ie7updates\KB974455-IE7\mshtmled.dll
+ 2009-11-09 04:06 . 2007-08-13 23:54 458752 c:\windows\ie7updates\KB974455-IE7\msfeeds.dll
+ 2009-11-09 04:06 . 2007-08-13 23:43 622080 c:\windows\ie7updates\KB974455-IE7\iexplore.exe
+ 2009-11-09 04:06 . 2007-08-13 23:34 266752 c:\windows\ie7updates\KB974455-IE7\iertutil.dll
+ 2009-11-09 04:06 . 2007-08-13 23:39 382976 c:\windows\ie7updates\KB974455-IE7\iedkcs32.dll
+ 2009-11-09 04:06 . 2007-07-11 17:27 383488 c:\windows\ie7updates\KB974455-IE7\ieapfltr.dll
+ 2009-11-09 04:06 . 2007-08-13 22:56 161792 c:\windows\ie7updates\KB974455-IE7\ieakui.dll
+ 2009-11-09 04:06 . 2007-08-13 23:39 229376 c:\windows\ie7updates\KB974455-IE7\ieaksie.dll
+ 2009-11-09 04:06 . 2007-08-13 23:39 152064 c:\windows\ie7updates\KB974455-IE7\ieakeng.dll
+ 2009-11-09 04:06 . 2007-08-13 23:54 131584 c:\windows\ie7updates\KB974455-IE7\extmgr.dll
+ 2009-11-09 04:06 . 2007-08-13 23:35 214528 c:\windows\ie7updates\KB974455-IE7\dxtrans.dll
+ 2009-11-09 04:06 . 2007-08-13 23:35 346624 c:\windows\ie7updates\KB974455-IE7\dxtmsft.dll
+ 2009-11-09 04:06 . 2007-08-13 23:39 123904 c:\windows\ie7updates\KB974455-IE7\advpack.dll
+ 2009-11-10 01:25 . 2007-08-13 23:54 765952 c:\windows\ie7updates\KB938127-v2-IE7\vgx.dll
+ 2009-11-10 01:25 . 2007-03-06 01:23 371424 c:\windows\ie7updates\KB938127-v2-IE7\spuninst\updspapi.dll
+ 2009-11-10 01:25 . 2007-03-06 01:22 213216 c:\windows\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe
+ 2009-11-09 04:04 . 2009-09-25 05:37 667136 c:\windows\ie7\wininet.dll
+ 2009-11-09 04:04 . 2008-04-14 00:12 276480 c:\windows\ie7\webcheck.dll
+ 2009-11-09 04:04 . 2008-04-14 00:12 851968 c:\windows\ie7\vgx.dll
+ 2009-11-09 04:04 . 2009-09-25 05:37 627712 c:\windows\ie7\urlmon.dll
+ 2009-11-09 04:05 . 2006-09-06 22:43 371424 c:\windows\ie7\spuninst\updspapi.dll
+ 2009-11-09 04:05 . 2006-09-06 22:43 213216 c:\windows\ie7\spuninst\spuninst.exe
+ 2009-11-09 04:04 . 2008-04-14 00:12 532480 c:\windows\ie7\mstime.dll
+ 2009-11-09 04:04 . 2008-04-14 00:12 146432 c:\windows\ie7\msrating.dll
+ 2009-11-09 04:04 . 2004-08-10 19:00 146432 c:\windows\ie7\msls31.dll
+ 2009-11-09 04:04 . 2008-04-14 00:11 449024 c:\windows\ie7\mshtmled.dll
+ 2009-11-09 04:04 . 2008-04-14 00:11 251904 c:\windows\ie7\iepeers.dll
+ 2009-11-09 04:04 . 2008-04-14 00:11 323584 c:\windows\ie7\iedkcs32.dll
+ 2009-11-09 04:04 . 2004-08-10 19:00 221184 c:\windows\ie7\ieakui.dll
+ 2009-11-09 04:04 . 2008-04-14 00:11 216576 c:\windows\ie7\ieaksie.dll
+ 2009-11-09 04:04 . 2008-04-14 00:11 143360 c:\windows\ie7\ieakeng.dll
+ 2009-11-09 04:04 . 2008-04-14 00:11 205312 c:\windows\ie7\dxtrans.dll
+ 2009-11-09 04:04 . 2008-04-14 00:11 357888 c:\windows\ie7\dxtmsft.dll
+ 2009-11-12 01:49 . 2009-11-12 01:49 241664 c:\windows\ERDNT\11-11-2009\Users\00000003\NTUSER.DAT
+ 2009-11-12 01:49 . 2009-11-12 01:49 241664 c:\windows\ERDNT\11-11-2009\Users\00000001\NTUSER.DAT
+ 2009-11-12 01:49 . 2005-10-20 17:02 163328 c:\windows\ERDNT\11-11-2009\ERDNT.EXE
+ 2009-03-19 01:33 . 2009-08-29 07:36 1168384 c:\windows\system32\urlmon.dll
+ 2009-03-19 01:31 . 2009-10-21 04:08 3598336 c:\windows\system32\mshtml.dll
+ 2007-08-13 23:54 . 2009-08-29 07:36 6067200 c:\windows\system32\ieframe.dll
+ 2007-02-12 21:10 . 2009-06-29 08:33 2452872 c:\windows\system32\ieapfltr.dat
+ 2009-09-25 05:37 . 2009-08-29 07:36 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2009-09-25 05:37 . 2009-10-21 04:08 3598336 c:\windows\system32\dllcache\mshtml.dll
+ 2006-09-23 18:12 . 2006-09-23 18:12 1022976 c:\windows\system32\dllcache\browseui.dll
+ 2009-11-10 01:25 . 2009-08-29 07:36 3598336 c:\windows\ie7updates\KB976749-IE7\mshtml.dll
+ 2009-11-09 04:06 . 2007-08-13 23:54 1162240 c:\windows\ie7updates\KB974455-IE7\urlmon.dll
+ 2009-11-09 04:06 . 2007-08-13 23:54 3578368 c:\windows\ie7updates\KB974455-IE7\mshtml.dll
+ 2009-11-09 04:06 . 2007-08-13 23:54 6049280 c:\windows\ie7updates\KB974455-IE7\ieframe.dll
+ 2009-11-09 04:06 . 2007-02-12 21:10 2451312 c:\windows\ie7updates\KB974455-IE7\ieapfltr.dat
+ 2009-11-09 04:04 . 2009-10-19 23:53 3070976 c:\windows\ie7\mshtml.dll
+ 2009-11-12 01:49 . 2009-11-12 01:49 1679360 c:\windows\ERDNT\11-11-2009\Users\00000005\NTUSER.DAT
+ 2009-11-09 04:02 . 2009-10-02 16:01 25198016 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-10-16 16:12 1119488 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-15 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-15 169984]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-10 2016536]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-01-12 15961088]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2004-12-09 550912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2009-10-15 2168360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
"c:\\Program Files\\Digital Media Reader\\readericon45G.exe"=
"c:\\WINDOWS\\RTHDCPL.exe"=
"c:\\Program Files\\BigFix\\bigfix.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/15/2009 6:17 PM 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/15/2009 6:17 PM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/24/2009 10:42 PM 285392]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Yancy\Application Data\Mozilla\Firefox\Profiles\p1mor09o.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPOJI610.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(604)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-11-12 21:31
ComboFix-quarantined-files.txt 2009-11-12 02:30
ComboFix2.txt 2009-11-08 19:14

Pre-Run: 232,955,654,144 bytes free
Post-Run: 232,919,425,024 bytes free

- - End Of File - - 8D632A335EE43E36392F85BED3D3178D

Malwarebytes' Anti-Malware 1.41
Database version: 3152
Windows 5.1.2600 Service Pack 3

11/11/2009 10:13:06 PM
mbam-log-2009-11-11 (22-13-06).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Objects scanned: 176144
Time elapsed: 28 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 27

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\nuvanifi.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\bedepeba.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gebegimi.dll.tmp.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hefihiru.dll.tmp.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\howiduga.dll.tmp.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\lodirefe.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rurisugo.dll.tmp.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rusagimo.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\suhahebu.dll.tmp.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tihaduza.dll.tmp.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tujarame.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vidajadu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP34\A0011299.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP38\A0013448.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP38\A0013465.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP42\A0013588.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP42\A0013780.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP42\A0013659.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP42\A0013775.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP42\A0013779.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP42\A0013782.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP42\A0013785.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP42\A0013789.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP42\A0013831.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP48\A0014229.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP48\A0014312.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP48\A0014493.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

Thank you
woody01
Active Member
 
Posts: 6
Joined: October 31st, 2009, 1:31 pm

Re: HijackThis log/ logon.exe error

Unread postby xixo_12 » November 12th, 2009, 12:55 am

Hi woody01,

Can you upload the files again? I think you uploaded the wrong files.
I just want to double check :)

Below quote is your replied to me.
o bytes
analisis/28dd4cca385b585adba42a6b03b214bf499b7354120c3c05b81720dd8ec4b661-1255142811
analisis/78ab3cd26e19d66f0d83c07ff64dc697fc494bed6a66e9e07de781c017640435-1243575029


Please ask if you have difficulties.
There is 3 files you need to upload. So, you will give 3 links for my review.
Next,
Analyze file(s).
Please visit Jotti or Virustotal
Copy and paste the path (one by one) into the white box at the top:
c:\documents and settings\Owner.HomePC\Local Settings\Application Data\prvlcl.dat
c:\windows\system32\jesterss.dll
c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut3_15377C3E9655400FB441E69F0A6BEAFE.EXE

  • Press Submit - this will submit the file for testing.
  • Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.


The link pattern should be appear like this (If you upload using virustotal) :
http://www.virustotal.com/analisis/1b1a4da9d66e0abf8bfd9e77261a971eb9b928d16100aedaa91497767c7e6f69-1258001153
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: HijackThis log/ logon.exe error

Unread postby NonSuch » November 15th, 2009, 1:26 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27301
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 52 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware