Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

sutbborn trojan

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

sutbborn trojan

Unread postby rik3267 » December 12th, 2009, 1:59 pm

12/12/09

can anyone help? I've got a stubborn trojan located in C:\windows\system32\devmgr32.dll that keeps on triggering AVG Resident sheild alert. Several attempts with AVG Antivirus and Hijackthis would not delete it, only quarantine. I tried deleting the file and reinstalling a new one but it wouldn't move. Its a Win 2000 file and I am running Win xp home sp3 and stupidly downloaded it from limewire. Also I noticed a recurring file:
C:\system Volume Information\_restore(AE02C676-D30C-4045-8FB8-0431E938BE4D)\RP24\A0019269.dll

found by AVG resident shield alert and described as a trojan horse BackDoorAgentAEUC

Thanks in advance
rik3267


Hijackthis log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:33 AM, on 12/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Weather Clock\WeatherClock.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = about:blank
O2 - BHO: (no name) - {33C84902-C0C8-4203-B7DC-901A9FC68BDb} - C:\WINDOWS\System32\D3DCompiler_4132.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {CF21240A-C0C8-4203-B7DC-901A9FC68BDb} - C:\WINDOWS\System32\d3d8thk32.dll (file missing)
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [cftmon] C:\WINDOWS\system32\mbxw.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [DVDUpgrade] DVDUpgrd.exe /async
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [49272832] C:\DOCUME~1\ALLUSE~1\APPLIC~1\49272832\49272832.exe
O4 - HKCU\..\Run: [WeatherClock] C:\Program Files\Weather Clock\WeatherClock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [richtx64.exe] C:\WINDOWS\TEMP\richtx64.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [richtx64.exe] C:\WINDOWS\TEMP\richtx64.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = Common\Bin\WinCinemaMgr.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwar ... TSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0129391578
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\devmgr32.dll
O20 - Winlogon Notify: 2ce3c67f705 - C:\WINDOWS\System32\devmgr32.dll
O20 - Winlogon Notify: __c002A4AD - C:\WINDOWS\system32\__c002A4AD.dat
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O24 - Desktop Component 1: (no name) - http://www.yahoo.com/r/2k


Uninstall list

32 Bit HP CIO Components Installer
56HP PCI V.92 Modem
A4Tech iWheelWorks V7.0
Adobe Acrobat 4.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.1.0
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
AOL Instant Messenger
AVG Free 9.0
Bullseye Tool Bar
CAM-IN SUITE III
Compaq S200 Scanner
FinePix Studio
FinePixViewer Resource
FinePixViewer Ver.5.4
FUJIFILM USB Driver
Google Chrome
Google Earth
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 13.0
HP Deskjet D1600 Printer Driver Software 13.0 Rel .6
HP Imaging Device Functions 13.0
HP Print Projects 1.0
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
InCD (Ahead Software)
InstallMgr
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
InterVideo Installer
InterVideo WinDVD
iS3 STOPzilla Toolbar
Java(TM) 6 Update 15
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Macromedia Shockwave Player
MGI PhotoSuite 4 (Remove Only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft DirectX Transform optional components
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Meeting 2005
Microsoft Office XP Professional
Microsoft Search Enhancement Pack
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows XP Video Decoder Checkup Utility
Motorola Driver Installation 3.7.0
MSN Music Assistant
MSN Toolbar
MSN Toolbar
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nero - Burning Rom
NeroMediaPlayer
OpenOffice.org Installer 1.0
PCI Audio Driver
PDFLIB
PhoneTray Voices
Quicken 2007
QuickTime
Realtek AC'97 Audio
Run It
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
SiS 900 PCI Fast Ethernet Adapter Driver
Sound Blaster Live!
Spybot - Search & Destroy
Strategy Challenges 1
Stuart Little Big City Adventures
System Requirements Lab
Trend Micro RUBotted
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wpaiper
TurboTax 2008 wrapper
TurboTax Deluxe 2005
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2005
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows XP (KB971737)
Verizon FiOS Activation
ViewSonic Monitor Drivers
ViewSonic Windows XP Signed Files
Weather Clock 3.6
WebEx
WexTech AnswerWorks
Where in the USA is Carmen Sandiego?
Windows Defender
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Toolbar


--
End of file - 7058 bytes
rik3267
Active Member
 
Posts: 14
Joined: December 12th, 2009, 12:40 pm
Advertisement
Register to Remove

Re: sutbborn trojan

Unread postby MWR 3 day Mod » December 17th, 2009, 1:31 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: sutbborn trojan

Unread postby muppy03 » December 19th, 2009, 12:25 am

Hello and welcome to Malware Removal Forums

IMPORTANT

Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
To make cleaning this machine easier:-
  • Continue to respond to this thread until I give you the All Clean!
  • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
  • Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
  • Please follow all instructions in the order posted.
  • If you have any questions or do not understand instructions, please ask before continuing.
  • Please reply to this thread. Do not start a new topic.

1. Disable Spybot's TeaTimer. This is a two step process.

Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident
Second step, For Either Version :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
Don't forget to re-enable it, when your computer is clean.


2. Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:

    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply

    Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.


3. NEXT Download and Run: RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please reply with:-
  • MBAM log
  • RSIT logs ( info.txt and log.txt)
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: sutbborn trojan

Unread postby rik3267 » December 19th, 2009, 11:14 am

Malwarebytes' Anti-Malware 1.42
Database version: 3392
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/19/2009 10:09:11 AM
mbam-log-2009-12-19 (10-09-11).txt

Scan type: Full Scan (C:\|)
Objects scanned: 209010
Time elapsed: 1 hour(s), 11 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 12
Registry Values Infected: 2
Registry Data Items Infected: 6
Folders Infected: 6
Files Infected: 76

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\devmgr32.dll (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\198.tmp (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\2ce3c67f705 (Trojan.Tracur) -> Delete on reboot.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{4509d3cc-b642-4745-b030-645b79522c6d} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4897bba6-48d9-468c-8efa-846275d7701b} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c009b9c9 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\49272832 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cftmon (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\devmgr32.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\devmgr32.dll -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\49272832 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\50047521 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\68903935 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Bullseye Tool Bar (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files\runit (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32 (Worm.Archive) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\pabipihe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\devmgr32.dll (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\198.tmp (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\rser02686.exe (Adware.IEToolbar) -> Quarantined and deleted successfully.
C:\WINDOWS\wtut56716.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\D3DCompiler_4132.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comcat3232.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atmpvcno32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dbmsvinn32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dbmsvinn3232.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\d3dx10_3732.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE02C676-D30C-4045-8FB8-0431E938BE4D}\RP1\A0002060.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE02C676-D30C-4045-8FB8-0431E938BE4D}\RP1\A0002061.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE02C676-D30C-4045-8FB8-0431E938BE4D}\RP28\A0024591.exe (Worm.Autorun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE02C676-D30C-4045-8FB8-0431E938BE4D}\RP32\A0027623.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE02C676-D30C-4045-8FB8-0431E938BE4D}\RP33\A0027625.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE02C676-D30C-4045-8FB8-0431E938BE4D}\RP34\A0027660.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE02C676-D30C-4045-8FB8-0431E938BE4D}\RP34\A0027697.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE02C676-D30C-4045-8FB8-0431E938BE4D}\RP35\A0027703.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE02C676-D30C-4045-8FB8-0431E938BE4D}\RP36\A0027809.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE02C676-D30C-4045-8FB8-0431E938BE4D}\RP37\A0027897.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE02C676-D30C-4045-8FB8-0431E938BE4D}\RP38\A0027929.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE02C676-D30C-4045-8FB8-0431E938BE4D}\RP39\A0028141.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE02C676-D30C-4045-8FB8-0431E938BE4D}\RP40\A0028142.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE02C676-D30C-4045-8FB8-0431E938BE4D}\RP41\A0028149.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE02C676-D30C-4045-8FB8-0431E938BE4D}\RP42\A0028150.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE02C676-D30C-4045-8FB8-0431E938BE4D}\RP42\A0028237.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE02C676-D30C-4045-8FB8-0431E938BE4D}\RP42\A0028265.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE02C676-D30C-4045-8FB8-0431E938BE4D}\RP42\A0028282.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE02C676-D30C-4045-8FB8-0431E938BE4D}\RP5\A0002349.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Bullseye Tool Bar\tbhelper.dll (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Lewis\Local Settings\Temp\CA.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Lewis\Local Settings\Temp\CC.tmp (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Lewis\Local Settings\Temporary Internet Files\Content.IE5\2EOYE8L1\PLAY_MP3[1].exe (Adware.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\68903935\68903935.bat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Bullseye Tool Bar\basis.xml (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Bullseye Tool Bar\date2.html (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Bullseye Tool Bar\icons.bmp (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Bullseye Tool Bar\info.txt (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Bullseye Tool Bar\lw.crc (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Bullseye Tool Bar\lwpopper.html (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Bullseye Tool Bar\popper3.html (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Bullseye Tool Bar\popup1.html (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Bullseye Tool Bar\popup2.html (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Bullseye Tool Bar\uninstall.exe (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Bullseye Tool Bar\version.txt (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\Bullseye Tool Bar\your_logo.png (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
C:\Program Files\runit\config.txt (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@i1991875621v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mi1991875621v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mi1991875621v4.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mi1991875621v5.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mi1991875621v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mi1991875621v6.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mi1991875621v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mi1991875621v7.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1991875621v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu1991875621v5.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1991875621v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1991875621v0.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1991875621v1 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1991875621v1.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1991875621v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1991875621v2.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1991875621v3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu1991875621v3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_i1991875621v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_i1991875621v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_i1991875621v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u1991875621v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Lewis\Desktop\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Richard Lewis\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Program Files\owcstp16.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mbxw.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\siuhb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

#1 LOG


Logfile of random's system information tool 1.06 (written by random/random)
Run by Richard Lewis at 2009-12-19 10:15:49
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 24 GB (31%) free of 76 GB
Total RAM: 1023 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:10 AM, on 12/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Richard Lewis\My Documents\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Richard Lewis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = about:blank
O2 - BHO: (no name) - {33C84902-C0C8-4203-B7DC-901A9FC68BDb} - C:\WINDOWS\System32\dxtmsft32.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {CF21240A-C0C8-4203-B7DC-901A9FC68BDb} - C:\WINDOWS\System32\d3d8thk32.dll (file missing)
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [DVDUpgrade] DVDUpgrd.exe /async
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [ButtonMonitor] S200
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [WeatherClock] C:\Program Files\Weather Clock\WeatherClock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [richtx64.exe] C:\WINDOWS\TEMP\richtx64.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [richtx64.exe] C:\WINDOWS\TEMP\richtx64.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = Common\Bin\WinCinemaMgr.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwar ... TSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0129391578
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\devmgr32.dll
O20 - Winlogon Notify: 2ce3c67f705 - C:\WINDOWS\System32\devmgr32.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O24 - Desktop Component 1: (no name) - http://www.yahoo.com/r/2k

--
End of file - 7120 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Norton Security Online - Run Full System Scan - Richard Lewis.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{CF3594AC-F858-4A13-A6EB-EE94485A0CD3}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33C84902-C0C8-4203-B7DC-901A9FC68BDb}]
C:\WINDOWS\System32\dxtmsft32.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2009-12-12 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CF21240A-C0C8-4203-B7DC-901A9FC68BDb}]
C:\WINDOWS\System32\d3d8thk32.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
SITEguard

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
""= []
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-01-11 577536]
"WINDVDPatch"=C:\WINDOWS\system32\CTHELPER.EXE [2002-07-02 24576]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"Jet Detection"=C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [2001-11-29 28672]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2009-12-12 2033432]
"DVDUpgrade"=DVDUpgrd.exe /async []
"TMRUBottedTray"=C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe [2008-11-06 288088]
"ButtonMonitor"=S200 []
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-12-03 429392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WeatherClock"=C:\Program Files\Weather Clock\WeatherClock.exe []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-06-06 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq S200 Button Manager.lnk]
C:\PROGRA~1\COMPAQ~1\S200Btns.exe [2001-06-28 430080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
C:\PROGRA~1\Quicken\bagent.exe [2007-05-07 87592]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\System32\devmgr32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\2ce3c67f705]
C:\WINDOWS\System32\devmgr32.dll [2009-12-19 120832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
wrvtck.dll
nobukofi.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=157
"NoActiveDesktopChanges"=0
"NoSetActiveDesktop"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoActiveDesktopChanges"=
"NoSetActiveDesktop"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe"
"C:\Program Files\HP\HP Software Update\HPWUCli.exe"="C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe"
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe"="C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:*:Disabled:ActiveSync RAPI Manager"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"\\RICHARD-NSIXIQO\LIMEWIRE\LimeWire.exe"="\\RICHARD-NSIXIQO\LIMEWIRE\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\InterVideo\WinDVD\WinDVD.exe"="C:\Program Files\InterVideo\WinDVD\WinDVD.exe:*:Enabled:Software DVD Player"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe"
"C:\Program Files\HP\HP Software Update\HPWUCli.exe"="C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe"
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe"="C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7bf9963-be5d-11de-adef-806d6172696f}]
shell\AutoRun\command - E:\SETUP.EXE


======List of files/folders created in the last 1 months======

2009-12-19 10:15:49 ----D---- C:\rsit
2009-12-19 08:40:58 ----D---- C:\Documents and Settings\Richard Lewis\Application Data\Malwarebytes
2009-12-19 08:40:46 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-12-19 08:40:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-18 17:52:16 ----D---- C:\Program Files\FinePixViewer
2009-12-18 17:51:01 ----N---- C:\WINDOWS\system32\FINFCOPY.dll
2009-12-18 17:51:01 ----N---- C:\WINDOWS\system32\FINFCHECK.dll
2009-12-18 17:51:01 ----D---- C:\Program Files\REGSHAVE
2009-12-18 17:51:00 ----N---- C:\WINDOWS\system32\FREGSHEX.DLL
2009-12-18 17:51:00 ----N---- C:\WINDOWS\system32\FCLKBTN.DLL
2009-12-18 16:13:33 ----A---- C:\WINDOWS\system32\12D.tmp
2009-12-18 16:13:31 ----A---- C:\WINDOWS\system32\12C.tmp
2009-12-11 17:31:19 ----A---- C:\WINDOWS\system32\devmgr32.dll
2009-12-09 16:18:30 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-09 16:18:22 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-09 16:17:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-09 16:17:47 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-09 16:17:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-08 19:26:19 ----A---- C:\WINDOWS\system32\MRT.exe
2009-12-08 11:05:46 ----D---- C:\WINDOWS\Prefetch
2009-12-08 10:54:47 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-12-08 10:54:32 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-12-08 05:58:37 ----D---- C:\Program Files\MSXML 6.0
2009-12-08 03:15:51 ----HDC---- C:\WINDOWS\$NtUninstallKB974455$
2009-12-08 03:12:56 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-12-08 03:11:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-12-08 03:07:54 ----A---- C:\WINDOWS\005768_.tmp
2009-12-08 03:06:54 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-12-08 03:05:19 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-12-08 03:03:52 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-12-07 18:28:42 ----A---- C:\WINDOWS\002452_.tmp
2009-12-07 18:25:29 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-12-07 16:05:47 ----A---- C:\WINDOWS\ModemLog_Motorola USB Modem #4.txt
2009-12-04 16:29:01 ----A---- C:\WINDOWS\system32\iuengine.dll
2009-12-04 15:40:49 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-12-04 15:40:16 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-12-04 15:40:16 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-12-04 15:40:16 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-12-04 15:40:16 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-12-04 15:40:15 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-12-04 15:40:15 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-12-04 15:40:14 ----A---- C:\WINDOWS\system32\inetres.dll
2009-12-04 15:40:13 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-12-04 15:40:12 ----A---- C:\WINDOWS\system32\isign32.dll
2009-12-04 15:40:12 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-12-04 15:40:12 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-12-04 15:40:04 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-12-04 15:40:04 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-12-04 15:39:58 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-12-04 15:39:57 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-12-04 15:39:57 ----A---- C:\WINDOWS\system32\srclient.dll
2009-12-04 15:39:56 ----A---- C:\WINDOWS\system32\ils.dll
2009-12-04 15:39:55 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-12-04 15:39:54 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-12-04 15:39:54 ----A---- C:\WINDOWS\system32\msconf.dll
2009-12-04 15:39:50 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-12-04 15:39:50 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-12-04 15:39:49 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-12-04 15:39:49 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-12-04 15:39:48 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-12-04 15:39:48 ----A---- C:\WINDOWS\system32\mstask.dll
2009-12-04 15:38:04 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-12-04 15:38:03 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-12-04 15:38:03 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-12-04 15:38:03 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-12-04 15:38:03 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-12-04 15:38:02 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-12-04 15:38:02 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-12-04 15:38:02 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-12-04 15:38:02 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-12-04 15:38:01 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-12-04 15:38:01 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-12-04 15:38:01 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-12-04 15:38:01 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-12-04 15:38:01 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-12-04 15:38:01 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-12-04 15:38:01 ----A---- C:\WINDOWS\system32\colbact.dll
2009-12-04 15:38:00 ----A---- C:\WINDOWS\system32\stclient.dll
2009-12-04 15:38:00 ----A---- C:\WINDOWS\system32\comuid.dll
2009-12-04 15:38:00 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-12-04 15:38:00 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-12-04 15:38:00 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-12-04 15:38:00 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-12-04 15:38:00 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-12-04 15:38:00 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-12-04 15:38:00 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-12-04 15:37:59 ----A---- C:\WINDOWS\system32\fxsmon.dll
2009-12-04 15:37:59 ----A---- C:\WINDOWS\system32\fxsevent.dll
2009-12-04 15:37:58 ----A---- C:\WINDOWS\system32\fxscom.dll
2009-12-04 15:37:54 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-12-04 15:37:54 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-12-04 15:37:53 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-12-04 15:37:53 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-12-04 15:37:53 ----A---- C:\WINDOWS\system32\cmprops.dll
2009-12-04 15:37:52 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-12-04 15:37:52 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-12-04 15:37:52 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-12-04 15:37:52 ----A---- C:\WINDOWS\system32\spider.exe
2009-12-04 15:37:52 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-12-04 15:37:51 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-12-04 15:37:51 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-12-04 15:37:51 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-12-04 15:37:51 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-12-04 15:37:51 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-12-04 15:37:51 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-12-04 15:37:51 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-12-04 15:37:51 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-12-04 15:37:51 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-12-04 15:37:50 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-12-04 15:37:50 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-12-04 15:37:50 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-12-04 15:37:50 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-12-04 15:37:50 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-12-04 15:37:50 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-12-04 15:37:50 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-12-04 15:37:49 ----A---- C:\WINDOWS\system32\fxsxp32.dll
2009-12-04 15:37:49 ----A---- C:\WINDOWS\system32\fxswzrd.dll
2009-12-04 15:37:49 ----A---- C:\WINDOWS\system32\fxsui.dll
2009-12-04 15:37:49 ----A---- C:\WINDOWS\system32\fxstiff.dll
2009-12-04 15:37:49 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-12-04 15:37:48 ----A---- C:\WINDOWS\system32\fxst30.dll
2009-12-04 15:37:48 ----A---- C:\WINDOWS\system32\fxssvc.exe
2009-12-04 15:37:48 ----A---- C:\WINDOWS\system32\fxsst.dll
2009-12-04 15:37:48 ----A---- C:\WINDOWS\system32\fxsres.dll
2009-12-04 15:37:48 ----A---- C:\WINDOWS\system32\fxsperf.dll
2009-12-04 15:37:48 ----A---- C:\WINDOWS\system32\fxsext32.dll
2009-12-04 15:37:47 ----A---- C:\WINDOWS\system32\fxsdrv.dll
2009-12-04 15:37:47 ----A---- C:\WINDOWS\system32\fxscover.exe
2009-12-04 15:37:47 ----A---- C:\WINDOWS\system32\fxscomex.dll
2009-12-04 15:37:47 ----A---- C:\WINDOWS\system32\fxsclnt.exe
2009-12-04 15:37:47 ----A---- C:\WINDOWS\system32\fxsapi.dll
2009-12-04 15:37:43 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-12-04 15:23:52 ----A---- C:\WINDOWS\system32\sfman32.dll
2009-12-04 15:23:52 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-12-04 15:23:45 ----A---- C:\WINDOWS\system32\ati2dvaa.dll
2009-12-04 15:18:54 ----A---- C:\WINDOWS\pnplog.txt
2009-12-04 15:15:47 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-12-04 15:15:47 ----A---- C:\WINDOWS\system32\irclass.dll
2009-12-04 15:15:46 ----A---- C:\WINDOWS\system32\storprop.dll
2009-12-04 15:15:21 ----RA---- C:\WINDOWS\SETF9.tmp
2009-12-04 15:15:18 ----RA---- C:\WINDOWS\SETE4.tmp
2009-12-02 19:54:14 ----A---- C:\WINDOWS\wininit.ini
2009-12-02 17:50:35 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-12-02 17:50:35 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-02 15:11:08 ----D---- C:\Program Files\Trend Micro
2009-12-01 21:04:00 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2009-12-01 21:04:00 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-12-01 21:03:59 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2009-12-01 21:03:58 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2009-12-01 21:03:56 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2009-12-01 21:03:55 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2009-12-01 21:03:54 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2009-12-01 21:03:53 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2009-12-01 21:03:51 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-12-01 21:03:51 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-12-01 21:03:50 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-12-01 21:03:49 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-12-01 21:03:47 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-12-01 21:03:47 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-12-01 21:03:46 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-12-01 21:03:44 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-12-01 21:03:44 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-12-01 21:03:43 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-12-01 21:03:41 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-12-01 21:03:41 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-12-01 21:03:40 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-12-01 21:03:39 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-12-01 21:03:37 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-12-01 21:03:37 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-12-01 21:03:36 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-12-01 21:03:34 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2009-12-01 21:03:33 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2009-12-01 21:03:32 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2009-12-01 21:03:31 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-12-01 21:03:31 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-12-01 21:03:29 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-12-01 21:03:27 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-12-01 21:03:26 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-12-01 21:03:26 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-12-01 21:03:25 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-12-01 21:03:23 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-12-01 21:03:23 ----A---- C:\WINDOWS\system32\x3daudio1_2.dll
2009-12-01 21:03:22 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-12-01 21:03:22 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-12-01 21:03:21 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-12-01 21:03:19 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-12-01 21:03:17 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-12-01 21:03:15 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-12-01 21:03:15 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-12-01 21:03:02 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-12-01 21:03:00 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-12-01 21:02:59 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-12-01 21:02:59 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-12-01 21:02:57 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-12-01 21:02:56 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-12-01 21:02:55 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-12-01 21:02:54 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-12-01 21:02:53 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-12-01 21:02:52 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-12-01 21:02:38 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-12-01 21:02:36 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-12-01 21:02:36 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-12-01 21:02:35 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-12-01 21:02:34 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-12-01 21:02:33 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-12-01 21:02:32 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-12-01 21:02:31 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-12-01 21:02:28 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-12-01 21:02:02 ----D---- C:\WINDOWS\Logs
2009-11-30 21:28:41 ----HD---- C:\$AVG
2009-11-30 21:28:27 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-11-30 21:27:52 ----D---- C:\Program Files\AVG
2009-11-30 21:27:51 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2009-11-29 14:10:28 ----D---- C:\Documents and Settings\All Users\Application Data\SITEguard
2009-11-29 14:09:30 ----D---- C:\Program Files\Common Files\iS3
2009-11-29 14:09:30 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2009-11-29 10:33:47 ----A---- C:\WINDOWS\system32\winset.ini
2009-11-29 10:32:52 ----D---- C:\Program Files\IEToolbar
2009-11-29 10:13:23 ----D---- C:\Documents and Settings\Richard Lewis\Application Data\WinRAR
2009-11-29 10:11:54 ----SH---- C:\WINDOWS\system32\unrar.exe
2009-11-29 10:11:54 ----D---- C:\WINDOWS\system32\517054744
2009-11-29 10:11:41 ----N---- C:\WINDOWS\system32\198.tmp
2009-11-28 19:55:46 ----D---- C:\DECCHECK
2009-11-28 19:09:44 ----A---- C:\WINDOWS\{00000001-00000000-00000001-00001102-00000002-80311102}.BAK
2009-11-28 19:06:55 ----A---- C:\WINDOWS\system32\SFMS32.DLL
2009-11-28 19:06:55 ----A---- C:\WINDOWS\system32\REGPLIB.EXE
2009-11-28 19:06:55 ----A---- C:\WINDOWS\system32\PIAPROXY.DLL
2009-11-28 19:06:55 ----A---- C:\WINDOWS\system32\OPENAL32.DLL
2009-11-28 19:06:55 ----A---- C:\WINDOWS\system32\KILLAPPS.EXE
2009-11-28 19:06:55 ----A---- C:\WINDOWS\system32\KILL.INI
2009-11-28 19:06:55 ----A---- C:\WINDOWS\system32\EAXAC3.DLL
2009-11-28 19:06:55 ----A---- C:\WINDOWS\system32\CTSPKHLP.DLL
2009-11-28 19:06:55 ----A---- C:\WINDOWS\system32\CTSBLFX.DLL
2009-11-28 19:06:55 ----A---- C:\WINDOWS\system32\CTOSUSER.DLL
2009-11-28 19:06:55 ----A---- C:\WINDOWS\system32\CTEMUPIA.DLL
2009-11-28 19:06:55 ----A---- C:\WINDOWS\system32\CTDPROXY.DLL
2009-11-28 19:06:55 ----A---- C:\WINDOWS\system32\CTDEVCON.DLL
2009-11-28 19:06:55 ----A---- C:\WINDOWS\system32\CTASIO.DLL
2009-11-28 19:06:55 ----A---- C:\WINDOWS\system32\CTAGENT.DLL
2009-11-28 19:06:55 ----A---- C:\WINDOWS\system32\COMMONFX.DLL
2009-11-28 19:06:55 ----A---- C:\WINDOWS\system32\AC3API.DLL
2009-11-28 19:06:55 ----A---- C:\WINDOWS\system32\a3d.dll
2009-11-28 19:06:55 ----A---- C:\WINDOWS\READREG.EXE
2009-11-28 19:06:55 ----A---- C:\WINDOWS\PSCONV.EXE
2009-11-28 19:06:55 ----A---- C:\WINDOWS\MIDIDEF.EXE
2009-11-28 19:06:55 ----A---- C:\WINDOWS\DEVREG.DLL
2009-11-28 19:06:55 ----A---- C:\WINDOWS\CTDCRES.DLL
2009-11-28 15:20:23 ----D---- C:\ATI
2009-11-26 13:52:02 ----D---- C:\Documents and Settings\Richard Lewis\Application Data\LimeWire
2009-11-25 05:15:55 ----A---- C:\WINDOWS\system32\igfxres.dll

======List of files/folders modified in the last 1 months======

2009-12-19 10:09:11 ----RD---- C:\Program Files
2009-12-19 10:09:11 ----D---- C:\WINDOWS\system32
2009-12-19 10:09:10 ----AD---- C:\WINDOWS
2009-12-19 09:17:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-19 08:40:49 ----D---- C:\WINDOWS\system32\drivers
2009-12-19 08:39:35 ----SHD---- C:\WINDOWS\Installer
2009-12-19 08:39:35 ----HD---- C:\Config.Msi
2009-12-19 08:38:51 ----D---- C:\WINDOWS\Temp
2009-12-19 08:04:38 ----A---- C:\WINDOWS\ModemLog_Motorola USB Modem.txt
2009-12-19 08:03:19 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-18 17:57:30 ----HD---- C:\WINDOWS\inf
2009-12-18 17:54:08 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-18 17:53:19 ----D---- C:\Documents and Settings\Richard Lewis\Application Data\FUJIFILM
2009-12-18 17:51:21 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-18 15:21:01 ----D---- C:\WINDOWS\Help
2009-12-17 15:25:17 ----D---- C:\WINDOWS\WinSxS
2009-12-17 15:23:32 ----D---- C:\Program Files\Common Files\AnswerWorks 4.0
2009-12-15 15:27:45 ----D---- C:\ORG2
2009-12-15 15:27:45 ----A---- C:\WINDOWS\ORG2.INI
2009-12-15 15:27:44 ----A---- C:\WINDOWS\win.ini
2009-12-15 15:22:56 ----D---- C:\Program Files\ahead
2009-12-15 15:21:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-15 11:59:02 ----D---- C:\Program Files\Quicken
2009-12-14 15:32:05 ----A---- C:\WINDOWS\umaxuapi.ini
2009-12-14 15:32:00 ----A---- C:\WINDOWS\VISTA32.INI
2009-12-10 17:43:15 ----A---- C:\WINDOWS\imsins.BAK
2009-12-10 17:31:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-09 16:17:53 ----HD---- C:\WINDOWS\$hf_mig$
2009-12-09 08:46:22 ----D---- C:\WINDOWS\system32\wbem
2009-12-09 08:26:21 ----D---- C:\Program Files\Outlook Express
2009-12-09 08:18:22 ----D---- C:\Program Files\Internet Explorer
2009-12-08 19:34:26 ----D---- C:\WINDOWS\ie8updates
2009-12-08 19:33:02 ----HDC---- C:\WINDOWS\ie8
2009-12-08 19:30:54 ----D---- C:\WINDOWS\system32\en-US
2009-12-08 11:05:49 ----A---- C:\WINDOWS\setuplog.txt
2009-12-08 11:05:16 ----D---- C:\WINDOWS\AppPatch
2009-12-08 11:05:15 ----RSD---- C:\WINDOWS\Fonts
2009-12-08 11:05:15 ----D---- C:\WINDOWS\system32\Setup
2009-12-08 10:54:49 ----D---- C:\Program Files\Messenger
2009-12-08 10:54:05 ----D---- C:\WINDOWS\security
2009-12-08 10:51:08 ----D---- C:\WINDOWS\ime
2009-12-08 10:50:51 ----D---- C:\WINDOWS\peernet
2009-12-08 10:50:51 ----D---- C:\Program Files\Movie Maker
2009-12-08 10:46:53 ----D---- C:\WINDOWS\system32\Restore
2009-12-08 10:46:53 ----D---- C:\WINDOWS\system32\npp
2009-12-08 10:46:51 ----D---- C:\WINDOWS\msagent
2009-12-08 10:46:49 ----D---- C:\WINDOWS\srchasst
2009-12-08 10:46:49 ----D---- C:\Program Files\NetMeeting
2009-12-08 10:46:47 ----D---- C:\WINDOWS\system32\Com
2009-12-08 10:46:44 ----D---- C:\Program Files\Windows NT
2009-12-08 10:46:44 ----D---- C:\Program Files\Windows Media Player
2009-12-08 10:46:40 ----D---- C:\Program Files\Common Files\System
2009-12-08 10:46:20 ----D---- C:\WINDOWS\system32\oobe
2009-12-08 10:46:19 ----D---- C:\WINDOWS\system32\usmt
2009-12-08 10:46:17 ----D---- C:\WINDOWS\system
2009-12-08 10:43:24 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-08 10:38:07 ----D---- C:\WINDOWS\EHome
2009-12-07 21:33:45 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-12-07 21:29:48 ----D---- C:\WINDOWS\SoftwareDistribution
2009-12-07 21:29:41 ----HD---- C:\Program Files\WindowsUpdate
2009-12-07 18:52:41 ----SD---- C:\WINDOWS\Tasks
2009-12-07 18:51:50 ----D---- C:\WINDOWS\Debug
2009-12-07 18:36:38 ----RASH---- C:\boot.ini
2009-12-07 18:30:10 ----RD---- C:\WINDOWS\Web
2009-12-07 18:29:53 ----RASH---- C:\NTDETECT.COM
2009-12-06 17:39:45 ----D---- C:\Program Files\Online Services
2009-12-06 17:39:45 ----D---- C:\Program Files\MSN
2009-12-06 14:56:41 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-04 16:28:55 ----D---- C:\WINDOWS\Registration
2009-12-04 16:28:47 ----A---- C:\WINDOWS\ODBCINST.INI
2009-12-04 16:28:44 ----A---- C:\WINDOWS\OEWABLog.txt
2009-12-04 16:24:56 ----SHD---- C:\System Volume Information
2009-12-04 16:21:05 ----D---- C:\WINDOWS\system32\config
2009-12-04 15:41:28 ----D---- C:\WINDOWS\system32\ias
2009-12-04 15:40:42 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-12-04 15:15:54 ----A---- C:\WINDOWS\SYSTEM.INI
2009-12-04 15:15:33 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-12-04 10:06:07 ----D---- C:\WINDOWS\Media
2009-12-04 10:06:03 ----D---- C:\WINDOWS\twain_32
2009-12-04 10:05:40 ----D---- C:\WINDOWS\system32\icsxml
2009-12-04 10:04:59 ----D---- C:\WINDOWS\system32\1033
2009-12-04 10:03:44 ----D---- C:\WINDOWS\Driver Cache
2009-12-03 17:00:25 ----A---- C:\WINDOWS\ntbtlog.txt
2009-12-01 21:02:51 ----RSD---- C:\WINDOWS\assembly
2009-12-01 21:02:15 ----D---- C:\WINDOWS\system32\DirectX
2009-11-30 21:27:39 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-11-29 17:39:43 ----D---- C:\WINDOWS\Minidump
2009-11-29 16:47:11 ----D---- C:\Program Files\InterVideo
2009-11-29 14:09:30 ----D---- C:\Program Files\Common Files
2009-11-28 20:41:27 ----A---- C:\WINDOWS\QTW.INI
2009-11-28 19:07:39 ----D---- C:\WINDOWS\system32\Defaults
2009-11-28 16:38:52 ----D---- C:\Program Files\Analog Devices
2009-11-26 21:16:06 ----D---- C:\Documents and Settings\Richard Lewis\Application Data\Google
2009-11-26 21:14:56 ----D---- C:\Program Files\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-11-30 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-11-30 28424]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-11-30 360584]
R1 sf;SFI Service; C:\WINDOWS\system32\drivers\sf.sys [2003-05-08 33248]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2006-04-06 16512]
R2 Fallback;Fallback; C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys [2002-08-29 289887]
R2 Fsks;Fsks; C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys [2002-08-29 115807]
R2 K56;K56; C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys [2002-08-29 391199]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\PfModNT.sys []
R2 SoftFax;SoftFax; C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys [2002-08-29 199711]
R2 Tones;Tones; C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys [2002-08-29 50751]
R2 V124;V124; C:\WINDOWS\system32\DRIVERS\HSF_V124.sys [2002-08-29 488383]
R3 ati2mtaa;ati2mtaa; C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-03 327040]
R3 E1000;Intel(R) PRO/1000 Adapter Driver; C:\WINDOWS\System32\DRIVERS\e1000325.sys [2003-05-21 121856]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-09-27 9856]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 TMPassthruMP;TMPassthruMP; C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [2008-03-02 206608]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 DeviceScanner;Compaq S200 Scanner; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S2 mrtRate;mrtRate; C:\WINDOWS\system32\drivers\mrtRate.sys []
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys []
S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys []
S3 Amps2prt;A4Tech PS/2 Port Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2000-11-13 10195]
S3 ATICDSDr;ATICDSDr; \??\C:\WINDOWS\TEMP\ATICDSDr.sys []
S3 basic2;basic2; C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys [2002-08-29 67167]
S3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2001-10-30 280782]
S3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-07-19 127948]
S3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-07-19 837548]
S3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-07-19 11068]
S3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-07-19 213860]
S3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-07-19 156604]
S3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2002-07-24 998004]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-10-28 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-10-28 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-10-28 21568]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys []
S3 hsf_msft;hsf_msft; C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys [2002-08-29 542879]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 NtApm;NT Apm/Legacy Interface Driver; C:\WINDOWS\System32\DRIVERS\NtApm.sys [2002-08-29 9344]
S3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-07-19 195432]
S3 Pcouffin;Low level access layer for CD devices; C:\WINDOWS\System32\Drivers\Pcouffin.sys []
S3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys [2006-10-05 22272]
S3 Rksample;Rksample; C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys [2002-08-29 57471]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-08-29 5888]
S3 Ser2pl;Nokia CA-42 USB; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2005-09-26 48640]
S3 SiS300i;SiS300i; C:\WINDOWS\System32\DRIVERS\sis300ip.sys [2001-08-17 101760]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2004-08-03 32768]
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys []
S3 TMPassthru;Trend Micro Passthru Ndis Service; C:\WINDOWS\System32\DRIVERS\TMPassthru.sys [2008-03-02 206608]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VQ21FIL;ViewQuest USB Filter Driver (FILTER); C:\WINDOWS\system32\DRIVERS\VQ2101XP.SYS [2002-07-26 5593]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 BsUDF;InCD UDF Driver; C:\WINDOWS\system32\drivers\BsUDF.sys [2002-02-27 314496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-11-30 285392]
R2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 RUBotted;Trend Micro RUBotted Service; C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe [2008-11-06 582992]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-26 135664]
S2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
S2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-29 138168]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-09-22 38912]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
#2 LOG


info.txt logfile of random's system information tool 1.06 2009-12-19 10:16:15

======Uninstall list======

-->"C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}
56HP PCI V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_200314F1\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F00&SUBSYS_200414F1
A4Tech iWheelWorks V7.0-->C:\WINDOWS\system32\Amuninst.exe
Adobe Acrobat 4.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
Bullseye Tool Bar-->regsvr32 /u /s "C:\Program Files\IEToolbar\Bullseye Tool Bar\lw.dll"
CAM-IN SUITE III-->C:\PROGRA~1\CAM-IN~1\UNWISE.EXE C:\PROGRA~1\CAM-IN~1\INSTALL.LOG
Compaq S200 Scanner-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5791267-13D3-11D5-96F3-0050BA4B330B}\SETUP.EXE"
FinePix Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}\SETUP.EXE" -l0x9
FinePixViewer Resource-->C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
FinePixViewer Ver.5.4-->C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
FUJIFILM USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\3.0.195.38\Installer\setup.exe" --uninstall --system-level
Google Earth-->MsiExec.exe /X{9074AFC0-CFDA-11DE-B484-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Customer Participation Program 13.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat -forcereboot
HP Deskjet D1600 Printer Driver Software 13.0 Rel .6-->C:\Program Files\HP\Digital Imaging\{2CD0168D-FBBC-4667-8810-105CB6EC6348}\setup\hpzscr01.exe -datfile hphscr33.dat -onestop -forcereboot
HP Imaging Device Functions 13.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Print Projects 1.0-->C:\Program Files\HP\Digital Imaging\HPPrintProjects\hpzscr01.exe -datfile hpqbud19.dat
HP Smart Web Printing 4.5-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 13.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update-->MsiExec.exe /X{818ABC3C-635C-4651-8183-D0E9640B7DD1}
InCD (Ahead Software)-->C:\WINDOWS\NuNInst.exe /UNINSTALL
InstallMgr-->MsiExec.exe /I{98177940-C048-4831-A279-F3888B1E2C7F}
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
InterVideo Installer-->"C:\Program Files\InterVideo\Installer\IVIUninstaller.exe" "C:\Program Files\InterVideo\Installer"
InterVideo WinDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1939820-A945-11D4-86F6-0001031E5712}\setup.exe" REMOVEALL
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MGI PhotoSuite 4 (Remove Only)-->"C:\Program Files\MGI\MGI PhotoSuite 4\System\MGIUninstall.exe" C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MGI\MGI PhotoSuite 4\Uninst.isu" -c"C:\Program Files\MGI\MGI PhotoSuite 4\System\CustomUninstall.dll"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Default Manager-->MsiExec.exe /I{B7148D71-0A8F-4501-96B4-4E1CC67F874E}
Microsoft DirectX Transform optional components-->RUNDLL32.EXE ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\DXTXTRA.INF,UNINSTALL.NT,12
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Live Meeting 2005-->MsiExec.exe /I{7228CB73-80E9-48D3-A7FD-C2A242686AB3}
Microsoft Office XP Professional-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Motorola Driver Installation 3.7.0-->MsiExec.exe /I{B8EF780F-126C-4CF0-AAB2-1B68BF06BA1C}
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSN Toolbar-->"C:\Program Files\Microsoft\Search Enhancement Pack\InstallMgr\InstallMgr.exe"
MSN Toolbar-->MsiExec.exe /X{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
Nero - Burning Rom-->MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
PCI Audio Driver-->cmuninst.exe
PDFLIB-->C:\PROGRA~1\COSSTEMP\UNWISE.EXE C:\PROGRA~1\COSSTEMP\PDFINSTALL.LOG
PhoneTray Voices-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FD382CAF-4B68-4DA5-9BCB-60394D9BF2D2}
Quicken 2007-->MsiExec.exe /X{0D2E80C8-0875-43EB-9623-47118E2DFBCA}
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Realtek AC'97 Audio-->Alcrmv.exe -r -m
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Sound Blaster Live!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}\Setup.exe" -l0x9
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Strategy Challenges 1-->C:\WINDOWS\edmkuni2.exe "C:\Program Files\Edmark\Strategy Challenges 1 "
Stuart Little Big City Adventures-->C:\HASBRO\STUART_LITTLE\Uninstall_Stuart.EXE
Trend Micro RUBotted-->C:\Program Files\InstallShield Installation Information\{12650598-D7B9-4FB5-91B2-2CAA641AC589}\setup.exe -runfromtemp -l0x0009 -removeonly
TurboTax 2008 WinPerFedFormset-->MsiExec.exe /I{7570F1CA-016D-46AC-B586-CD74645EFB52}
TurboTax 2008 WinPerProgramHelp-->MsiExec.exe /I{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}
TurboTax 2008 WinPerReleaseEngine-->MsiExec.exe /I{88214092-836F-4E22-A5AC-569AC9EE6A0F}
TurboTax 2008 WinPerTaxSupport-->MsiExec.exe /I{B23726CF-68BF-41A6-A4EB-72F12F87FE05}
TurboTax 2008 WinPerUserEducation-->MsiExec.exe /I{29521505-F489-4822-ADFA-32C6DEE4F114}
TurboTax 2008 wpaiper-->MsiExec.exe /I{7E820A0C-8CD6-44A2-9963-A243B224CDB4}
TurboTax 2008 wrapper-->MsiExec.exe /I{B1DB1AD8-C07E-4052-81A1-D2930232BA70}
TurboTax 2008-->C:\Program Files\TurboTax\Deluxe 2008\Installer\TurboTax 2008 Installer.exe /u /t /a
TurboTax Deluxe 2005-->C:\Program Files\TurboTax\Deluxe 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2005\Uninstall.log" -NoGui
TurboTax Deluxe 2007-->C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
TurboTax Deluxe Deduction Maximizer 2006-->C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2005-->MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Verizon FiOS Activation-->"C:\WINDOWS\FIOS\unins000.exe"
ViewSonic Monitor Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48963B63-7A10-49D6-8B08-61E6132453D0}\Setup.exe" -l0x9
ViewSonic Windows XP Signed Files-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC47C7A5-BE63-11D5-B7C9-005004566E4D}\Setup.exe" -l0x9
WebEx-->C:\WINDOWS\Downlo~1\atcliun.exe
Where in the USA is Carmen Sandiego?-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\The Learning Company\Where in the USA is Carmen Sandiego\Uninst.isu"
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

=====HijackThis Backups=====

O20 - Winlogon Notify: 2ce3c67f705 - C:\WINDOWS\System32\devmgr32.dll [2009-12-02]
O20 - AppInit_DLLs: C:\WINDOWS\System32\devmgr32.dll [2009-12-02]
O20 - Winlogon Notify: __c00C4900 - C:\WINDOWS\system32\__c00C4900.dat [2009-12-02]
O20 - Winlogon Notify: 2ce3c67f705 - C:\WINDOWS\System32\devmgr32.dll [2009-12-02]
O20 - Winlogon Notify: __c00C4900 - C:\WINDOWS\system32\__c00C4900.dat [2009-12-02]
O20 - AppInit_DLLs: C:\WINDOWS\System32\devmgr32.dll [2009-12-02]
O20 - Winlogon Notify: __c00C4900 - C:\WINDOWS\system32\__c00C4900.dat [2009-12-02]
O20 - Winlogon Notify: 2ce3c67f705 - C:\WINDOWS\System32\devmgr32.dll [2009-12-02]
O20 - AppInit_DLLs: C:\WINDOWS\System32\devmgr32.dll [2009-12-02]
O20 - Winlogon Notify: 2ce3c67f705 - C:\WINDOWS\System32\devmgr32.dll [2009-12-02]
O20 - AppInit_DLLs: C:\WINDOWS\System32\devmgr32.dll [2009-12-02]
O20 - Winlogon Notify: __c00C4900 - C:\WINDOWS\system32\__c00C4900.dat [2009-12-02]
O20 - Winlogon Notify: 2ce3c67f705 - C:\WINDOWS\System32\devmgr32.dll [2009-12-02]
O20 - Winlogon Notify: __c00AD7CF - C:\WINDOWS\system32\__c00AD7CF.dat [2009-12-02]
O20 - AppInit_DLLs: C:\WINDOWS\System32\devmgr32.dll [2009-12-02]
O20 - AppInit_DLLs: C:\WINDOWS\System32\devmgr32.dll dogejuhu.dll C:\WINDOWS\System32\devmgr32.dll C:\WINDOWS\System32\devmgr32.dll C:\WINDOWS\System32\devmgr32.dll C:\WINDOWS\System32\devmgr32.dll,C:\WINDOWS\System32\devmgr32.dll ,C:\WINDOWS\System32\devmgr32.dll c:\windows\system32\jupabone.dll,C:\WINDOWS\System32\devmgr32.dll [2009-12-05]
O21 - SSODL: siputatol - {f2e3becf-975e-49fc-9a05-86593d8ba500} - c:\windows\system32\jupabone.dll (file missing) [2009-12-05]
O22 - SharedTaskScheduler: gahurihor - {f2e3becf-975e-49fc-9a05-86593d8ba500} - (no file) [2009-12-05]
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-12-05]
O20 - AppInit_DLLs: C:\WINDOWS\System32\devmgr32.dll [2009-12-05]
O20 - Winlogon Notify: 2ce3c67f705 - C:\WINDOWS\System32\devmgr32.dll [2009-12-05]
O20 - AppInit_DLLs: C:\WINDOWS\System32\devmgr32.dll [2009-12-06]
O20 - AppInit_DLLs: C:\WINDOWS\System32\devmgr32.dll [2009-12-06]
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-12-09]
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-12-09]
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [2009-12-09]
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe [2009-12-09]
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe [2009-12-09]
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [2009-12-09]
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B6C7106-1B0F-4FDF-8B5B-6529655B6CB7}: NameServer = 193.104.110.38,4.2.2.1,192.168.1.1 [2009-12-09]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: RGL-8O3N26X6IPY
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the Intuit Update Service service to connect.

Record Number: 79873
Source Name: Service Control Manager
Time Written: 20091210122955.000000-300
Event Type: error
User:

Computer Name: RGL-8O3N26X6IPY
Event Code: 7000
Message: The Compaq S200 Scanner service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 79872
Source Name: Service Control Manager
Time Written: 20091210122955.000000-300
Event Type: error
User:

Computer Name: RGL-8O3N26X6IPY
Event Code: 36
Message: While validating that \Device\Serial0 was really a serial port, the contents of the divisor latch register was identical to the interrupt enable and the receive registers.
The device is assumed not to be a serial port and will be deleted.

Record Number: 79870
Source Name: Serial
Time Written: 20091210122915.000000-300
Event Type: error
User:

Computer Name: RGL-8O3N26X6IPY
Event Code: 7000
Message: The -- service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Record Number: 79860
Source Name: Service Control Manager
Time Written: 20091209205532.000000-300
Event Type: error
User:

Computer Name: RGL-8O3N26X6IPY
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the -- service to connect.

Record Number: 79859
Source Name: Service Control Manager
Time Written: 20091209205532.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: RGL-8O3N26X6IPY
Event Code: 11706
Message: Product: Status -- Error 1706. An installation package for the product Status cannot be found. Try the installation again using a valid copy of the installation package 'status.msi'.

Record Number: 34179
Source Name: MsiInstaller
Time Written: 20091215113624.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: RGL-8O3N26X6IPY
Event Code: 1001
Message: Detection of product '{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}', feature 'statusexe' failed during request for component '{1A4D0FBA-CD92-4C4E-8AC7-87C0309976C3}'

Record Number: 34178
Source Name: MsiInstaller
Time Written: 20091215113555.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: RGL-8O3N26X6IPY
Event Code: 1004
Message: Detection of product '{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}', feature 'statusexe', component '{3B694B1F-4410-11D5-A54A-0090278A1BB8}' failed. The resource 'C:\WINDOWS\system32\gdiplus.dll' does not exist.

Record Number: 34177
Source Name: MsiInstaller
Time Written: 20091215113555.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: RGL-8O3N26X6IPY
Event Code: 11706
Message: Product: Status -- Error 1706. An installation package for the product Status cannot be found. Try the installation again using a valid copy of the installation package 'status.msi'.

Record Number: 34175
Source Name: MsiInstaller
Time Written: 20091215113554.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: RGL-8O3N26X6IPY
Event Code: 1001
Message: Detection of product '{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}', feature 'statusexe' failed during request for component '{1A4D0FBA-CD92-4C4E-8AC7-87C0309976C3}'

Record Number: 34174
Source Name: MsiInstaller
Time Written: 20091215113504.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0209
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%

-----------------EOF-----------------
rik3267
Active Member
 
Posts: 14
Joined: December 12th, 2009, 12:40 pm

Re: sutbborn trojan

Unread postby muppy03 » December 19th, 2009, 8:12 pm

It does not appear that you have disabled Spybots Teatimer. This is quite important. If you are having trouble disabling, Uninstall instead. When we are finished it can be re-installed or re-enabled. Make sure your disable all AntiVirus and AntiSpyware applications before running the following.


Download and run Combofix
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Please download ComboFix from Here

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • If you need help to disable your protection programs see here.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Image
Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please reply with:-
  • Combofix log
  • New HJT log
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: sutbborn trojan

Unread postby rik3267 » December 20th, 2009, 11:24 am

combofix log file 12/20/09:

ComboFix 09-12-18.03 - Richard Lewis 12/20/2009 10:08:38.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.616 [GMT -5:00]
Running from: c:\documents and settings\Richard Lewis\Desktop\KittyFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Richard Lewis\Application Data\02000000eac6efb0705C.manifest
c:\documents and settings\Richard Lewis\Application Data\02000000eac6efb0705O.manifest
c:\documents and settings\Richard Lewis\Application Data\02000000eac6efb0705P.manifest
c:\documents and settings\Richard Lewis\Application Data\02000000eac6efb0705S.manifest
c:\program files\IEToolbar
c:\program files\INSTALL.LOG
c:\recycler\S-1-5-21-1085031214-688789844-854245398-1003
c:\windows\MailSwitch.ocx
c:\windows\system32\42KJE738.ocx
c:\windows\system32\517054744
c:\windows\system32\msssc.dll
c:\windows\system32\ntnet.drv
c:\windows\system32\suspend.exe
c:\windows\system32\unrar.exe
c:\windows\winhelp.ini

.
((((((((((((((((((((((((( Files Created from 2009-11-20 to 2009-12-20 )))))))))))))))))))))))))))))))
.

2009-12-19 19:05 . 2009-12-19 19:31 -------- d-----w- c:\program files\FinePixViewer
2009-12-19 18:56 . 2001-11-25 11:11 81924 ------w- c:\windows\system32\drivers\VC4CB104.SYS
2009-12-19 18:56 . 2009-12-19 18:56 -------- d-----w- c:\program files\REGSHAVE
2009-12-19 18:56 . 2002-06-25 15:06 45056 ------w- c:\windows\system32\FINFCOPY.dll
2009-12-19 18:56 . 2002-02-27 11:27 65536 ------w- c:\windows\system32\FINFCHECK.dll
2009-12-19 18:56 . 2002-02-13 10:00 45056 ------w- c:\windows\system32\FCLKBTN.DLL
2009-12-19 18:56 . 2002-02-05 16:33 69632 ------w- c:\windows\system32\FREGSHEX.DLL
2009-12-19 16:24 . 2001-08-18 03:36 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2009-12-19 16:24 . 2001-08-18 03:36 92160 ----a-w- c:\windows\system32\fuusd.dll
2009-12-19 16:24 . 2001-08-18 03:36 71680 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll
2009-12-19 16:24 . 2001-08-18 03:36 71680 ----a-w- c:\windows\system32\fnfilter.dll
2009-12-19 16:24 . 2001-08-17 18:53 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
2009-12-19 16:24 . 2001-08-17 18:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2009-12-19 15:15 . 2009-12-19 15:16 -------- d-----w- C:\rsit
2009-12-19 13:40 . 2009-12-19 13:40 -------- d-----w- c:\documents and settings\Richard Lewis\Application Data\Malwarebytes
2009-12-19 13:40 . 2009-12-03 21:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-19 13:40 . 2009-12-19 13:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-19 13:40 . 2009-12-19 13:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-19 13:40 . 2009-12-03 21:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-18 14:17 . 2009-12-01 02:27 294680 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglngx.dll
2009-12-16 17:02 . 2009-12-16 17:04 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2009-12-12 14:33 . 2009-12-01 02:27 798488 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2009-12-09 00:23 . 2009-10-29 07:45 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-09 00:23 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-09 00:23 . 2009-10-29 07:45 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-09 00:23 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-09 00:23 . 2009-10-29 07:45 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-09 00:23 . 2009-10-29 07:45 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-09 00:20 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-08 10:58 . 2009-12-08 10:58 -------- d-----w- c:\program files\MSXML 6.0
2009-12-08 08:10 . 2009-07-31 15:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2009-12-08 08:10 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2009-12-08 04:07 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-12-08 03:57 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-08 03:54 . 2009-06-10 14:19 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-12-08 03:50 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-12-08 03:50 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-08 03:44 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-12-08 03:44 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-12-08 03:44 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-12-08 03:44 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-12-08 03:44 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-12-08 03:44 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-08 03:44 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-08 03:44 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-12-08 03:44 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-12-08 03:30 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-12-08 03:30 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-12-08 03:23 . 2009-07-31 04:35 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-12-08 03:13 . 2009-06-21 22:04 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-12-08 03:03 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-08 03:03 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-08 03:03 . 2009-08-04 14:20 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-08 02:59 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-08 02:43 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-12-07 23:35 . 2009-12-07 23:51 -------- d-----w- c:\windows\system32\wbem\Repository.002
2009-12-07 01:57 . 2008-03-02 08:28 206608 ----a-w- c:\windows\system32\drivers\TMPassthru.sys
2009-12-05 07:01 . 2009-12-05 07:01 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\PCHealth
2009-12-04 21:29 . 2008-04-14 00:11 191488 ----a-w- c:\windows\system32\iuengine.dll
2009-12-04 21:14 . 2002-08-29 12:00 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2009-12-04 21:13 . 2002-08-29 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftlx041e.dll
2009-12-04 20:40 . 2008-04-14 00:12 45568 ----a-w- c:\windows\system32\safrslv.dll
2009-12-04 20:39 . 2008-04-14 00:12 239104 ----a-w- c:\windows\system32\srrstr.dll
2009-12-04 20:38 . 2008-04-14 00:12 184320 ----a-w- c:\windows\system32\accwiz.exe
2009-12-04 20:37 . 2008-04-14 00:11 55296 ----a-w- c:\windows\system32\fxsevent.dll
2009-12-04 20:25 . 2008-04-13 18:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2009-12-04 20:25 . 2008-04-13 18:45 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2009-12-04 20:24 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2009-12-04 20:23 . 2008-04-14 10:41 4096 ----a-w- c:\windows\system32\ksuser.dll
2009-12-04 20:23 . 2001-08-18 03:36 51200 ----a-w- c:\windows\system32\sfman32.dll
2009-12-04 20:23 . 2004-08-04 03:29 327040 ----a-w- c:\windows\system32\drivers\ati2mtaa.sys
2009-12-04 20:23 . 2008-04-14 00:11 377984 ----a-w- c:\windows\system32\ati2dvaa.dll
2009-12-04 20:19 . 2008-04-14 00:13 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2009-12-04 20:15 . 2008-04-14 00:12 146432 ----a-w- c:\windows\system\winspool.drv
2009-12-04 20:15 . 2008-04-13 18:54 11264 ----a-w- c:\windows\system32\drivers\irenum.sys
2009-12-04 20:15 . 2002-08-29 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-12-04 20:15 . 2002-08-29 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-12-04 20:15 . 2002-08-29 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-12-04 20:15 . 2002-08-29 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-12-04 20:15 . 2008-04-14 00:12 74752 ----a-w- c:\windows\system32\storprop.dll
2009-12-02 22:50 . 2009-12-20 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-02 22:50 . 2009-12-20 14:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-02 20:11 . 2009-12-07 01:57 -------- d-----w- c:\program files\Trend Micro
2009-12-02 02:04 . 2009-09-04 22:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-12-02 02:04 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-12-02 02:02 . 2007-03-05 17:42 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2009-12-01 14:21 . 2009-12-01 14:20 3963160 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-12-01 14:21 . 2009-12-01 02:28 497944 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2009-12-01 14:20 . 2009-12-01 14:20 844056 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2009-12-01 14:20 . 2009-12-01 14:20 1658136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-12-01 10:38 . 2009-12-01 10:38 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2009-12-01 02:28 . 2009-12-01 02:47 -------- d-----w- C:\$AVG
2009-12-01 02:28 . 2009-12-01 02:28 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-01 02:28 . 2009-12-01 02:28 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-01 02:28 . 2009-12-01 02:28 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-01 02:28 . 2009-12-01 02:28 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-01 02:28 . 2009-12-20 14:34 -------- d-----w- c:\windows\system32\drivers\Avg
2009-12-01 02:27 . 2009-12-01 02:27 -------- d-----w- c:\program files\AVG
2009-12-01 02:27 . 2009-12-19 15:27 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-29 19:10 . 2009-11-29 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-11-29 19:09 . 2009-12-09 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-11-29 19:09 . 2009-11-29 19:09 -------- d-----w- c:\program files\Common Files\iS3
2009-11-29 15:47 . 2009-11-29 15:47 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-11-29 15:34 . 2009-11-29 15:34 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-11-29 00:55 . 2009-12-15 20:23 -------- d-----w- C:\DECCHECK
2009-11-29 00:08 . 2009-12-04 20:23 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000001-00000000-00000001-00001102-00000002-80311102}.dat
2009-11-29 00:08 . 2009-12-04 20:23 24 ----a-w- c:\windows\system32\DVCState-{00000001-00000000-00000001-00001102-00000002-80311102}.dat
2009-11-28 20:20 . 2009-11-28 20:20 -------- d-----w- C:\ATI
2009-11-27 02:17 . 2009-11-27 02:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-11-27 02:12 . 2009-11-27 02:13 -------- d-----w- c:\documents and settings\Richard Lewis\Local Settings\Application Data\Temp
2009-11-27 02:12 . 2009-11-27 02:12 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-11-26 18:52 . 2009-12-18 20:52 -------- d-----w- c:\documents and settings\Richard Lewis\Application Data\LimeWire
2009-11-25 10:15 . 2005-09-20 15:31 135168 ----a-w- c:\windows\system32\igfxres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-19 19:06 . 2006-03-18 19:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-19 19:06 . 2008-12-27 02:53 -------- d-----w- c:\documents and settings\Richard Lewis\Application Data\FUJIFILM
2009-12-18 21:13 . 2009-12-18 21:13 0 ----a-w- c:\windows\system32\12D.tmp
2009-12-18 21:13 . 2009-12-18 21:13 0 ----a-w- c:\windows\system32\12C.tmp
2009-12-17 20:23 . 2007-03-21 18:12 -------- d-----w- c:\program files\Common Files\AnswerWorks 4.0
2009-12-15 20:22 . 2006-03-18 19:48 -------- d-----w- c:\program files\ahead
2009-12-15 16:59 . 2006-03-26 20:41 -------- d-----w- c:\program files\Quicken
2009-12-12 14:34 . 2009-12-12 14:35 2352920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgresf.dll
2009-12-09 20:41 . 2009-12-09 20:41 112 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2009-12-09 13:48 . 2009-12-09 13:48 1240 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-12-04 21:29 . 2009-12-04 21:29 2678 ----a-w- c:\windows\java\Packages\Data\UOKBBZL3.DAT
2009-12-04 21:29 . 2009-12-04 21:29 2678 ----a-w- c:\windows\java\Packages\Data\XBJXB33J.DAT
2009-12-04 21:28 . 2009-12-04 21:28 2678 ----a-w- c:\windows\java\Packages\Data\OIGN3HNT.DAT
2009-12-04 21:28 . 2009-12-04 21:28 2678 ----a-w- c:\windows\java\Packages\Data\KVPZFF9B.DAT
2009-12-04 21:28 . 2009-12-04 21:28 2678 ----a-w- c:\windows\java\Packages\Data\0GPR1V3D.DAT
2009-12-04 20:39 . 2006-03-18 15:12 23388 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-01 02:28 . 2009-12-12 14:35 1475864 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2009-12-01 02:28 . 2009-12-12 14:35 1082648 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
2009-12-01 02:28 . 2009-12-12 14:35 3775256 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2009-12-01 02:28 . 2009-12-12 14:35 1074456 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcmgr.exe
2009-12-01 02:28 . 2009-12-12 14:35 615704 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcertx.dll
2009-12-01 02:28 . 2009-12-12 14:35 600344 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
2009-12-01 02:28 . 2009-12-12 14:35 502040 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgrsx.exe
2009-12-01 02:27 . 2009-12-12 14:35 4029208 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2009-12-01 02:27 . 2009-12-12 14:35 2020120 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2009-12-01 02:27 . 2009-12-12 14:35 1264408 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2009-12-01 02:27 . 2009-12-12 14:35 1946392 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgapix.dll
2009-12-01 02:27 . 2009-12-12 14:35 744728 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgscanx.exe
2009-12-01 02:27 . 2009-12-12 14:35 562456 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2009-12-01 02:27 . 2009-12-12 14:35 361752 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmax.exe
2009-12-01 02:27 . 2009-12-12 14:35 1494088 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
2009-11-29 21:47 . 2006-03-18 19:44 -------- d-----w- c:\program files\InterVideo
2009-11-28 21:38 . 2009-10-29 22:50 -------- d-----w- c:\program files\Analog Devices
2009-11-27 02:14 . 2008-05-30 01:28 -------- d-----w- c:\program files\Google
2009-11-13 19:10 . 2009-11-13 19:10 -------- d-----w- c:\program files\Windows Defender
2009-11-13 00:58 . 2009-11-01 15:37 -------- d-----w- c:\program files\Gateway
2009-11-12 23:55 . 2009-11-12 20:20 -------- d-----w- c:\program files\Creative
2009-11-08 04:13 . 2009-11-08 04:13 -------- d-----w- c:\program files\Realtek AC97
2009-11-03 22:58 . 2009-11-01 13:51 -------- d-----w- c:\documents and settings\Richard Lewis\Application Data\HpUpdate
2009-11-03 01:42 . 2009-11-13 19:12 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-01 13:53 . 2009-10-19 17:55 160915 ----a-w- c:\windows\hphins33.dat
2009-11-01 13:51 . 2009-10-19 18:09 -------- d-----w- c:\program files\HP
2009-10-31 18:56 . 2009-10-19 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-10-29 07:45 . 2002-08-29 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-24 22:58 . 2006-08-07 19:34 -------- d-----w- c:\program files\PTNA LTC
2009-10-24 22:10 . 2009-10-24 02:26 -------- d-----w- c:\program files\Common Files\InterVideo
2009-10-24 17:08 . 2009-10-24 14:12 -------- d-----w- c:\documents and settings\Richard Lewis\Application Data\HPAppData
2009-10-24 14:26 . 2006-03-18 17:29 35832 ----a-w- c:\documents and settings\Richard Lewis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-24 14:09 . 2009-10-24 14:09 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2009-10-24 14:09 . 2009-10-19 22:27 -------- d-----w- c:\documents and settings\Richard Lewis\Application Data\HP
2009-10-24 14:03 . 2009-10-19 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-10-24 02:40 . 2006-03-19 18:12 -------- d-----w- c:\documents and settings\Richard Lewis\Application Data\InterVideo
2009-10-24 02:33 . 2009-10-24 02:33 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo
2009-10-22 00:05 . 2009-10-22 00:05 -------- d-----w- c:\program files\Intel Desktop Board Audio Driver
2009-10-22 00:00 . 2009-10-22 00:00 -------- d-----w- c:\program files\Intel
2009-10-21 05:38 . 2006-03-18 17:17 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38 . 2006-03-18 17:16 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 16:20 . 2006-03-18 17:17 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2002-08-29 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2002-08-29 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2002-08-29 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2005-12-19 05:45 . 2006-04-05 01:22 521403 ----a-w- c:\program files\DVD43_3-7-0_Setup.exe
2001-09-28 22:00 . 2006-05-11 14:31 164864 ----a-w- c:\program files\UNWISE.EXE
2006-03-18 09:41 . 2006-03-18 09:41 2015 --sha-w- c:\windows\rreg32.dll
2006-03-18 09:41 . 2006-03-18 09:41 4964 --sha-w- c:\windows\utapi32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ButtonMonitor"="S200" [X]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SoundMan"="SOUNDMAN.EXE" [2006-01-11 577536]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 24576]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-12 2033432]
"DVDUpgrade"="DVDUpgrd.exe" [2008-04-14 17920]
"TMRUBottedTray"="c:\program files\Trend Micro\RUBotted\TMRUBottedTray.exe" [2008-11-06 288088]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2009-12-19 303104]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-11-29 73728]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq S200 Button Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq S200 Button Manager.lnk
backup=c:\windows\pss\Compaq S200 Button Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-06-06 15:47 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"\\\\RICHARD-NSIXIQO\\LIMEWIRE\\LimeWire.exe"=
"c:\\Program Files\\InterVideo\\WinDVD\\WinDVD.exe"=

R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [4/18/2006 3:42 PM 8320]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/30/2009 9:28 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/30/2009 9:28 PM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/30/2009 9:27 PM 285392]
R2 RUBotted;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\TMRUBotted.exe [12/6/2009 8:57 PM 582992]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [12/6/2009 8:57 PM 206608]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/26/2009 9:12 PM 135664]
S2 mrtRate;mrtRate; [x]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 Amps2prt;A4Tech PS/2 Port Mouse Filter Driver;c:\windows\system32\drivers\Amps2prt.sys [11/13/2000 6:04 PM 10195]
S3 ATICDSDr;ATICDSDr;\??\c:\windows\TEMP\ATICDSDr.sys --> c:\windows\TEMP\ATICDSDr.sys [?]
S3 NtApm;NT Apm/Legacy Interface Driver;c:\windows\system32\drivers\ntapm.sys [8/17/2001 8:47 AM 9344]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [12/6/2009 8:57 PM 206608]
S3 VQ21FIL;ViewQuest USB Filter Driver (FILTER);c:\windows\system32\drivers\VQ2101XP.SYS [4/15/2006 2:42 PM 5593]
S4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [4/18/2006 3:42 PM 314496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = <local>
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

BHO-{33C84902-C0C8-4203-B7DC-901A9FC68BDb} - c:\windows\System32\dxtmsft32.dll
BHO-{CF21240A-C0C8-4203-B7DC-901A9FC68BDb} - c:\windows\System32\d3d8thk32.dll
Toolbar-SITEguard - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-WeatherClock - c:\program files\Weather Clock\WeatherClock.exe
Notify-2ce3c67f705 - (no file)
Notify-__c009B9C9 - (no file)



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-448539723-2111687655-1202660629-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2996)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\fxssvc.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\devldr32.exe
c:\windows\system32\dvdupgrd.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\MsiExec.exe
.
**************************************************************************
.
Completion time: 2009-12-20 10:20:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-20 15:20

Pre-Run: 24,989,827,072 bytes free
Post-Run: 24,912,515,072 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - A1FD653027A032A4C9986FD6624B33FA
rik3267
Active Member
 
Posts: 14
Joined: December 12th, 2009, 12:40 pm

Re: sutbborn trojan

Unread postby muppy03 » December 21st, 2009, 4:31 am

Please update me on how computer is running on your next post! Also don’t forget the NEW HJT log this time :)

Download and Run OTM.exe

Download OTM.exe by Old Timer and save it to your Desktop.
  • Double-click OTM.exe. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
  • Copy the lines in the codebox below.
Code: Select all
:Files
c:\windows\system32\12D.tmp
c:\windows\system32\12C.tmp
c:\documents and settings\Richard Lewis\Application Data\LimeWire

:Commands

[EmptyTemp]
[Start Explorer]
[Reboot]


  • Return to OTM.exe, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTM.exe

Please reply with:-
  • OTM log
  • New HJT log
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: sutbborn trojan

Unread postby rik3267 » December 21st, 2009, 1:28 pm

12/21/09

Computer is running smooth without any interuptions from spyware. OTM.exe was not found on reboot however the log appeared when I downloaded it a second time.

Sign me up for Malware university.


Thank you for your professional help. Its good to know that the web is still a place where integrity resides.




OTM Log:

All processes killed
========== FILES ==========
c:\windows\system32\12D.tmp moved successfully.
c:\windows\system32\12C.tmp moved successfully.
c:\documents and settings\Richard Lewis\Application Data\LimeWire\xml\data folder moved successfully.
c:\documents and settings\Richard Lewis\Application Data\LimeWire\xml folder moved successfully.
c:\documents and settings\Richard Lewis\Application Data\LimeWire\themes\windows_theme folder moved successfully.
c:\documents and settings\Richard Lewis\Application Data\LimeWire\themes folder moved successfully.
c:\documents and settings\Richard Lewis\Application Data\LimeWire\.AppSpecialShare folder moved successfully.
c:\documents and settings\Richard Lewis\Application Data\LimeWire folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 586962 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: Richard Lewis
->Temp folder emptied: 1976983 bytes
->Temporary Internet Files folder emptied: 19484428 bytes
->Java cache emptied: 33341864 bytes
->FireFox cache emptied: 2561230 bytes
->Google Chrome cache emptied: 276403502 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3416661 bytes
%systemroot%\System32 .tmp files removed: 3383313 bytes
Windows Temp folder emptied: 37014 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 8158 bytes

Total Files Cleaned = 325.00 mb


OTM by OldTimer - Version 3.1.3.0 log created on 12212009_120958

Files moved on Reboot...

Registry entries deleted on Reboot...

HJT Log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:05 PM, on 12/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [DVDUpgrade] DVDUpgrd.exe /async
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [ButtonMonitor] S200
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = Common\Bin\WinCinemaMgr.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwar ... TSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0129391578
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O24 - Desktop Component 1: (no name) - http://www.yahoo.com/r/2k

--
End of file - 5969 bytes
rik3267
Active Member
 
Posts: 14
Joined: December 12th, 2009, 12:40 pm

Re: sutbborn trojan

Unread postby muppy03 » December 21st, 2009, 4:57 pm

Nearly done :)

Did you set Yahoo yellow pages as an active desktop link? If not do Step 1 and 2. If you did that’s fine, miss step 1 & 2.

1. Open Hijack This and select Do a System Scan Only place a check next to the below lines if still present

    O24 - Desktop Component 1: (no name) - <http://www.yahoo.com/r/2k>

Once selected close all windows except HJT an click on Fix Checked

2.
    Go to Start > Control Panel > Display Properties > Desktop > Customize Desktop... > Web tab.
    Uncheck and Delete everything you find in there. (Except for "My Current Home Page.")

3. You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 9.2 are vulnerable.
  • Go HERE and click on AdbeRdr920_en_US.exe to download the latest version of Adobe Acrobat Reader.
  • Save this file to your desktop and run it to install the latest version of Adobe Reader.


4. Update Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 17.
  • Go to Java Site
  • Click to Download Java SE Runtime Environment (JRE) 6 Update 17
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u17-windows-i586.exe" and save the downloaded file to your desktop.
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java 3 Runtime Environment, JRE or JSE) listed below in the code box.
    Code: Select all
    Java(TM) 6 Update 15
    Java(TM) 6 Update 6
    Java(TM) 6 Update 7
     
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer

5. Kaspersky Online Scan
Do an online scan with >Kaspersky Online Scanner<
  • Read through the requirements and privacy statement and click on Accept button
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
  • When the downloads have finished, click on Settings
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan
  • Once the scan is complete, it will display the results. Click on View Scan Report
  • You will see a list of infected items there. Click on Save Report As...
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button
  • Please post this log in your next reply


Please reply with:-
  • KASPERSKY LOG
  • New HJT log
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: sutbborn trojan

Unread postby rik3267 » December 22nd, 2009, 10:02 pm

12/22/09

Kaspersky will not download or initialize.

Error message : "Launch of the java app is interupted. Please establish an uninterupted internet connection for working the program"

The "Accept" window initializes but no download and caution error shows up. I have tried this with IE8. I try google chrome but cannot get Java for chrome to download. I have removed all previous Java apps and have removed and reinstalled java 6_17 several times with no success.
rik3267
Active Member
 
Posts: 14
Joined: December 12th, 2009, 12:40 pm

Re: sutbborn trojan

Unread postby muppy03 » December 22nd, 2009, 11:17 pm

Use ESETnstead :?

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: sutbborn trojan

Unread postby rik3267 » December 23rd, 2009, 3:50 pm

12/23/09

ESET Log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=4c388583efc6af4f912b16f446983d0e
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-12-23 06:32:38
# local_time=2009-12-23 01:32:38 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 522940 522940 0 0
# compatibility_mode=1024 16777191 100 0 1039492 1039492 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=13614
# found=0
# cleaned=0
# scan_time=1201
esets_scanner_update returned -1 esets_gle=53251
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=4c388583efc6af4f912b16f446983d0e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-12-23 07:39:46
# local_time=2009-12-23 02:39:46 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 524172 524172 0 0
# compatibility_mode=1024 16777191 100 0 1040724 1040724 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=73800
# found=29
# cleaned=0
# scan_time=3993
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\body language queen.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\come get your love redbone [dvd rip].mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\dannys song kenny loggins - greatest hits.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\dannys song kenny loggins.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\go put your records on (high bitrate).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\go put your records on - greatest hits.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\go put your records on.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\im sorry smashmouth MTV.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\kiss you through phone chris.snd a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\never knew what i was missing.mp3 WMA/TrojanDownloader.GetCodec.C trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\sex candy matchbox 20.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\sidewinder rem.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\SPIRITLAND - Redbone_Come and get your love.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\youll come back prince caspian (unplugged version).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\body language queen.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\come get your love redbone [dvd rip].mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\dannys song kenny loggins - greatest hits.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\dannys song kenny loggins.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\go put your records on (high bitrate).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\go put your records on - greatest hits.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\go put your records on.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\im sorry smashmouth MTV.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\kiss you through phone chris.snd a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\never knew what i was missing.mp3 WMA/TrojanDownloader.GetCodec.C trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\sex candy matchbox 20.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\sidewinder rem.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\SPIRITLAND - Redbone_Come and get your love.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\youll come back prince caspian (unplugged version).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Program Files\AIM\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application 00000000000000000000000000000000 I
rik3267
Active Member
 
Posts: 14
Joined: December 12th, 2009, 12:40 pm

Re: sutbborn trojan

Unread postby muppy03 » December 23rd, 2009, 5:27 pm

You can see by the ESET results, why we warn about the use of P2P! Please update me on any remaining issues next post.

  • Double-click OTM.exe. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
  • Copy the lines in the codebox below.
Code: Select all
:Files
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\body language queen.mp3 
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\come get your love redbone [dvd rip].mp3 
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\dannys song kenny loggins - greatest hits.mp3 
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\dannys song kenny loggins.mp3 
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\go put your records on (high bitrate).mp3 
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\go put your records on - greatest hits.mp3 
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\go put your records on.mp3 
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\im sorry smashmouth MTV.mp3 
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\kiss you through phone chris.snd 
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\never knew what i was missing.mp3 
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\sex candy matchbox 20.mp3 
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\sidewinder rem.mp3 
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\SPIRITLAND - Redbone_Come and get your love.mp3 
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\youll come back prince caspian (unplugged version).mp3 
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\body language queen.mp3 
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\come get your love redbone [dvd rip].mp3 
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\dannys song kenny loggins - greatest hits.mp3 
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\dannys song kenny loggins.mp3 
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\go put your records on (high bitrate).mp3 
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\go put your records on - greatest hits.mp3 
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\go put your records on.mp3 
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\im sorry smashmouth MTV.mp3 
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\kiss you through phone chris.snd 
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\never knew what i was missing.mp3 
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\sex candy matchbox 20.mp3 
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\sidewinder rem.mp3 
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\SPIRITLAND - Redbone_Come and get your love.mp3 
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\youll come back prince caspian (unplugged version).mp3 
C:\Program Files\AIM\Sysfiles\WxBug.EXE 


:Commands

[EmptyTemp]
[Start Explorer]
[Reboot]


  • Return to OTM.exe, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTM.exe


Please reply with:-
  • OTM log
  • New HJT log
  • Update on any problems remaining
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: sutbborn trojan

Unread postby rik3267 » December 23rd, 2009, 7:35 pm

12/23/09

No major current problems occurring just a few minor software gliches that need to be worked out (HP deskjet software and windows media player DVD decoder). A far cry from what was occurring last week.

Thank you

All processes killed
========== FILES ==========
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\body language queen.mp3 moved successfully.
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\come get your love redbone [dvd rip].mp3 moved successfully.
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\dannys song kenny loggins - greatest hits.mp3 moved successfully.
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\dannys song kenny loggins.mp3 moved successfully.
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\go put your records on (high bitrate).mp3 moved successfully.
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\go put your records on - greatest hits.mp3 moved successfully.
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\go put your records on.mp3 moved successfully.
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\im sorry smashmouth MTV.mp3 moved successfully.
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\kiss you through phone chris.snd moved successfully.
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\never knew what i was missing.mp3 moved successfully.
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\sex candy matchbox 20.mp3 moved successfully.
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\sidewinder rem.mp3 moved successfully.
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\SPIRITLAND - Redbone_Come and get your love.mp3 moved successfully.
C:\Documents and Settings\Richard Lewis\My Documents\Home2 Limewire saved\youll come back prince caspian (unplugged version).mp3 moved successfully.
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\body language queen.mp3 moved successfully.
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\come get your love redbone [dvd rip].mp3 moved successfully.
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\dannys song kenny loggins - greatest hits.mp3 moved successfully.
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\dannys song kenny loggins.mp3 moved successfully.
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\go put your records on (high bitrate).mp3 moved successfully.
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\go put your records on - greatest hits.mp3 moved successfully.
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\go put your records on.mp3 moved successfully.
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\im sorry smashmouth MTV.mp3 moved successfully.
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\kiss you through phone chris.snd moved successfully.
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\never knew what i was missing.mp3 moved successfully.
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\sex candy matchbox 20.mp3 moved successfully.
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\sidewinder rem.mp3 moved successfully.
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\SPIRITLAND - Redbone_Come and get your love.mp3 moved successfully.
C:\Documents and Settings\Richard Lewis\My Documents\Home2 My Docs\LimeWire\Saved\youll come back prince caspian (unplugged version).mp3 moved successfully.
C:\Program Files\AIM\Sysfiles\WxBug.EXE moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Richard Lewis
->Temp folder emptied: 241992277 bytes
->Temporary Internet Files folder emptied: 35488298 bytes
->Java cache emptied: 13723698 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 82991469 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 1136883 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 148408107 bytes

Total Files Cleaned = 500.00 mb


OTM by OldTimer - Version 3.1.3.0 log created on 12232009_182426

Files moved on Reboot...

Registry entries deleted on Reboot...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:33:34 PM, on 12/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\notepad.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [DVDUpgrade] DVDUpgrd.exe /async
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [ButtonMonitor] S200
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = Common\Bin\WinCinemaMgr.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwar ... TSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0129391578
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe

--
End of file - 6701 bytes
rik3267
Active Member
 
Posts: 14
Joined: December 12th, 2009, 12:40 pm

Re: sutbborn trojan

Unread postby muppy03 » December 24th, 2009, 3:16 am

Well Malware wise you are looking great :cheers: so if you are not having any further problems, I would suggest you proceed as follows.

MBAM is a great tool for you to keep and use on a regular basis.

Remove Combofix
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK ( please note the space between Combofix and the /,it is needed)
  • Image
The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.

Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately.

  • Double-click OTM.exe. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.


Here are some free programs I recommend that could help you improve your computer's security.

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here


Read some information here how to prevent Malware.


Please reply if you have any problems or questions

Happy Safe Surfing and Merry Christmas :flower:
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4782
Joined: December 4th, 2007, 5:30 am
Location: Australia
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware