Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

bsod, slow, crash, redirects, virus...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

bsod, slow, crash, redirects, virus...

Unread postby ronn79 » December 27th, 2009, 5:59 pm

I started getting the blue screen and slow startups recently. As well as google misdirects. I scanned with avg and it found nothing, then i scanned with spybot and it found some stuff including the virtumonde virus. I have not seen the blue screen in the past few days and the misdirects seem to have stopped but the computer it still slow on startup. Everything loads up just fine, then there is a lot of hdd activity for 30 mins or so. Firefox seems to be crashing a lot more now and just prior to it crashing I notice a couple processes that are using up a lot of the cpu and memory (avgnsx.exe and avgdumpx.exe). I also recieved and e-mail from my isp telling me that my "account has been used to scan, flood or attempt to gain unauthorized access to another computer", "likely caused by the Botnet traffic". :x Thanks for any help.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:40:45 PM, on 12/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\brsvc01a.exe
F:\WINDOWS\system32\brss01a.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
F:\WINDOWS\system32\rundll32.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\WINDOWS\system32\Brmfrmps.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\Program Files\ASUS\Ai Booster\OverClk.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
F:\PROGRA~1\AVG\AVG8\avgtray.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
F:\PROGRA~1\AVG\AVG8\avgemc.exe
F:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\Java\jre6\bin\jusched.exe
F:\PROGRA~1\AVG\AVG8\avgrsx.exe
F:\PROGRA~1\AVG\AVG8\avgnsx.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Windows Media Player\WMPNSCFG.exe
F:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
F:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
F:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
F:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
F:\Program Files\AVG\AVG8\avgcsrvx.exe
F:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytelus.com/home_page.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NVRaidService] F:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "F:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Launch Ai Booster] "F:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SetDefPrt] "F:\Program Files\Brother\Brmfl04a\BrStDvPt.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "F:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [IndexSearch] "F:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Launch LgDeviceAgent] "F:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "F:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "F:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] F:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-21-1123561945-1482476501-839522115-1003\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1123561945-1482476501-839522115-1003\..\Run: [WMPNSCFG] F:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &ieSpell Options - res://F:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://F:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://F:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://F:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre6\bin\npjpi160_17.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre6\bin\npjpi160_17.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - F:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - F:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - F:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - F:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Justin.tv Publisher - http://www.justin.tv/plugins/justintv_publisher.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-24-0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8300.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2754912650
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0860175015
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by105fd.bay105.hotmail.msn.com/a ... Atchmt.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - F:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - F:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - F:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - F:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - F:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - F:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - F:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13806 bytes




Adobe Flash Player 10 Plugin
Adobe Photoshop CS
Adobe Shockwave Player 11
Ai Booster
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS Probe V2.24.10
ASUSUpdate
Athlon 64 Processor Driver
AutoCAD 2008 - English
Autodesk DWF Viewer 7
AVG 8.5
BlueSoleil
Bonjour
Brother MFL-Pro Suite
Canon EOS 10D WIA Driver
CDDRV_Installer
CDex extraction audio
Choice Guard
Comic Life
Command & Conquer The First Decade
Compatibility Pack for the 2007 Office system
Cool & Quiet
Critical Update for Windows Media Player 11 (KB959772)
Curse Client
Disc2Phone
DivX Converter
DivX Player
DivX Web Player
DVD Decrypter (Remove Only)
DVD Shrink 3.2
FLVPlayer4Free Free FLV Player 3.1.0.0
GA-Virtual City
Google Earth
Hijackthis 1.99.1
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Product Detection
ieSpell
iTunes
Java(TM) 6 Update 17
Junk Mail filter update
Kaspersky Online Scanner
KhalInstallWrapper
LimeWire 5.2.13
Logitech GamePanel Software 3.03.133
Logitech SetPoint
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
mobile PhoneTools
Mozilla Firefox (3.5.6)
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
MSXML4SP2
Nero 7 Ultra Edition
NVIDIA Drivers
NVIDIA nTune
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA WDM Drivers
Panda ActiveScan
PaperPort
PowerDVD
QuickTime
Realtek AC'97 Audio
RivaTuner v2.22
Safari
Satellite Antenna Alignment v2.37.2
Sci-Fi Fighters
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Shareaza 2.3.1.0
Sid Meier's Civilization 4
Skype™ 3.6
SnappySoft
Soap 3.0 Toolkit
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster 4.1
System Requirements Lab
TomTom HOME 2.5.2.60
UFile 2007
UFile 2008
UFile Updater 2007
UFile Updater 2008
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
VC 9.0 Runtime
VC_MergeModuleToMSI
Ventrilo Client
Virtual Earth 3D (Beta)
Winamp (remove only)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Connect
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
World of Warcraft
XviD 1.1 final uninstall
ZoneAlarm
ZoneAlarm Spy Blocker
ronn79
Active Member
 
Posts: 11
Joined: December 27th, 2009, 5:38 pm
Advertisement
Register to Remove

Re: bsod, slow, crash, redirects, virus...

Unread postby MWR 3 day Mod » December 30th, 2009, 5:41 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: bsod, slow, crash, redirects, virus...

Unread postby km2357 » December 31st, 2009, 2:46 pm

Hello and welcome to Malware Removal.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please post a fresh HiJackThis Log and a fresh Uninstall List
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: bsod, slow, crash, redirects, virus...

Unread postby ronn79 » December 31st, 2009, 5:48 pm

Thank you for the help. I should mention that, as i was waiting, I noticed a new user account was being created at startup called /documents and settings/help assistant. This was the cause of the hdd activity at startup that I mentioned in my original post cause all user files were being copied to this folder. I did some research and ran the recovery console to fixmbr. Things appear to be back to normal but I am still uncertain if all traces of the infection have been removed.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:35:24 PM, on 12/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\brsvc01a.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\brss01a.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\WINDOWS\system32\Brmfrmps.exe
F:\PROGRA~1\AVG\AVG8\avgrsx.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\WINDOWS\System32\nvraidservice.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\rundll32.exe
F:\Program Files\ASUS\Ai Booster\OverClk.exe
F:\PROGRA~1\AVG\AVG8\avgemc.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
F:\PROGRA~1\AVG\AVG8\avgtray.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\Program Files\AVG\AVG8\avgcsrvx.exe
F:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
F:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
F:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Windows Media Player\WMPNSCFG.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
F:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
F:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
F:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
F:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
F:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Windows Live\Mail\wlmail.exe
F:\Program Files\Windows Live\Contacts\wlcomm.exe
F:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
F:\DOCUME~1\Ronnie\LOCALS~1\Temp\Adobelm_Cleanup.0001
F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
F:\DOCUME~1\Ronnie\LOCALS~1\Temp\Adobelm_Cleanup.0001
F:\PROGRA~1\AVG\AVG8\avgnsx.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytelus.com/home_page.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NVRaidService] F:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "F:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Launch Ai Booster] "F:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SetDefPrt] "F:\Program Files\Brother\Brmfl04a\BrStDvPt.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "F:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [IndexSearch] "F:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Launch LgDeviceAgent] "F:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "F:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "F:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WMPNSCFG] F:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &ieSpell Options - res://F:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://F:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://F:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://F:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - F:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - F:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - F:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - F:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Justin.tv Publisher - http://www.justin.tv/plugins/justintv_publisher.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-24-0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8300.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2754912650
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0860175015
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by105fd.bay105.hotmail.msn.com/a ... Atchmt.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - F:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - F:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - F:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - F:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - F:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - F:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - F:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 14047 bytes




Adobe Flash Player 10 Plugin
Adobe Photoshop CS
Adobe Shockwave Player 11
Ai Booster
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS Probe V2.24.10
ASUSUpdate
Athlon 64 Processor Driver
AutoCAD 2008 - English
Autodesk DWF Viewer 7
AVG 8.5
BlueSoleil
Bonjour
Brother MFL-Pro Suite
Canon EOS 10D WIA Driver
CDDRV_Installer
CDex extraction audio
Choice Guard
Comic Life
Command & Conquer The First Decade
Compatibility Pack for the 2007 Office system
Cool & Quiet
Critical Update for Windows Media Player 11 (KB959772)
Curse Client
Disc2Phone
DivX Converter
DivX Player
DivX Web Player
DVD Decrypter (Remove Only)
DVD Shrink 3.2
FLVPlayer4Free Free FLV Player 3.1.0.0
GA-Virtual City
Google Earth
Hijackthis 1.99.1
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Product Detection
ieSpell
iTunes
Java(TM) 6 Update 17
Junk Mail filter update
Kaspersky Online Scanner
KhalInstallWrapper
LimeWire 5.2.13
Logitech GamePanel Software 3.03.133
Logitech SetPoint
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
mobile PhoneTools
Mozilla Firefox (3.5.6)
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
MSXML4SP2
Nero 7 Ultra Edition
NVIDIA Drivers
NVIDIA nTune
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA WDM Drivers
Panda ActiveScan
PaperPort
PowerDVD
QuickTime
Realtek AC'97 Audio
RivaTuner v2.22
Safari
Satellite Antenna Alignment v2.37.2
Sci-Fi Fighters
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Shareaza 2.3.1.0
Sid Meier's Civilization 4
Skype™ 3.6
SnappySoft
Soap 3.0 Toolkit
Spybot - Search & Destroy
SpywareBlaster 4.1
System Requirements Lab
TomTom HOME 2.5.2.60
UFile 2007
UFile 2008
UFile Updater 2007
UFile Updater 2008
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
VC 9.0 Runtime
VC_MergeModuleToMSI
Ventrilo Client
Virtual Earth 3D (Beta)
Winamp (remove only)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Connect
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
World of Warcraft
XviD 1.1 final uninstall
ZoneAlarm
ZoneAlarm Spy Blocker
ronn79
Active Member
 
Posts: 11
Joined: December 27th, 2009, 5:38 pm

Re: bsod, slow, crash, redirects, virus...

Unread postby km2357 » January 1st, 2010, 2:00 am

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

LimeWire 5.2.13

Shareaza 2.3.1.0


I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new HJT scan when finished and post the log back here.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: bsod, slow, crash, redirects, virus...

Unread postby ronn79 » January 1st, 2010, 3:18 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:42 PM, on 12/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\brsvc01a.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\brss01a.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\WINDOWS\system32\Brmfrmps.exe
F:\PROGRA~1\AVG\AVG8\avgrsx.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\WINDOWS\System32\nvraidservice.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\rundll32.exe
F:\Program Files\ASUS\Ai Booster\OverClk.exe
F:\PROGRA~1\AVG\AVG8\avgemc.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
F:\PROGRA~1\AVG\AVG8\avgtray.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\Program Files\AVG\AVG8\avgcsrvx.exe
F:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
F:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
F:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Windows Media Player\WMPNSCFG.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
F:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
F:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
F:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
F:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
F:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Windows Live\Mail\wlmail.exe
F:\Program Files\Windows Live\Contacts\wlcomm.exe
F:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
F:\DOCUME~1\Ronnie\LOCALS~1\Temp\Adobelm_Cleanup.0001
F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
F:\DOCUME~1\Ronnie\LOCALS~1\Temp\Adobelm_Cleanup.0001
F:\PROGRA~1\AVG\AVG8\avgnsx.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytelus.com/home_page.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NVRaidService] F:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "F:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Launch Ai Booster] "F:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SetDefPrt] "F:\Program Files\Brother\Brmfl04a\BrStDvPt.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "F:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [IndexSearch] "F:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Launch LgDeviceAgent] "F:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "F:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "F:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WMPNSCFG] F:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &ieSpell Options - res://F:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://F:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://F:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://F:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - F:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - F:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - F:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - F:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Justin.tv Publisher - http://www.justin.tv/plugins/justintv_publisher.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-24-0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8300.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2754912650
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0860175015
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by105fd.bay105.hotmail.msn.com/a ... Atchmt.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - F:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - F:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - F:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - F:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - F:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - F:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - F:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 14048 bytes
ronn79
Active Member
 
Posts: 11
Joined: December 27th, 2009, 5:38 pm

Re: bsod, slow, crash, redirects, virus...

Unread postby km2357 » January 1st, 2010, 2:32 pm

Step # 1: Remove Hijackthis Entries

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):


    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)


  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.


Step # 2 Download and run DDS

Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.




Step # 3: Download and Run Gmer

Please download gmer.zip from Gmer and save it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst


If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click No.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log.
  • Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.


In your next post/reply, I need to see the following:

1. The two DDS Logs (DDS and Attach.txt)
2. The GMER Log

Use multiple posts if you can't fit everything into one post.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: bsod, slow, crash, redirects, virus...

Unread postby ronn79 » January 2nd, 2010, 5:22 pm

I downloaded dds.scr and tried to run it but all that happens is notepad opens up and displays the file. It doesn't run anything and no logs are created. I tried the second link you posted and the same thing happens but instead its displayed in the web browser.

I did not recieve any notification of any rootkit activity and the 'show all' button is unticked. Everything else is ticked though. I clicked the scan button and saved the log. I dont know if i'm doing something wrong.


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-02 13:07:15
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: F:\DOCUME~1\Ronnie\LOCALS~1\Temp\uxtdqpoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xABCABFC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xABCA8C80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xABCC3170]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xABCAC580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xABCC0900]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xABCC0B10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xABCC4B10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xABCAC670]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xABCA9210]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xABCC39F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xABCC37A0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xABCC0280]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xABCC3F10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xABCC3F90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xABCA9070]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xABCC2180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xABCC1F40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xABCC46F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xABCC4150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xABCABBE0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xABCC4540]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xABCAC190]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xABCA9440]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xABCC34E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xABCC1200]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xABCC1080]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 241C 80501C54 12 Bytes [80, C5, CA, AB, 00, 09, CC, ...] {ADD CH, 0xca; STOSD ; ADD [ECX], CL; INT 3 ; STOSD ; ADC [EBX], CL; INT 3 ; STOSD }
? srescan.sys The system cannot find the file specified. !
.text F:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB4F7D380, 0x5414D5, 0xE8000020]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [ABCB0B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [ABCB0930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [ABCB1260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [ABCAEE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [ABCAEE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [ABCB0B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [ABCB0930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [ABCB1260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [ABCB0B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [ABCAEE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [ABCB1260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [ABCB0930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [ABCB1260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [ABCB0930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [ABCB0B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [ABCAEE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [ABCB0B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [ABCB0930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [ABCB1260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [ABCB1260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [ABCB0930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [ABCAEE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [ABCB0B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [ABCB0B20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [ABCAEE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [ABCB1260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [ABCB0930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00116706fb35 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 F:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6A 0x43 0x52 0xF7 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x02 0xCD 0x87 0x71 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x91 0xED 0xA5 0x19 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x58 0x8E 0x6F 0x96 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xD6 0x2B 0xE6 0xCF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00116706fb35
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 F:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6A 0x43 0x52 0xF7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x02 0xCD 0x87 0x71 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x91 0xED 0xA5 0x19 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x58 0x8E 0x6F 0x96 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xD6 0x2B 0xE6 0xCF ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 F:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x62 0x73 0xD3 0x64 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xCA 0x29 0xBD 0xDC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA0 0x46 0x91 0x2E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x9F 0x8E 0xEF 0xC3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xD6 0x2B 0xE6 0xCF ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00116706fb35 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 F:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x6A 0x43 0x52 0xF7 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x02 0xCD 0x87 0x71 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x91 0xED 0xA5 0x19 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x58 0x8E 0x6F 0x96 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xD6 0x2B 0xE6 0xCF ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.15 ----
ronn79
Active Member
 
Posts: 11
Joined: December 27th, 2009, 5:38 pm

Re: bsod, slow, crash, redirects, virus...

Unread postby km2357 » January 3rd, 2010, 12:20 am

The GMER Log looks fine, you didn't do anything wrong. And its good that you didn't receive any notification of rootkit activity. :)

Let's replace DDS with another scanner:

Step # 1 Download and Run RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: bsod, slow, crash, redirects, virus...

Unread postby ronn79 » January 3rd, 2010, 2:32 am

Logfile of random's system information tool 1.06 (written by random/random)
Run by Ronnie at 2010-01-02 22:29:22
Microsoft Windows XP Professional Service Pack 3
System drive F: has 126 GB (53%) free of 238 GB
Total RAM: 3071 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:56 PM, on 1/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\brsvc01a.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\brss01a.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\WINDOWS\system32\Brmfrmps.exe
F:\PROGRA~1\AVG\AVG8\avgrsx.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\WINDOWS\System32\nvraidservice.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\rundll32.exe
F:\Program Files\ASUS\Ai Booster\OverClk.exe
F:\PROGRA~1\AVG\AVG8\avgemc.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
F:\PROGRA~1\AVG\AVG8\avgtray.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\Program Files\AVG\AVG8\avgcsrvx.exe
F:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
F:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
F:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Windows Media Player\WMPNSCFG.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
F:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
F:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
F:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
F:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
F:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
F:\DOCUME~1\Ronnie\LOCALS~1\Temp\Adobelm_Cleanup.0001
F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
F:\DOCUME~1\Ronnie\LOCALS~1\Temp\Adobelm_Cleanup.0001
F:\PROGRA~1\AVG\AVG8\avgnsx.exe
F:\Program Files\Windows Live\Mail\wlmail.exe
F:\Program Files\Windows Live\Contacts\wlcomm.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\Ronnie\Desktop\RSIT.exe
F:\Program Files\Trend Micro\HijackThis\Ronnie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytelus.com/home_page.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NVRaidService] F:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "F:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Launch Ai Booster] "F:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SetDefPrt] "F:\Program Files\Brother\Brmfl04a\BrStDvPt.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "F:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [IndexSearch] "F:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Launch LgDeviceAgent] "F:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "F:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "F:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WMPNSCFG] F:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &ieSpell Options - res://F:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://F:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://F:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://F:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - F:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - F:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - F:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - F:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Justin.tv Publisher - http://www.justin.tv/plugins/justintv_publisher.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-24-0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8300.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2754912650
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0860175015
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by105fd.bay105.hotmail.msn.com/a ... Atchmt.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - F:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - F:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - F:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - F:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - F:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - F:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - F:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13941 bytes

======Scheduled tasks folder======

F:\WINDOWS\tasks\1-Click Maintenance.job
F:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - F:\Program Files\AVG\AVG8\avgssie.dll [2009-12-17 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - F:\Program Files\Java\jre6\bin\ssv.dll [2009-12-26 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - F:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-26 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-26 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"=F:\WINDOWS\System32\nvraidservice.exe [2005-01-16 84480]
"NVIDIA nTune"=F:\Program Files\NVIDIA Corporation\nTune\\nTune.exe [2004-12-06 532480]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Launch Ai Booster"=F:\Program Files\ASUS\Ai Booster\OverClk.exe [2005-06-16 3627520]
"SoundMan"=F:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]
"SetDefPrt"=F:\Program Files\Brother\Brmfl04a\BrStDvPt.exe [2004-05-25 49152]
"PaperPort PTD"=F:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2004-04-14 57393]
"NeroFilterCheck"=F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"IndexSearch"=F:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2004-04-14 40960]
"AVG8_TRAY"=F:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-12-17 2043160]
"Logitech Hardware Abstraction Layer"=F:\WINDOWS\KHALMNPR.EXE [2008-10-10 69632]
"Kernel and Hardware Abstraction Layer"=F:\WINDOWS\KHALMNPR.EXE [2008-10-10 69632]
"ZoneAlarm Client"=F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-15 981384]
"Launch LgDeviceAgent"=F:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [2009-08-13 357384]
"Launch LCDMon"=F:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2009-08-13 1573384]
"Launch LGDCore"=F:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [2009-08-13 3161608]
"NvCplDaemon"=F:\WINDOWS\system32\NvCpl.dll [2009-11-20 12669544]
"NvMediaCenter"=F:\WINDOWS\system32\NvMcTray.dll [2009-11-20 110184]
"SunJavaUpdateSched"=F:\Program Files\Java\jre6\bin\jusched.exe [2009-12-26 149280]
"QuickTime Task"=F:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"iTunesHelper"=F:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=F:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"ctfmon.exe"=F:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
F:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
F:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
F:\Program Files\RivaTuner v2.22\RivaTuner.exe [2008-12-29 2732032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
F:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-12-09 234856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
F:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-04-02 25214]

F:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - F:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
F:\WINDOWS\system32\avgrsstx.dll [2009-08-24 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
f:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2008-11-07 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
F:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="F:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"F:\Program Files\LimeWire\LimeWire.exe"="F:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"F:\Program Files\Skype\Phone\Skype.exe"="F:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"F:\Program Files\AVG\AVG8\avgupd.exe"="F:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"F:\Program Files\AVG\AVG8\avgemc.exe"="F:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"F:\Program Files\uTorrent\uTorrent.exe"="F:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\Program Files\Curse\CurseClient.exe"="F:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client"
"F:\Program Files\Windows Live\Messenger\wlcsdk.exe"="F:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"F:\Program Files\Windows Live\Messenger\msnmsgr.exe"="F:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"F:\Program Files\AVG\AVG8\avgnsx.exe"="F:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"F:\Program Files\Ventrilo\Ventrilo.exe"="F:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"F:\Program Files\Bonjour\mDNSResponder.exe"="F:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"F:\Program Files\iTunes\iTunes.exe"="F:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\Program Files\Windows Live\Messenger\wlcsdk.exe"="F:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"F:\Program Files\Windows Live\Messenger\msnmsgr.exe"="F:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======File associations======

.scr - open - "F:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-01-02 22:29:22 ----D---- F:\rsit
2009-12-29 04:13:38 ----HD---- F:\$AVG8.VAULT$
2009-12-28 14:47:56 ----SHD---- F:\RECYCLER
2009-12-28 13:41:37 ----A---- F:\WINDOWS\MBR.exe
2009-12-28 13:41:36 ----A---- F:\WINDOWS\zip.exe
2009-12-28 13:41:36 ----A---- F:\WINDOWS\SWXCACLS.exe
2009-12-28 13:41:36 ----A---- F:\WINDOWS\SWSC.exe
2009-12-28 13:41:36 ----A---- F:\WINDOWS\SWREG.exe
2009-12-28 13:41:36 ----A---- F:\WINDOWS\sed.exe
2009-12-28 13:41:36 ----A---- F:\WINDOWS\PEV.exe
2009-12-28 13:41:36 ----A---- F:\WINDOWS\grep.exe
2009-12-28 01:01:39 ----D---- F:\Program Files\iPod
2009-12-28 01:01:36 ----D---- F:\Program Files\iTunes
2009-12-28 00:59:51 ----D---- F:\Program Files\QuickTime
2009-12-26 00:18:29 ----D---- F:\Documents and Settings\Ronnie\Application Data\Malwarebytes
2009-12-26 00:18:20 ----D---- F:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-12-26 00:18:18 ----D---- F:\Program Files\Malwarebytes' Anti-Malware
2009-12-24 16:51:56 ----A---- F:\WINDOWS\system32\tmp.txt
2009-12-24 12:49:24 ----A---- F:\WINDOWS\wininit.ini
2009-12-23 14:23:54 ----D---- F:\Program Files\Trend Micro
2009-12-16 16:35:51 ----D---- F:\Program Files\DIFX
2009-12-09 03:05:10 ----HDC---- F:\WINDOWS\$NtUninstallKB970430$
2009-12-09 03:04:52 ----HDC---- F:\WINDOWS\$NtUninstallKB974318$
2009-12-09 03:03:59 ----HDC---- F:\WINDOWS\$NtUninstallKB973904$
2009-12-09 03:03:54 ----HDC---- F:\WINDOWS\$NtUninstallKB974392$
2009-12-09 03:03:46 ----HDC---- F:\WINDOWS\$NtUninstallKB971737$

======List of files/folders modified in the last 1 months======

2010-01-02 22:29:37 ----D---- F:\WINDOWS\Prefetch
2010-01-02 20:01:21 ----D---- F:\Program Files\Mozilla Firefox
2010-01-02 13:17:09 ----D---- F:\WINDOWS\TEMP
2010-01-01 14:56:33 ----D---- F:\WINDOWS\Internet Logs
2009-12-31 23:16:07 ----D---- F:\Program Files
2009-12-31 23:15:58 ----D---- F:\Documents and Settings\Ronnie\Application Data\Shareaza
2009-12-31 23:15:39 ----D---- F:\Program Files\LimeWire
2009-12-28 15:57:05 ----D---- F:\WINDOWS\system32\CatRoot2
2009-12-28 15:00:15 ----D---- F:\WINDOWS\network diagnostic
2009-12-28 14:56:05 ----D---- F:\Documents and Settings
2009-12-28 14:51:16 ----D---- F:\WINDOWS\system32
2009-12-28 14:47:58 ----A---- F:\WINDOWS\SchedLgU.Txt
2009-12-28 14:23:46 ----D---- F:\WINDOWS\system32\drivers
2009-12-28 14:20:35 ----D---- F:\WINDOWS\erdnt
2009-12-28 14:07:00 ----D---- F:\WINDOWS
2009-12-28 14:07:00 ----A---- F:\WINDOWS\system.ini
2009-12-28 14:03:58 ----D---- F:\WINDOWS\system32\config
2009-12-28 13:51:23 ----D---- F:\WINDOWS\AppPatch
2009-12-28 13:51:20 ----D---- F:\Program Files\Common Files
2009-12-28 01:05:08 ----SHD---- F:\WINDOWS\Installer
2009-12-28 01:01:38 ----D---- F:\Program Files\Common Files\Apple
2009-12-28 00:58:15 ----D---- F:\WINDOWS\WinSxS
2009-12-27 00:34:29 ----D---- F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-26 00:55:40 ----D---- F:\Program Files\Java
2009-12-26 00:50:35 ----A---- F:\WINDOWS\system32\javaws.exe
2009-12-26 00:50:35 ----A---- F:\WINDOWS\system32\javaw.exe
2009-12-26 00:50:35 ----A---- F:\WINDOWS\system32\java.exe
2009-12-26 00:50:35 ----A---- F:\WINDOWS\system32\deploytk.dll
2009-12-26 00:03:52 ----A---- F:\WINDOWS\win.ini
2009-12-25 23:50:12 ----D---- F:\WINDOWS\pss
2009-12-24 00:45:36 ----A---- F:\WINDOWS\ntbtlog.txt
2009-12-23 19:13:54 ----D---- F:\WINDOWS\Minidump
2009-12-23 18:39:25 ----D---- F:\Program Files\Spybot - Search & Destroy
2009-12-18 22:13:35 ----D---- F:\Program Files\World of Warcraft
2009-12-17 14:18:59 ----D---- F:\Documents and Settings\All Users\Application Data\avg8
2009-12-17 13:21:10 ----D---- F:\Documents and Settings\Ronnie\Application Data\U3
2009-12-17 13:15:20 ----D---- F:\WINDOWS\system32\Macromed
2009-12-17 12:54:36 ----D---- F:\WINDOWS\Registration
2009-12-17 00:46:46 ----SHD---- F:\WINDOWS\CSC
2009-12-17 00:23:14 ----HD---- F:\Program Files\InstallShield Installation Information
2009-12-16 23:51:34 ----DC---- F:\WINDOWS\system32\DRVSTORE
2009-12-16 23:12:51 ----HD---- F:\WINDOWS\inf
2009-12-14 22:56:26 ----RSHDC---- F:\WINDOWS\system32\dllcache
2009-12-14 22:56:20 ----D---- F:\Program Files\Internet Explorer
2009-12-09 03:26:21 ----A---- F:\WINDOWS\system32\PerfStringBackup.INI
2009-12-09 03:04:54 ----A---- F:\WINDOWS\imsins.BAK
2009-12-09 03:04:13 ----D---- F:\WINDOWS\ie8updates
2009-12-09 03:04:03 ----HD---- F:\WINDOWS\$hf_mig$
2009-12-07 23:33:54 ----D---- F:\Program Files\World of Warcraft Public Test

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; F:\WINDOWS\System32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 AsIO;AsIO; F:\WINDOWS\system32\drivers\AsIO.sys [2004-10-14 4962]
R1 aslm75;aslm75; \??\F:\WINDOWS\system32\drivers\aslm75.sys []
R1 AvgLdx86;AVG AVI Loader Driver x86; F:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-24 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; F:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-24 27784]
R1 AvgTdiX;AVG8 Network Redirector; F:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-18 108552]
R1 kbdhid;Keyboard HID Driver; F:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 vsdatant;vsdatant; F:\WINDOWS\System32\vsdatant.sys [2009-02-15 353672]
R2 ElbyCDIO;ElbyCDIO Driver; F:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); F:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 AnyDVD;AnyDVD; F:\WINDOWS\System32\Drivers\AnyDVD.sys [2003-09-29 22912]
R3 Arp1394;1394 ARP Client Protocol; F:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BlueletAudio;Bluetooth Audio Service; F:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2004-10-19 20096]
R3 Btcsrusb;Bluetooth USB For Bluetooth Service; F:\WINDOWS\System32\Drivers\btcusb.sys [2005-01-17 23000]
R3 BTHidEnum;Bluetooth HID Enumerator; F:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-01-13 12500]
R3 ElbyDelay;ElbyDelay; F:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; F:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HidUsb;Microsoft HID Class Driver; F:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver; F:\WINDOWS\system32\drivers\LGBusEnum.sys [2009-07-14 19720]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; F:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-09-26 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; F:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-09-26 37392]
R3 mouhid;Mouse HID Driver; F:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; F:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; F:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 NIC1394;1394 Net Driver; F:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; F:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2009-11-20 10235968]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; F:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; F:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 pfc;Padus ASPI Shell; F:\WINDOWS\system32\drivers\pfc.sys [2006-03-29 9856]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; F:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888]
R3 usbccgp;Microsoft USB Generic Parent Driver; F:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; F:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; F:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; F:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB Mass Storage Driver; F:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 VComm;Virtual Serial port driver; F:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; F:\WINDOWS\System32\Drivers\VcommMgr.sys [2004-11-05 82148]
R3 VHidMinidrv;Bluetooth HID Device Service; F:\WINDOWS\system32\drivers\VHIDMini.sys [2004-09-22 12504]
R3 Wdf01000;Wdf01000; F:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 lusbaudio;Logitech USB Microphone; F:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 25216]
S1 nvport;NVIDIA PORT IO Control Driver; \??\F:\WINDOWS\system32\Drivers\nvport.sys []
S2 nvcap;nVidia WDM Video Capture (universal); F:\WINDOWS\system32\DRIVERS\nvcap.sys [2005-04-14 141582]
S2 nvTUNEP;nVidia WDM TVTuner; F:\WINDOWS\system32\DRIVERS\nvtunep.sys []
S2 nvtvSND;nVidia WDM TVAudio Crossbar; F:\WINDOWS\system32\DRIVERS\nvtvsnd.sys []
S2 NVXBAR;nVidia WDM A/V Crossbar; F:\WINDOWS\system32\DRIVERS\NVxbar.sys [2005-04-14 16496]
S2 tmcomm;tmcomm; \??\F:\WINDOWS\system32\drivers\tmcomm.sys []
S3 BrScnUsb;Brother USB Still Image driver; F:\WINDOWS\System32\Drivers\BrScnUsb.sys [2003-12-19 15263]
S3 BT;Bluetooth PAN Network Adapter; F:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2004-09-21 10804]
S3 BthEnum;Bluetooth Enumerator Service; F:\WINDOWS\System32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); F:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; F:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; F:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 BTNetFilter;Bluetooth Network Filter; \??\F:\WINDOWS\system32\drivers\BTNetFilter.sys []
S3 catchme;catchme; \??\F:\DOCUME~1\Ronnie\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; F:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 dtscsi;dtscsi; F:\WINDOWS\System32\Drivers\dtscsi.sys [2006-03-19 223128]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; F:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-09-26 20240]
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; F:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2006-03-28 55808]
S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; F:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-03-28 27008]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; F:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2006-03-28 69760]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\F:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 Mo3Fltr;MMO Mouse; F:\WINDOWS\system32\drivers\Mo3Fltr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; F:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 n558;N558 Bluetooth USB Filter Driver; F:\WINDOWS\System32\Drivers\n558.sys [2007-08-15 9600]
S3 NABTSFEC;NABTS/FEC VBI Codec; F:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; F:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; F:\WINDOWS\system32\drivers\nvax.sys [2005-07-26 53376]
S3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; F:\WINDOWS\system32\drivers\nvapu.sys [2005-07-26 415360]
S3 P2k;Motorola USB Device; F:\WINDOWS\system32\DRIVERS\P2k.sys [2005-01-09 16032]
S3 Point32;Microsoft IntelliPoint Filter Driver; F:\WINDOWS\system32\DRIVERS\point32.sys [2005-03-15 20352]
S3 QCEmerald;Logitech QuickCam Web; F:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 31872]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); F:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 RivaTuner32;RivaTuner32; \??\F:\Program Files\RivaTuner v2.22\RivaTuner32.sys []
S3 se59bus;Sony Ericsson Device 089 driver (WDM); F:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 61536]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter; F:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 9360]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver; F:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 97088]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM); F:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 88624]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS); F:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 18704]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface; F:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 86432]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM); F:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 90800]
S3 SLIP;BDA Slip De-Framer; F:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; F:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; F:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 usbaudio;USB Audio Driver (WDM); F:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Microsoft USB PRINTER Class; F:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; F:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;Motorola USB Modem Driver; F:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 uxtdqpoc;uxtdqpoc; \??\F:\DOCUME~1\Ronnie\LOCALS~1\Temp\uxtdqpoc.sys []
S3 WSTCODEC;World Standard Teletext Codec; F:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; F:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; F:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; F:\WINDOWS\System32\DRIVERS\yk51x86.sys [2007-12-06 285952]
S4 IntelIde;IntelIde; F:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; F:\WINDOWS\System32\Drivers\sptd.sys [2006-03-19 642560]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 avg8emc;AVG Free8 E-mail Scanner; F:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-24 908056]
R2 avg8wd;AVG8 WatchDog; F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-24 297752]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; F:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2005-01-27 106496]
R2 Bonjour Service;Bonjour Service; F:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 brmfrmps;Brother Popup Suspend service for Resource manager; F:\WINDOWS\system32\Brmfrmps.exe [2003-05-05 65536]
R2 Brother XP spl Service;BrSplService; F:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344]
R2 BthServ;Bluetooth Support Service; F:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; F:\Program Files\Java\jre6\bin\jqs.exe [2009-12-26 153376]
R2 NVSvc;NVIDIA Display Driver Service; F:\WINDOWS\system32\nvsvc32.exe [2009-11-20 154216]
R2 vsmon;TrueVector Internet Monitor; F:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-15 2402184]
R3 Adobe LM Service;Adobe LM Service; F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-09-19 69632]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; f:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
R3 iPod Service;iPod Service; F:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S2 WMPNetworkSvc;Windows Media Player Network Sharing Service; F:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 aspnet_state;ASP.NET State Service; F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; F:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2007-11-26 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 IDriverT;InstallDriver Table Manager; F:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; F:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2008-11-07 121360]
S3 NBService;NBService; F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-10-09 724992]
S3 ose;Office Source Engine; F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; F:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------




info.txt logfile of random's system information tool 1.06 2010-01-02 22:29:58

======Uninstall list======

-->F:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->F:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->F:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->F:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->F:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->F:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->F:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
-->MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 F:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->F:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Shockwave Player 11-->F:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE F:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Ai Booster-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{74BF0A46-DF67-4D86-B038-BF0E51871B66}\Setup.exe" -l0x9
AnyDVD-->"F:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="F:\Program Files\SlySoft\AnyDVD"
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASUS Probe V2.24.10-->F:\WINDOWS\uninst.exe -f"F:\Program Files\ASUS\Asus Probe\DeIsL2.isu" -c"F:\Program Files\ASUS\Asus Probe\probunis.dll"
ASUSUpdate-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\Setup.exe" -l0x9
Athlon 64 Processor Driver-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
AutoCAD 2008 - English-->F:\Program Files\AutoCAD 2008\Setup\Setup.exe /P {5783F2D7-6001-0409-0002-0060B0CE6BBA} /M ACAD
Autodesk DWF Viewer 7-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
AVG 8.5-->F:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BlueSoleil-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\setup.exe" -l0x9
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Brother MFL-Pro Suite-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{40A6C96D-808E-41DD-8716-617AB6B0F1F1}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll
Canon EOS 10D WIA Driver-->F:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{095659A2-739F-4D9A-A916-66C7CAD16F9E}
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
CDex extraction audio-->"F:\Program Files\CDex_150\uninstall.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Comic Life-->MsiExec.exe /X{6A1F0A1A-474C-4151-8534-5F61832D88CD}
Command & Conquer The First Decade-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}\setup.exe" -l0x9 -removeonly
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Cool & Quiet-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}\Setup.exe" -l0x9
Critical Update for Windows Media Player 11 (KB959772)-->"F:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Curse Client-->F:\Program Files\Curse\uninstall.exe
Disc2Phone-->MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
DivX Converter-->F:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->F:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->F:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only)-->"F:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"F:\Program Files\DVD Shrink\unins000.exe"
FLVPlayer4Free Free FLV Player 3.1.0.0-->"F:\Program Files\FLVPlayer4Free\unins000.exe"
GA-Virtual City-->F:\WINDOWS\UnSc9286.exe "F:\Program Files\GA-Virtual City\Unscr.log"
Google Earth-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Hijackthis 1.99.1-->"F:\Program Files\Hijackthis\unins000.exe"
HijackThis 2.0.2-->"F:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->F:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->F:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->F:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"F:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"F:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"F:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"F:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"F:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"F:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"F:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"F:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
ieSpell-->"F:\Program Files\ieSpell\uninst.exe"
iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Kaspersky Online Scanner-->F:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Logitech GamePanel Software 3.03.133-->MsiExec.exe /X{6CC95B76-D380-46B2-9022-9353938E48BA}
Logitech SetPoint-->"F:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x0009 -removeonly
Malwarebytes' Anti-Malware-->"F:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"F:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "F:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->F:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"F:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"F:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"F:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"F:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"F:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"F:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mobile PhoneTools-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}\setup.exe" -l0x9
Mozilla Firefox (3.5.6)-->F:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MSXML4SP2-->MsiExec.exe /I{451BB54C-8B23-4455-8BDC-14FC7D43E056}
Nero 7 Ultra Edition-->MsiExec.exe /I{F14B8ECC-BDA0-4987-9201-D7B7DBE11033}
NVIDIA Drivers-->F:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nTune-->F:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
NVIDIA nView Desktop Manager-->F:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
NVIDIA WDM Drivers-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}\Setup.exe"
Panda ActiveScan-->F:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PaperPort-->MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
PowerDVD-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Realtek AC'97 Audio-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RivaTuner v2.22-->"F:\Program Files\RivaTuner v2.22\uninstall.exe"
Safari-->MsiExec.exe /I{0AFC9710-5DD6-4C6A-BA52-91AE992B2C9D}
Satellite Antenna Alignment v2.37.2-->"F:\Program Files\AL-Software\Satellite Antenna Alignment\unins000.exe"
Sci-Fi Fighters-->F:\WINDOWS\UnSc9974.exe "F:\Program Files\Sci-Fi Fighters\Unscr.log"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB937143)-->"F:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"F:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"F:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"F:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"F:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"F:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"F:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"F:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"F:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"F:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"F:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"F:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"F:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"F:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"F:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"F:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"F:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"F:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"F:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"F:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"F:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"F:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"F:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"F:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"F:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"F:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"F:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"F:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"F:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"F:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"F:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"F:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"F:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"F:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"F:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"F:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"F:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"F:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"F:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"F:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"F:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"F:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"F:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"F:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"F:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"F:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"F:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"F:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"F:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"F:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"F:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"F:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"F:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"F:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"F:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"F:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"F:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"F:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"F:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"F:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"F:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"F:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"F:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"F:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"F:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"F:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"F:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"F:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"F:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"F:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"F:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"F:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"F:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"F:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"F:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"F:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"F:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"F:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"F:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"F:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"F:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"F:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"F:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"F:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"F:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"F:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"F:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sid Meier's Civilization 4-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SnappySoft-->F:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F07DDF60-12BA-433C-BD70-013C7E22DB86}
Soap 3.0 Toolkit-->MsiExec.exe /I{2C464EC1-2B0C-4490-9CAC-D4562DD8377A}
Spybot - Search & Destroy-->"F:\Program Files\Spybot - Search & Destroy\unins001.exe"
SpywareBlaster 4.1-->"F:\Program Files\SpywareBlaster\unins000.exe"
System Requirements Lab-->F:\Program Files\SystemRequirementsLab\Uninstall.exe
TomTom HOME 2.5.2.60-->F:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
UFile 2007-->MsiExec.exe /X{37D74171-3131-498A-BE5D-7E3DA6AC0DBE}
UFile 2008-->MsiExec.exe /X{2A5C6AD0-F7B3-40A1-B140-23B085B1B8CE}
UFile Updater 2007-->MsiExec.exe /X{BAF0296B-77EA-425B-934E-671B4DBAED6E}
UFile Updater 2008-->MsiExec.exe /X{C9967B5A-6E08-4E79-BFBD-BBB07DB0CA04}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->F:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB971930)-->"F:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"F:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"F:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"F:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"F:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"F:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"F:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"F:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"F:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"F:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"F:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Virtual Earth 3D (Beta)-->MsiExec.exe /I{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}
Winamp (remove only)-->"F:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component-->"F:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"F:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->F:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live OneCare safety scanner-->RunDll32.exe "F:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Connect-->"F:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"F:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"F:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"F:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"F:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"F:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
World of Warcraft-->F:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft Public Test-PTR (2)\Uninstall.exe
XviD 1.1 final uninstall-->"F:\Program Files\XviD\unins000.exe"
ZoneAlarm Spy Blocker-->rundll32 F:\PROGRA~1\ZONEAL~1\bar\1.bin\SpyBlock.dll,O
ZoneAlarm-->F:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

=====HijackThis Backups=====

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) [2010-01-01]
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [2010-01-01]

======Security center information======

AV: AVG Anti-Virus Free
FW: ZoneAlarm Firewall

======System event log======

Computer Name: NISMO
Event Code: 7001
Message: The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 3392
Source Name: Service Control Manager
Time Written: 20091125004055.000000-480
Event Type: error
User:

Computer Name: NISMO
Event Code: 7000
Message: The tmcomm service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 3391
Source Name: Service Control Manager
Time Written: 20091125004055.000000-480
Event Type: error
User:

Computer Name: NISMO
Event Code: 7000
Message: The nVidia WDM A/V Crossbar service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 3390
Source Name: Service Control Manager
Time Written: 20091125004055.000000-480
Event Type: error
User:

Computer Name: NISMO
Event Code: 7000
Message: The nVidia WDM TVAudio Crossbar service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 3389
Source Name: Service Control Manager
Time Written: 20091125004055.000000-480
Event Type: error
User:

Computer Name: NISMO
Event Code: 7000
Message: The nVidia WDM TVTuner service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 3388
Source Name: Service Control Manager
Time Written: 20091125004055.000000-480
Event Type: error
User:

=====Application event log=====

Computer Name: NISMO
Event Code: 1
Message:
Record Number: 10144
Source Name: nview_info
Time Written: 20090731002123.000000-420
Event Type: error
User:

Computer Name: NISMO
Event Code: 1
Message:
Record Number: 10143
Source Name: nview_info
Time Written: 20090731002123.000000-420
Event Type: error
User:

Computer Name: NISMO
Event Code: 1
Message:
Record Number: 10142
Source Name: nview_info
Time Written: 20090731002123.000000-420
Event Type: error
User:

Computer Name: NISMO
Event Code: 1
Message:
Record Number: 10141
Source Name: nview_info
Time Written: 20090731002123.000000-420
Event Type: error
User:

Computer Name: NISMO
Event Code: 1
Message:
Record Number: 10140
Source Name: nview_info
Time Written: 20090731002123.000000-420
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;F:\Program Files\Common Files\Ulead Systems\MPEG;F:\Program Files\Ulead Systems\Ulead DVD MovieFactory 3 Suite;F:\Program Files\Zone Labs\ZoneAlarm\MailFrontier;F:\Program Files\Common Files\Teleca Shared;F:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 39 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=2701
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"tvdumpflags"=8
"CLASSPATH"=.;F:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=F:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
ronn79
Active Member
 
Posts: 11
Joined: December 27th, 2009, 5:38 pm

Re: bsod, slow, crash, redirects, virus...

Unread postby km2357 » January 3rd, 2010, 5:30 pm

Step # 1: Download and Run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

*Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

When finished, it shall produce a log for you. Please include C:\ComboFix.txt in your next reply.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: bsod, slow, crash, redirects, virus...

Unread postby ronn79 » January 4th, 2010, 5:47 pm

ComboFix 10-01-03.05 - Ronnie 01/04/2010 1:24.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2403 [GMT -8:00]
Running from: f:\documents and settings\Ronnie\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((( Files Created from 2009-12-04 to 2010-01-04 )))))))))))))))))))))))))))))))
.

2009-12-29 12:13 . 2010-01-03 12:13 -------- d-----w- F:\$AVG8.VAULT$
2009-12-28 09:01 . 2009-12-28 09:01 -------- d-----w- f:\program files\iPod
2009-12-28 09:01 . 2009-12-28 09:02 -------- d-----w- f:\program files\iTunes
2009-12-28 08:59 . 2009-12-28 09:00 -------- d-----w- f:\program files\QuickTime
2009-12-26 08:18 . 2009-12-26 08:18 -------- d-----w- f:\documents and settings\Ronnie\Application Data\Malwarebytes
2009-12-26 08:18 . 2009-12-04 00:14 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2009-12-26 08:18 . 2009-12-26 08:18 -------- d-----w- f:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-26 08:18 . 2009-12-26 08:18 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware
2009-12-26 08:18 . 2009-12-04 00:13 19160 ----a-w- f:\windows\system32\drivers\mbam.sys
2009-12-26 08:15 . 2009-12-26 08:47 79488 ----a-w- f:\documents and settings\Ronnie\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-24 08:56 . 2009-12-24 08:56 -------- d-----w- f:\documents and settings\Ronnie\Local Settings\Application Data\{32CC61F0-795B-44DC-BEA2-E43F6523AE56}
2009-12-23 22:23 . 2009-12-23 22:23 -------- d-----w- f:\program files\Trend Micro
2009-12-17 21:37 . 2009-12-17 21:33 2065688 ----a-w- f:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-12-17 08:50 . 2009-12-17 08:50 664 ----a-w- f:\windows\system32\d3d9caps.dat
2009-12-17 05:30 . 2009-12-17 05:30 -------- d-sh--w- f:\windows\system32\config\systemprofile\IETldCache
2009-12-17 00:35 . 2009-12-17 00:35 -------- d-----w- f:\program files\DIFX
2009-12-15 06:59 . 2009-12-25 00:48 120 ----a-w- f:\windows\Tdoyuju.dat
2009-12-15 06:59 . 2009-12-24 08:56 0 ----a-w- f:\windows\Nnejexugu.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-04 05:18 . 2007-08-02 01:58 2107764 ----a-w- f:\windows\Internet Logs\tvDebug.Zip
2010-01-04 05:15 . 2009-11-25 08:38 900912 ----a-w- f:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-01-01 07:15 . 2008-09-09 00:27 -------- d-----w- f:\documents and settings\Ronnie\Application Data\Shareaza
2010-01-01 07:15 . 2007-06-09 21:06 -------- d-----w- f:\program files\LimeWire
2009-12-28 09:01 . 2008-02-22 06:08 -------- d-----w- f:\program files\Common Files\Apple
2009-12-27 08:34 . 2006-03-19 18:25 -------- d-----w- f:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-26 08:55 . 2006-04-08 21:03 -------- d-----w- f:\program files\Java
2009-12-26 08:50 . 2008-12-16 02:45 411368 ----a-w- f:\windows\system32\deploytk.dll
2009-12-26 08:49 . 2009-11-03 20:24 152576 ----a-w- f:\documents and settings\Ronnie\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-24 02:39 . 2006-03-19 18:25 -------- d-----w- f:\program files\Spybot - Search & Destroy
2009-12-23 11:52 . 2009-12-23 21:50 3720192 ----a-w- f:\windows\Internet Logs\xDB17.tmp
2009-12-22 21:29 . 2009-12-22 21:55 328704 ----a-w- f:\windows\Internet Logs\xDB16.tmp
2009-12-22 18:52 . 2009-12-22 21:17 3720192 ----a-w- f:\windows\Internet Logs\xDB15.tmp
2009-12-19 06:13 . 2006-10-31 01:36 -------- d-----w- f:\program files\World of Warcraft
2009-12-17 22:18 . 2008-05-14 03:51 -------- d-----w- f:\documents and settings\All Users\Application Data\avg8
2009-12-17 21:21 . 2007-08-18 22:04 -------- d-----w- f:\documents and settings\Ronnie\Application Data\U3
2009-12-17 08:26 . 2009-12-17 08:36 3067392 ----a-w- f:\windows\Internet Logs\xDB14.tmp
2009-12-17 08:23 . 2006-03-18 19:37 -------- d--h--w- f:\program files\InstallShield Installation Information
2009-12-15 06:55 . 2009-12-15 06:55 20 ----a-w- f:\windows\system32\config\systemprofile\Application Data\fvgqad.dat
2009-12-08 07:33 . 2009-11-04 21:09 -------- d-----w- f:\program files\World of Warcraft Public Test
2009-12-03 07:25 . 2006-03-18 19:44 -------- d-----w- f:\program files\NVIDIA Corporation
2009-12-03 07:12 . 2008-11-12 00:05 -------- d-----w- f:\documents and settings\All Users\Application Data\Logitech
2009-12-03 07:12 . 2006-05-29 00:09 -------- d-----w- f:\program files\Logitech
2009-12-03 02:03 . 2009-12-03 02:17 3632640 ----a-w- f:\windows\Internet Logs\xDB13.tmp
2009-11-21 04:32 . 2009-11-21 04:32 278120 ----a-w- f:\windows\system32\nvmccs.dll
2009-11-21 04:32 . 2009-11-21 04:32 154216 ----a-w- f:\windows\system32\nvsvc32.exe
2009-11-21 04:32 . 2009-11-21 04:32 145000 ----a-w- f:\windows\system32\nvcolor.exe
2009-11-21 04:32 . 2009-11-21 04:32 12669544 ----a-w- f:\windows\system32\nvcpl.dll
2009-11-21 04:32 . 2009-11-21 04:32 110184 ----a-w- f:\windows\system32\nvmctray.dll
2009-11-21 04:32 . 2009-11-21 04:32 81920 ----a-w- f:\windows\system32\nvwddi.dll
2009-11-20 05:42 . 2006-03-18 19:34 592488 ----a-w- f:\windows\system32\NVUNINST.EXE
2009-11-13 01:07 . 2009-11-13 01:07 79144 ----a-w- f:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-03 21:07 . 2009-11-03 21:07 51373 ----a-w- f:\windows\Internet Logs\zlclient_2nd_2009_11_03_13_01_11_small.dmp.zip
2009-11-03 20:39 . 2009-11-03 20:39 290816 ----a-w- f:\documents and settings\Ronnie\Application Data\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-11-03 20:39 . 2009-11-03 20:39 290816 ----a-w- f:\documents and settings\Ronnie\Application Data\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-11-03 20:39 . 2009-11-03 20:39 290816 ----a-w- f:\documents and settings\Ronnie\Application Data\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-11-03 20:39 . 2009-11-03 20:39 290816 ----a-w- f:\documents and settings\Ronnie\Application Data\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-10-29 07:45 . 2004-01-08 23:23 916480 ------w- f:\windows\system32\wininet.dll
2009-10-21 05:38 . 2006-03-19 08:20 75776 ----a-w- f:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2006-03-19 08:20 25088 ----a-w- f:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-03-19 08:20 265728 ------w- f:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2001-08-23 12:00 270336 ----a-w- f:\windows\system32\oakley.dll
2009-10-12 13:38 . 2001-08-23 12:00 149504 ----a-w- f:\windows\system32\rastls.dll
2009-10-12 13:38 . 2001-08-23 12:00 79872 ----a-w- f:\windows\system32\raschap.dll
2007-09-27 06:19 . 2007-09-27 06:19 409112 ----a-w- f:\program files\processscanner.exe
2006-09-17 02:53 . 2006-09-17 02:53 24640 ----a-w- f:\program files\Common Files\security
2006-10-02 03:02 . 2006-10-02 03:02 952 --sha-w- f:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="f:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="f:\windows\System32\nvraidservice.exe" [2005-01-17 84480]
"NVIDIA nTune"="f:\program files\NVIDIA Corporation\nTune\\nTune.exe" [2004-12-06 532480]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Launch Ai Booster"="f:\program files\ASUS\Ai Booster\OverClk.exe" [2005-06-16 3627520]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"SetDefPrt"="f:\program files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"PaperPort PTD"="f:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"NeroFilterCheck"="f:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"IndexSearch"="f:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"AVG8_TRAY"="f:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-17 2043160]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632]
"ZoneAlarm Client"="f:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"Launch LgDeviceAgent"="f:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-14 357384]
"Launch LCDMon"="f:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-08-14 1573384]
"Launch LGDCore"="f:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-14 3161608]
"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
"NvMediaCenter"="f:\windows\system32\NvMcTray.dll" [2009-11-21 110184]
"SunJavaUpdateSched"="f:\program files\Java\jre6\bin\jusched.exe" [2009-12-26 149280]
"QuickTime Task"="f:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]

f:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - f:\program files\Logitech\SetPoint\SetPoint.exe [2006-5-28 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-24 15:52 11952 ----a-w- f:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-11-08 00:41 72208 ----a-w- f:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=f:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=f:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 09:12 483328 ----a-w- f:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 07:08 417792 ----a-w- f:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
2008-12-29 08:30 2732032 ----a-w- f:\program files\RivaTuner v2.22\RivaTuner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2008-12-09 10:12 234856 ----a-w- f:\program files\TomTom HOME 2\HOMERunner.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=f:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DAEMON Tools"="f:\program files\DAEMON Tools\daemon.exe" -lang 1033
"ElbyCheckAnyDVD"="f:\program files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
"ControlCenter2.0"=f:\program files\Brother\ControlCenter2\brctrcen.exe /autorun
"SSBkgdUpdate"="f:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"f:\\Program Files\\Skype\\Phone\\Skype.exe"=
"f:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"f:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"f:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\Curse\\CurseClient.exe"=
"f:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"f:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"f:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"f:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"f:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"6016:TCP"= 6016:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"2960:TCP"= 2960:TCP:Services
"3991:TCP"= 3991:TCP:Services

R1 AvgLdx86;AVG AVI Loader Driver x86;f:\windows\system32\drivers\avgldx86.sys [5/13/2008 7:51 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;f:\windows\system32\drivers\avgtdix.sys [5/13/2008 7:51 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;f:\progra~1\AVG\AVG8\avgemc.exe [7/3/2008 1:54 PM 908056]
R2 avg8wd;AVG8 WatchDog;f:\progra~1\AVG\AVG8\avgwdsvc.exe [7/3/2008 1:54 PM 297752]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;f:\windows\system32\drivers\LGBusEnum.sys [7/14/2009 3:35 PM 19720]
S0 sptd;sptd;f:\windows\system32\drivers\sptd.sys [3/19/2006 12:06 PM 642560]
S2 nvTUNEP;nVidia WDM TVTuner;f:\windows\system32\DRIVERS\nvtunep.sys --> f:\windows\system32\DRIVERS\nvtunep.sys [?]
S2 nvtvSND;nVidia WDM TVAudio Crossbar;f:\windows\system32\DRIVERS\nvtvsnd.sys --> f:\windows\system32\DRIVERS\nvtvsnd.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;f:\windows\system32\drivers\mbamswissarmy.sys [12/26/2009 12:18 AM 38224]
S3 Mo3Fltr;MMO Mouse;f:\windows\system32\drivers\Mo3Fltr.sys --> f:\windows\system32\drivers\Mo3Fltr.sys [?]
S3 QCEmerald;Logitech QuickCam Web;f:\windows\system32\drivers\OVCE.sys [6/18/2006 1:44 PM 31872]
.
Contents of the 'Scheduled Tasks' folder

2010-01-01 f:\windows\Tasks\AppleSoftwareUpdate.job
- f:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mytelus.com/home_page.html
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - f:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - f:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Convert link target to Adobe PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://f:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://f:\program files\ieSpell\wikipedia.HTM
DPF: Justin.tv Publisher - hxxp://www.justin.tv/plugins/justintv_publisher.CAB
FF - ProfilePath - f:\documents and settings\Ronnie\Application Data\Mozilla\Firefox\Profiles\52ywx40x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.mytelus.com/home_page.html
FF - component: f:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: f:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
FF - plugin: f:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - f:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {32CC61F0-795B-44DC-BEA2-E43F6523AE56} - f:\documents and settings\Ronnie\Local Settings\Application Data\{32CC61F0-795B-44DC-BEA2-E43F6523AE56}\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-04 01:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(756)
f:\program files\common files\logitech\bluetooth\LBTWlgn.dll
f:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(2340)
f:\windows\system32\WININET.dll
f:\program files\Logitech\SetPoint\lgscroll.dll
f:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
f:\windows\system32\ieframe.dll
f:\windows\system32\webcheck.dll
f:\windows\system32\WPDShServiceObj.dll
f:\windows\system32\PortableDeviceTypes.dll
f:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-04 01:33:15
ComboFix-quarantined-files.txt 2010-01-04 09:32

Pre-Run: 132,282,138,624 bytes free
Post-Run: 132,228,239,360 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
f:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 31A8186ACE2BFAD1EE75E2FA2C8BBC60
ronn79
Active Member
 
Posts: 11
Joined: December 27th, 2009, 5:38 pm

Re: bsod, slow, crash, redirects, virus...

Unread postby km2357 » January 5th, 2010, 1:48 am

Step # 1: Run CFScript

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    KILLALL::
    
    File::
    
    f:\windows\Tdoyuju.dat
    f:\windows\Nnejexugu.bin
    f:\windows\Internet Logs\xDB17.tmp
    f:\windows\Internet Logs\xDB16.tmp
    f:\windows\Internet Logs\xDB15.tmp
    f:\windows\Internet Logs\xDB14.tmp
    f:\windows\Internet Logs\xDB13.tmp
    
    Folder::
    
    f:\documents and settings\Ronnie\Application Data\Shareaza
    f:\program files\LimeWire
    f:\Program Files\uTorrent
    
    Registry::
    
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "f:\\Program Files\\uTorrent\\uTorrent.exe"=-



  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.




    Image


    Note: This CFScript is for use on ronn79's computer only! Do not use it on your computer.


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

In your next post/reply, I need to see the following:

1. The ComboFix Log that appears after Step 1 has been completed.
2. A fresh RSIT Log taken after Step 1 has been completed.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: bsod, slow, crash, redirects, virus...

Unread postby ronn79 » January 5th, 2010, 3:10 am

ComboFix 10-01-04.01 - Ronnie 01/04/2010 22:37:42.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2256 [GMT -8:00]
Running from: f:\documents and settings\Ronnie\Desktop\ComboFix.exe
Command switches used :: f:\documents and settings\Ronnie\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"f:\windows\Internet Logs\xDB13.tmp"
"f:\windows\Internet Logs\xDB14.tmp"
"f:\windows\Internet Logs\xDB15.tmp"
"f:\windows\Internet Logs\xDB16.tmp"
"f:\windows\Internet Logs\xDB17.tmp"
"f:\windows\Nnejexugu.bin"
"f:\windows\Tdoyuju.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

f:\documents and settings\Ronnie\Application Data\Shareaza
f:\documents and settings\Ronnie\Application Data\Shareaza\Torrents\wow-partial-1.MPQ.torrent
f:\program files\LimeWire
f:\program files\LimeWire\hs_err_pid6828.log
f:\program files\LimeWire\lib\commons-net.jar
f:\program files\LimeWire\lib\dnsjava.jar
f:\program files\LimeWire\lib\forms.jar
f:\program files\LimeWire\lib\foxtrot.jar
f:\program files\LimeWire\lib\guice-1.0.jar
f:\program files\LimeWire\lib\hsqldb.jar
f:\program files\LimeWire\lib\httpclient-4.0-alpha5-20080522.192134-5.jar
f:\program files\LimeWire\lib\httpcore-4.0-beta2-20080510.140437-10.jar
f:\program files\LimeWire\lib\httpcore-nio-4.0-beta2-20080510.140437-10.jar
f:\program files\LimeWire\lib\looks.jar
f:\program files\LimeWire\lib\ProgressTabs.jar
f:\program files\LimeWire\lib\swt.jar
f:\program files\LimeWire\lib\themes.jar
f:\program files\LimeWire\lib\tray.dll
f:\program files\uTorrent
f:\program files\uTorrent\uTorrent.exe
f:\windows\Internet Logs\xDB13.tmp
f:\windows\Internet Logs\xDB14.tmp
f:\windows\Internet Logs\xDB15.tmp
f:\windows\Internet Logs\xDB16.tmp
f:\windows\Internet Logs\xDB17.tmp
f:\windows\Nnejexugu.bin
f:\windows\Tdoyuju.dat

.
((((((((((((((((((((((((( Files Created from 2009-12-05 to 2010-01-05 )))))))))))))))))))))))))))))))
.

2009-12-29 12:13 . 2010-01-04 12:12 -------- d-----w- F:\$AVG8.VAULT$
2009-12-28 09:01 . 2009-12-28 09:01 -------- d-----w- f:\program files\iPod
2009-12-28 09:01 . 2009-12-28 09:02 -------- d-----w- f:\program files\iTunes
2009-12-28 08:59 . 2009-12-28 09:00 -------- d-----w- f:\program files\QuickTime
2009-12-26 08:18 . 2009-12-26 08:18 -------- d-----w- f:\documents and settings\Ronnie\Application Data\Malwarebytes
2009-12-26 08:18 . 2009-12-04 00:14 38224 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys
2009-12-26 08:18 . 2009-12-26 08:18 -------- d-----w- f:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-26 08:18 . 2009-12-26 08:18 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware
2009-12-26 08:18 . 2009-12-04 00:13 19160 ----a-w- f:\windows\system32\drivers\mbam.sys
2009-12-24 08:56 . 2009-12-24 08:56 -------- d-----w- f:\documents and settings\Ronnie\Local Settings\Application Data\{32CC61F0-795B-44DC-BEA2-E43F6523AE56}
2009-12-23 22:23 . 2009-12-23 22:23 -------- d-----w- f:\program files\Trend Micro
2009-12-17 08:50 . 2009-12-17 08:50 664 ----a-w- f:\windows\system32\d3d9caps.dat
2009-12-17 05:30 . 2009-12-17 05:30 -------- d-sh--w- f:\windows\system32\config\systemprofile\IETldCache
2009-12-17 00:35 . 2009-12-17 00:35 -------- d-----w- f:\program files\DIFX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 06:46 . 2009-11-25 08:38 900912 ----a-w- f:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-28 09:01 . 2008-02-22 06:08 -------- d-----w- f:\program files\Common Files\Apple
2009-12-27 08:34 . 2006-03-19 18:25 -------- d-----w- f:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-26 08:55 . 2006-04-08 21:03 -------- d-----w- f:\program files\Java
2009-12-26 08:50 . 2008-12-16 02:45 411368 ----a-w- f:\windows\system32\deploytk.dll
2009-12-24 02:39 . 2006-03-19 18:25 -------- d-----w- f:\program files\Spybot - Search & Destroy
2009-12-19 06:13 . 2006-10-31 01:36 -------- d-----w- f:\program files\World of Warcraft
2009-12-17 22:18 . 2008-05-14 03:51 -------- d-----w- f:\documents and settings\All Users\Application Data\avg8
2009-12-17 21:21 . 2007-08-18 22:04 -------- d-----w- f:\documents and settings\Ronnie\Application Data\U3
2009-12-17 08:23 . 2006-03-18 19:37 -------- d--h--w- f:\program files\InstallShield Installation Information
2009-12-15 06:55 . 2009-12-15 06:55 20 ----a-w- f:\windows\system32\config\systemprofile\Application Data\fvgqad.dat
2009-12-08 07:33 . 2009-11-04 21:09 -------- d-----w- f:\program files\World of Warcraft Public Test
2009-12-03 07:25 . 2006-03-18 19:44 -------- d-----w- f:\program files\NVIDIA Corporation
2009-12-03 07:12 . 2008-11-12 00:05 -------- d-----w- f:\documents and settings\All Users\Application Data\Logitech
2009-12-03 07:12 . 2006-05-29 00:09 -------- d-----w- f:\program files\Logitech
2009-11-21 04:32 . 2009-11-21 04:32 278120 ----a-w- f:\windows\system32\nvmccs.dll
2009-11-21 04:32 . 2009-11-21 04:32 154216 ----a-w- f:\windows\system32\nvsvc32.exe
2009-11-21 04:32 . 2009-11-21 04:32 145000 ----a-w- f:\windows\system32\nvcolor.exe
2009-11-21 04:32 . 2009-11-21 04:32 12669544 ----a-w- f:\windows\system32\nvcpl.dll
2009-11-21 04:32 . 2009-11-21 04:32 110184 ----a-w- f:\windows\system32\nvmctray.dll
2009-11-21 04:32 . 2009-11-21 04:32 81920 ----a-w- f:\windows\system32\nvwddi.dll
2009-11-20 05:42 . 2006-03-18 19:34 592488 ----a-w- f:\windows\system32\NVUNINST.EXE
2009-10-29 07:45 . 2004-01-08 23:23 916480 ------w- f:\windows\system32\wininet.dll
2009-10-21 05:38 . 2006-03-19 08:20 75776 ----a-w- f:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2006-03-19 08:20 25088 ----a-w- f:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-03-19 08:20 265728 ------w- f:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2001-08-23 12:00 270336 ----a-w- f:\windows\system32\oakley.dll
2009-10-12 13:38 . 2001-08-23 12:00 149504 ----a-w- f:\windows\system32\rastls.dll
2009-10-12 13:38 . 2001-08-23 12:00 79872 ----a-w- f:\windows\system32\raschap.dll
2007-09-27 06:19 . 2007-09-27 06:19 409112 ----a-w- f:\program files\processscanner.exe
2006-09-17 02:53 . 2006-09-17 02:53 24640 ----a-w- f:\program files\Common Files\security
2006-10-02 03:02 . 2006-10-02 03:02 952 --sha-w- f:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="f:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="f:\windows\System32\nvraidservice.exe" [2005-01-17 84480]
"NVIDIA nTune"="f:\program files\NVIDIA Corporation\nTune\\nTune.exe" [2004-12-06 532480]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Launch Ai Booster"="f:\program files\ASUS\Ai Booster\OverClk.exe" [2005-06-16 3627520]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"SetDefPrt"="f:\program files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"PaperPort PTD"="f:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"NeroFilterCheck"="f:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"IndexSearch"="f:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"AVG8_TRAY"="f:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-17 2043160]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 69632]
"ZoneAlarm Client"="f:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"Launch LgDeviceAgent"="f:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-14 357384]
"Launch LCDMon"="f:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-08-14 1573384]
"Launch LGDCore"="f:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-14 3161608]
"NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2009-11-21 12669544]
"NvMediaCenter"="f:\windows\system32\NvMcTray.dll" [2009-11-21 110184]
"SunJavaUpdateSched"="f:\program files\Java\jre6\bin\jusched.exe" [2009-12-26 149280]
"QuickTime Task"="f:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]

f:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - f:\program files\Logitech\SetPoint\SetPoint.exe [2006-5-28 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-24 15:52 11952 ----a-w- f:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-11-08 00:41 72208 ----a-w- f:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=f:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=f:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 09:12 483328 ----a-w- f:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 07:08 417792 ----a-w- f:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
2008-12-29 08:30 2732032 ----a-w- f:\program files\RivaTuner v2.22\RivaTuner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2008-12-09 10:12 234856 ----a-w- f:\program files\TomTom HOME 2\HOMERunner.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=f:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DAEMON Tools"="f:\program files\DAEMON Tools\daemon.exe" -lang 1033
"ElbyCheckAnyDVD"="f:\program files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
"ControlCenter2.0"=f:\program files\Brother\ControlCenter2\brctrcen.exe /autorun
"SSBkgdUpdate"="f:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"f:\\Program Files\\Skype\\Phone\\Skype.exe"=
"f:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"f:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\Curse\\CurseClient.exe"=
"f:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"f:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"f:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"f:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"f:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"f:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"6016:TCP"= 6016:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"2960:TCP"= 2960:TCP:Services
"3991:TCP"= 3991:TCP:Services

R0 sptd;sptd;f:\windows\system32\drivers\sptd.sys [3/19/2006 12:06 PM 642560]
R1 AvgLdx86;AVG AVI Loader Driver x86;f:\windows\system32\drivers\avgldx86.sys [5/13/2008 7:51 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;f:\windows\system32\drivers\avgtdix.sys [5/13/2008 7:51 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;f:\progra~1\AVG\AVG8\avgemc.exe [7/3/2008 1:54 PM 908056]
R2 avg8wd;AVG8 WatchDog;f:\progra~1\AVG\AVG8\avgwdsvc.exe [7/3/2008 1:54 PM 297752]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;f:\windows\system32\drivers\LGBusEnum.sys [7/14/2009 3:35 PM 19720]
S2 nvTUNEP;nVidia WDM TVTuner;f:\windows\system32\DRIVERS\nvtunep.sys --> f:\windows\system32\DRIVERS\nvtunep.sys [?]
S2 nvtvSND;nVidia WDM TVAudio Crossbar;f:\windows\system32\DRIVERS\nvtvsnd.sys --> f:\windows\system32\DRIVERS\nvtvsnd.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;f:\windows\system32\drivers\mbamswissarmy.sys [12/26/2009 12:18 AM 38224]
S3 Mo3Fltr;MMO Mouse;f:\windows\system32\drivers\Mo3Fltr.sys --> f:\windows\system32\drivers\Mo3Fltr.sys [?]
S3 QCEmerald;Logitech QuickCam Web;f:\windows\system32\drivers\OVCE.sys [6/18/2006 1:44 PM 31872]
.
Contents of the 'Scheduled Tasks' folder

2010-01-01 f:\windows\Tasks\AppleSoftwareUpdate.job
- f:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mytelus.com/home_page.html
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - f:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - f:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Convert link target to Adobe PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - f:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://f:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://f:\program files\ieSpell\wikipedia.HTM
DPF: Justin.tv Publisher - hxxp://www.justin.tv/plugins/justintv_publisher.CAB
FF - ProfilePath - f:\documents and settings\Ronnie\Application Data\Mozilla\Firefox\Profiles\52ywx40x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.mytelus.com/home_page.html
FF - component: f:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: f:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
FF - plugin: f:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - f:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {32CC61F0-795B-44DC-BEA2-E43F6523AE56} - f:\documents and settings\Ronnie\Local Settings\Application Data\{32CC61F0-795B-44DC-BEA2-E43F6523AE56}\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
.
- - - - ORPHANS REMOVED - - - -

AddRemove-uTorrent - f:\program files\uTorrent\uTorrent.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-04 22:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe >>UNKNOWN [0x8B0BD940]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0x8b0bd940
\Driver\ACPI -> ACPI.sys @ 0xb7e97cb8
\Driver\atapi -> atapi.sys @ 0xb7e19b40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
Warning: possible MBR rootkit infection !
user & kernel MBR OK
copy of MBR has been found in sector 0x01D1C06C0
malicious code @ sector 0x01D1C06C3 !
PE file found in sector at 0x01D1C06D9 !

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(816)
f:\program files\common files\logitech\bluetooth\LBTWlgn.dll
f:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(2556)
f:\windows\system32\WININET.dll
f:\program files\Logitech\SetPoint\lgscroll.dll
f:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
f:\windows\system32\ieframe.dll
f:\windows\system32\webcheck.dll
f:\windows\system32\WPDShServiceObj.dll
f:\windows\system32\PortableDeviceTypes.dll
f:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
f:\windows\system32\nvsvc32.exe
f:\windows\system32\brss01a.exe
f:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
f:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
f:\program files\Bonjour\mDNSResponder.exe
f:\windows\system32\Brmfrmps.exe
f:\program files\Java\jre6\bin\jqs.exe
f:\progra~1\AVG\AVG8\avgrsx.exe
f:\progra~1\AVG\AVG8\avgnsx.exe
f:\program files\AVG\AVG8\avgcsrvx.exe
f:\windows\system32\rundll32.exe
f:\windows\SOUNDMAN.EXE
f:\windows\system32\RUNDLL32.EXE
f:\program files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
f:\program files\Logitech\GamePanel Software\Applets\LCDMedia.exe
f:\program files\Logitech\GamePanel Software\Applets\LCDClock.exe
f:\program files\Logitech\GamePanel Software\Applets\LCDPop3.exe
f:\program files\Logitech\GamePanel Software\Applets\LCDRSS.exe
f:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
f:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-01-04 23:05:22 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-05 07:05

Pre-Run: 132,207,202,304 bytes free
Post-Run: 132,192,792,576 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 20478921098DB4804B4C443787B572B8





Logfile of random's system information tool 1.06 (written by random/random)
Run by Ronnie at 2010-01-04 23:06:54
Microsoft Windows XP Professional Service Pack 3
System drive F: has 126 GB (53%) free of 238 GB
Total RAM: 3071 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:26 PM, on 1/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\brss01a.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\WINDOWS\system32\Brmfrmps.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\WINDOWS\System32\svchost.exe
F:\PROGRA~1\AVG\AVG8\avgemc.exe
F:\PROGRA~1\AVG\AVG8\avgrsx.exe
F:\PROGRA~1\AVG\AVG8\avgnsx.exe
F:\Program Files\AVG\AVG8\avgcsrvx.exe
F:\WINDOWS\System32\nvraidservice.exe
F:\WINDOWS\system32\rundll32.exe
F:\Program Files\ASUS\Ai Booster\OverClk.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
F:\PROGRA~1\AVG\AVG8\avgtray.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
F:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
F:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\Java\jre6\bin\jusched.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Windows Media Player\WMPNSCFG.exe
F:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
F:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
F:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
F:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
F:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
F:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
F:\Program Files\iPod\bin\iPodService.exe
F:\WINDOWS\explorer.exe
F:\Documents and Settings\Ronnie\Desktop\RSIT.exe
F:\Program Files\Trend Micro\HijackThis\Ronnie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytelus.com/home_page.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NVRaidService] F:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "F:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Launch Ai Booster] "F:\Program Files\ASUS\Ai Booster\OverClk.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SetDefPrt] "F:\Program Files\Brother\Brmfl04a\BrStDvPt.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "F:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [IndexSearch] "F:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Launch LgDeviceAgent] "F:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "F:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "F:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [WMPNSCFG] F:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &ieSpell Options - res://F:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://F:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Convert link target to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://F:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://F:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - F:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - F:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - F:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - F:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Justin.tv Publisher - http://www.justin.tv/plugins/justintv_publisher.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-24-0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se8300.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2754912650
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0860175015
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by105fd.bay105.hotmail.msn.com/a ... Atchmt.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - F:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - F:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - F:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - F:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - F:\WINDOWS\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - F:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - F:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13427 bytes

======Scheduled tasks folder======

F:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - F:\Program Files\AVG\AVG8\avgssie.dll [2009-12-17 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - F:\Program Files\Java\jre6\bin\ssv.dll [2009-12-26 321312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - F:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-26 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-26 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"=F:\WINDOWS\System32\nvraidservice.exe [2005-01-16 84480]
"NVIDIA nTune"=F:\Program Files\NVIDIA Corporation\nTune\\nTune.exe [2004-12-06 532480]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Launch Ai Booster"=F:\Program Files\ASUS\Ai Booster\OverClk.exe [2005-06-16 3627520]
"SoundMan"=F:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]
"SetDefPrt"=F:\Program Files\Brother\Brmfl04a\BrStDvPt.exe [2004-05-25 49152]
"PaperPort PTD"=F:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2004-04-14 57393]
"NeroFilterCheck"=F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"IndexSearch"=F:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2004-04-14 40960]
"AVG8_TRAY"=F:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-12-17 2043160]
"Logitech Hardware Abstraction Layer"=F:\WINDOWS\KHALMNPR.EXE [2008-10-10 69632]
"Kernel and Hardware Abstraction Layer"=F:\WINDOWS\KHALMNPR.EXE [2008-10-10 69632]
"ZoneAlarm Client"=F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-15 981384]
"Launch LgDeviceAgent"=F:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [2009-08-13 357384]
"Launch LCDMon"=F:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2009-08-13 1573384]
"Launch LGDCore"=F:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [2009-08-13 3161608]
"NvCplDaemon"=F:\WINDOWS\system32\NvCpl.dll [2009-11-20 12669544]
"NvMediaCenter"=F:\WINDOWS\system32\NvMcTray.dll [2009-11-20 110184]
"SunJavaUpdateSched"=F:\Program Files\Java\jre6\bin\jusched.exe [2009-12-26 149280]
"QuickTime Task"=F:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"iTunesHelper"=F:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=F:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
F:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
F:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
F:\Program Files\RivaTuner v2.22\RivaTuner.exe [2008-12-29 2732032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
F:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-12-09 234856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
F:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-04-02 25214]

F:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - F:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
F:\WINDOWS\system32\avgrsstx.dll [2009-08-24 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
f:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2008-11-07 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
F:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="F:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"F:\Program Files\Skype\Phone\Skype.exe"="F:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"F:\Program Files\AVG\AVG8\avgupd.exe"="F:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"F:\Program Files\AVG\AVG8\avgemc.exe"="F:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\Program Files\Curse\CurseClient.exe"="F:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client"
"F:\Program Files\Windows Live\Messenger\wlcsdk.exe"="F:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"F:\Program Files\Windows Live\Messenger\msnmsgr.exe"="F:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"F:\Program Files\AVG\AVG8\avgnsx.exe"="F:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"F:\Program Files\Ventrilo\Ventrilo.exe"="F:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"F:\Program Files\Bonjour\mDNSResponder.exe"="F:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"F:\Program Files\iTunes\iTunes.exe"="F:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\Program Files\Windows Live\Messenger\wlcsdk.exe"="F:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"F:\Program Files\Windows Live\Messenger\msnmsgr.exe"="F:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======File associations======

.scr - open - "F:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-01-04 23:06:54 ----D---- F:\rsit
2010-01-04 23:05:50 ----SHD---- F:\RECYCLER
2010-01-04 01:21:31 ----A---- F:\Boot.bak
2010-01-04 01:21:24 ----RASHD---- F:\cmdcons
2010-01-03 21:14:29 ----D---- F:\Qoobox
2009-12-29 04:13:38 ----D---- F:\$AVG8.VAULT$
2009-12-28 13:41:37 ----A---- F:\WINDOWS\MBR.exe
2009-12-28 13:41:36 ----A---- F:\WINDOWS\zip.exe
2009-12-28 13:41:36 ----A---- F:\WINDOWS\SWXCACLS.exe
2009-12-28 13:41:36 ----A---- F:\WINDOWS\SWSC.exe
2009-12-28 13:41:36 ----A---- F:\WINDOWS\SWREG.exe
2009-12-28 13:41:36 ----A---- F:\WINDOWS\sed.exe
2009-12-28 13:41:36 ----A---- F:\WINDOWS\PEV.exe
2009-12-28 13:41:36 ----A---- F:\WINDOWS\grep.exe
2009-12-28 01:01:39 ----D---- F:\Program Files\iPod
2009-12-28 01:01:36 ----D---- F:\Program Files\iTunes
2009-12-28 00:59:51 ----D---- F:\Program Files\QuickTime
2009-12-26 00:18:29 ----D---- F:\Documents and Settings\Ronnie\Application Data\Malwarebytes
2009-12-26 00:18:20 ----D---- F:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-12-26 00:18:18 ----D---- F:\Program Files\Malwarebytes' Anti-Malware
2009-12-24 16:51:56 ----A---- F:\WINDOWS\system32\tmp.txt
2009-12-24 12:49:24 ----A---- F:\WINDOWS\wininit.ini
2009-12-23 14:23:54 ----D---- F:\Program Files\Trend Micro
2009-12-16 16:35:51 ----D---- F:\Program Files\DIFX
2009-12-09 03:05:10 ----HDC---- F:\WINDOWS\$NtUninstallKB970430$
2009-12-09 03:04:52 ----HDC---- F:\WINDOWS\$NtUninstallKB974318$
2009-12-09 03:03:59 ----HDC---- F:\WINDOWS\$NtUninstallKB973904$
2009-12-09 03:03:54 ----HDC---- F:\WINDOWS\$NtUninstallKB974392$
2009-12-09 03:03:46 ----HDC---- F:\WINDOWS\$NtUninstallKB971737$

======List of files/folders modified in the last 1 months======

2010-01-04 23:05:25 ----D---- F:\WINDOWS\TEMP
2010-01-04 23:05:25 ----D---- F:\WINDOWS\system32\drivers
2010-01-04 23:04:03 ----D---- F:\WINDOWS\system32\CatRoot2
2010-01-04 22:55:54 ----D---- F:\WINDOWS\Internet Logs
2010-01-04 22:53:04 ----D---- F:\WINDOWS\Prefetch
2010-01-04 22:52:17 ----D---- F:\WINDOWS
2010-01-04 22:52:17 ----A---- F:\WINDOWS\system.ini
2010-01-04 22:45:44 ----D---- F:\Program Files
2010-01-04 22:43:22 ----D---- F:\WINDOWS\system32
2010-01-04 22:43:22 ----D---- F:\WINDOWS\AppPatch
2010-01-04 22:43:21 ----D---- F:\Program Files\Common Files
2010-01-04 22:36:32 ----A---- F:\WINDOWS\SchedLgU.Txt
2010-01-04 22:27:34 ----D---- F:\Program Files\Mozilla Firefox
2010-01-04 01:32:06 ----SD---- F:\WINDOWS\Tasks
2010-01-04 01:21:31 ----RASH---- F:\boot.ini
2009-12-28 15:00:15 ----D---- F:\WINDOWS\network diagnostic
2009-12-28 14:56:05 ----D---- F:\Documents and Settings
2009-12-28 14:20:35 ----D---- F:\WINDOWS\erdnt
2009-12-28 14:03:58 ----D---- F:\WINDOWS\system32\config
2009-12-28 01:05:08 ----SHD---- F:\WINDOWS\Installer
2009-12-28 01:01:38 ----D---- F:\Program Files\Common Files\Apple
2009-12-28 00:58:15 ----D---- F:\WINDOWS\WinSxS
2009-12-27 00:34:29 ----D---- F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-26 00:55:40 ----D---- F:\Program Files\Java
2009-12-26 00:50:35 ----A---- F:\WINDOWS\system32\javaws.exe
2009-12-26 00:50:35 ----A---- F:\WINDOWS\system32\javaw.exe
2009-12-26 00:50:35 ----A---- F:\WINDOWS\system32\java.exe
2009-12-26 00:50:35 ----A---- F:\WINDOWS\system32\deploytk.dll
2009-12-26 00:03:52 ----A---- F:\WINDOWS\win.ini
2009-12-25 23:50:12 ----D---- F:\WINDOWS\pss
2009-12-24 00:45:36 ----A---- F:\WINDOWS\ntbtlog.txt
2009-12-23 19:13:54 ----D---- F:\WINDOWS\Minidump
2009-12-23 18:39:25 ----D---- F:\Program Files\Spybot - Search & Destroy
2009-12-18 22:13:35 ----D---- F:\Program Files\World of Warcraft
2009-12-17 14:18:59 ----D---- F:\Documents and Settings\All Users\Application Data\avg8
2009-12-17 13:21:10 ----D---- F:\Documents and Settings\Ronnie\Application Data\U3
2009-12-17 13:15:20 ----D---- F:\WINDOWS\system32\Macromed
2009-12-17 12:54:36 ----D---- F:\WINDOWS\Registration
2009-12-17 00:46:46 ----SHD---- F:\WINDOWS\CSC
2009-12-17 00:23:14 ----HD---- F:\Program Files\InstallShield Installation Information
2009-12-16 23:51:34 ----DC---- F:\WINDOWS\system32\DRVSTORE
2009-12-16 23:12:51 ----HD---- F:\WINDOWS\inf
2009-12-14 22:56:26 ----RSHDC---- F:\WINDOWS\system32\dllcache
2009-12-14 22:56:20 ----D---- F:\Program Files\Internet Explorer
2009-12-09 03:26:21 ----A---- F:\WINDOWS\system32\PerfStringBackup.INI
2009-12-09 03:04:54 ----A---- F:\WINDOWS\imsins.BAK
2009-12-09 03:04:13 ----D---- F:\WINDOWS\ie8updates
2009-12-09 03:04:03 ----HD---- F:\WINDOWS\$hf_mig$
2009-12-07 23:33:54 ----D---- F:\Program Files\World of Warcraft Public Test

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; F:\WINDOWS\System32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 AsIO;AsIO; F:\WINDOWS\system32\drivers\AsIO.sys [2004-10-14 4962]
R1 aslm75;aslm75; \??\F:\WINDOWS\system32\drivers\aslm75.sys []
R1 AvgLdx86;AVG AVI Loader Driver x86; F:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-24 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; F:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-24 27784]
R1 AvgTdiX;AVG8 Network Redirector; F:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-18 108552]
R1 kbdhid;Keyboard HID Driver; F:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 vsdatant;vsdatant; F:\WINDOWS\System32\vsdatant.sys [2009-02-15 353672]
R2 ElbyCDIO;ElbyCDIO Driver; F:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); F:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 AnyDVD;AnyDVD; F:\WINDOWS\System32\Drivers\AnyDVD.sys [2003-09-29 22912]
R3 Arp1394;1394 ARP Client Protocol; F:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BlueletAudio;Bluetooth Audio Service; F:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2004-10-19 20096]
R3 Btcsrusb;Bluetooth USB For Bluetooth Service; F:\WINDOWS\System32\Drivers\btcusb.sys [2005-01-17 23000]
R3 BTHidEnum;Bluetooth HID Enumerator; F:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-01-13 12500]
R3 catchme;catchme; \??\F:\ComboFix\catchme.sys []
R3 dtscsi;dtscsi; F:\WINDOWS\System32\Drivers\dtscsi.sys [2006-03-19 223128]
R3 ElbyDelay;ElbyDelay; F:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; F:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HidUsb;Microsoft HID Class Driver; F:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver; F:\WINDOWS\system32\drivers\LGBusEnum.sys [2009-07-14 19720]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; F:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-09-26 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; F:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-09-26 37392]
R3 mouhid;Mouse HID Driver; F:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; F:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; F:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 NIC1394;1394 Net Driver; F:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; F:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2009-11-20 10235968]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; F:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; F:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 pfc;Padus ASPI Shell; F:\WINDOWS\system32\drivers\pfc.sys [2006-03-29 9856]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; F:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888]
R3 usbccgp;Microsoft USB Generic Parent Driver; F:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; F:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; F:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; F:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB Mass Storage Driver; F:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 VComm;Virtual Serial port driver; F:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; F:\WINDOWS\System32\Drivers\VcommMgr.sys [2004-11-05 82148]
R3 VHidMinidrv;Bluetooth HID Device Service; F:\WINDOWS\system32\drivers\VHIDMini.sys [2004-09-22 12504]
R3 Wdf01000;Wdf01000; F:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 lusbaudio;Logitech USB Microphone; F:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 25216]
S1 nvport;NVIDIA PORT IO Control Driver; \??\F:\WINDOWS\system32\Drivers\nvport.sys []
S2 nvcap;nVidia WDM Video Capture (universal); F:\WINDOWS\system32\DRIVERS\nvcap.sys [2005-04-14 141582]
S2 nvTUNEP;nVidia WDM TVTuner; F:\WINDOWS\system32\DRIVERS\nvtunep.sys []
S2 nvtvSND;nVidia WDM TVAudio Crossbar; F:\WINDOWS\system32\DRIVERS\nvtvsnd.sys []
S2 NVXBAR;nVidia WDM A/V Crossbar; F:\WINDOWS\system32\DRIVERS\NVxbar.sys [2005-04-14 16496]
S2 tmcomm;tmcomm; \??\F:\WINDOWS\system32\drivers\tmcomm.sys []
S3 BrScnUsb;Brother USB Still Image driver; F:\WINDOWS\System32\Drivers\BrScnUsb.sys [2003-12-19 15263]
S3 BT;Bluetooth PAN Network Adapter; F:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2004-09-21 10804]
S3 BthEnum;Bluetooth Enumerator Service; F:\WINDOWS\System32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); F:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; F:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; F:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 BTNetFilter;Bluetooth Network Filter; \??\F:\WINDOWS\system32\drivers\BTNetFilter.sys []
S3 CCDECODE;Closed Caption Decoder; F:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; F:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-09-26 20240]
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; F:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2006-03-28 55808]
S3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; F:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2006-03-28 27008]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; F:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2006-03-28 69760]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\F:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mbr;mbr; \??\F:\DOCUME~1\Ronnie\LOCALS~1\Temp\mbr.sys []
S3 Mo3Fltr;MMO Mouse; F:\WINDOWS\system32\drivers\Mo3Fltr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; F:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 n558;N558 Bluetooth USB Filter Driver; F:\WINDOWS\System32\Drivers\n558.sys [2007-08-15 9600]
S3 NABTSFEC;NABTS/FEC VBI Codec; F:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; F:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; F:\WINDOWS\system32\drivers\nvax.sys [2005-07-26 53376]
S3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; F:\WINDOWS\system32\drivers\nvapu.sys [2005-07-26 415360]
S3 P2k;Motorola USB Device; F:\WINDOWS\system32\DRIVERS\P2k.sys [2005-01-09 16032]
S3 Point32;Microsoft IntelliPoint Filter Driver; F:\WINDOWS\system32\DRIVERS\point32.sys [2005-03-15 20352]
S3 QCEmerald;Logitech QuickCam Web; F:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 31872]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); F:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 RivaTuner32;RivaTuner32; \??\F:\Program Files\RivaTuner v2.22\RivaTuner32.sys []
S3 se59bus;Sony Ericsson Device 089 driver (WDM); F:\WINDOWS\system32\DRIVERS\se59bus.sys [2006-09-05 61536]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter; F:\WINDOWS\system32\DRIVERS\se59mdfl.sys [2006-09-05 9360]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver; F:\WINDOWS\system32\DRIVERS\se59mdm.sys [2006-09-05 97088]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM); F:\WINDOWS\system32\DRIVERS\se59mgmt.sys [2006-09-05 88624]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS); F:\WINDOWS\system32\DRIVERS\se59nd5.sys [2006-09-05 18704]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface; F:\WINDOWS\system32\DRIVERS\se59obex.sys [2006-09-05 86432]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM); F:\WINDOWS\system32\DRIVERS\se59unic.sys [2006-09-05 90800]
S3 SLIP;BDA Slip De-Framer; F:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; F:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; F:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 usbaudio;USB Audio Driver (WDM); F:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Microsoft USB PRINTER Class; F:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; F:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;Motorola USB Modem Driver; F:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 WSTCODEC;World Standard Teletext Codec; F:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; F:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; F:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; F:\WINDOWS\System32\DRIVERS\yk51x86.sys [2007-12-06 285952]
S4 IntelIde;IntelIde; F:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 avg8emc;AVG Free8 E-mail Scanner; F:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-24 908056]
R2 avg8wd;AVG8 WatchDog; F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-24 297752]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; F:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2005-01-27 106496]
R2 Bonjour Service;Bonjour Service; F:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 brmfrmps;Brother Popup Suspend service for Resource manager; F:\WINDOWS\system32\Brmfrmps.exe [2003-05-05 65536]
R2 BthServ;Bluetooth Support Service; F:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; F:\Program Files\Java\jre6\bin\jqs.exe [2009-12-26 153376]
R2 NVSvc;NVIDIA Display Driver Service; F:\WINDOWS\system32\nvsvc32.exe [2009-11-20 154216]
R2 vsmon;TrueVector Internet Monitor; F:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-15 2402184]
R3 iPod Service;iPod Service; F:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S2 Brother XP spl Service;BrSplService; F:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344]
S2 WMPNetworkSvc;Windows Media Player Network Sharing Service; F:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 Adobe LM Service;Adobe LM Service; F:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-09-19 69632]
S3 aspnet_state;ASP.NET State Service; F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; F:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2007-11-26 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; f:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; F:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; F:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2008-11-07 121360]
S3 NBService;NBService; F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-10-09 724992]
S3 ose;Office Source Engine; F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; F:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; F:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------




info.txt logfile of random's system information tool 1.06 2010-01-04 23:07:27

======Uninstall list======

-->F:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->F:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->F:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->F:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->F:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->F:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->F:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
-->MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 F:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->F:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Shockwave Player 11-->F:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE F:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Ai Booster-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{74BF0A46-DF67-4D86-B038-BF0E51871B66}\Setup.exe" -l0x9
AnyDVD-->"F:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="F:\Program Files\SlySoft\AnyDVD"
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASUS Probe V2.24.10-->F:\WINDOWS\uninst.exe -f"F:\Program Files\ASUS\Asus Probe\DeIsL2.isu" -c"F:\Program Files\ASUS\Asus Probe\probunis.dll"
ASUSUpdate-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\Setup.exe" -l0x9
Athlon 64 Processor Driver-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
AutoCAD 2008 - English-->F:\Program Files\AutoCAD 2008\Setup\Setup.exe /P {5783F2D7-6001-0409-0002-0060B0CE6BBA} /M ACAD
Autodesk DWF Viewer 7-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
AVG 8.5-->F:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BlueSoleil-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\setup.exe" -l0x9
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Brother MFL-Pro Suite-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{40A6C96D-808E-41DD-8716-617AB6B0F1F1}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll
Canon EOS 10D WIA Driver-->F:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{095659A2-739F-4D9A-A916-66C7CAD16F9E}
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
CDex extraction audio-->"F:\Program Files\CDex_150\uninstall.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Comic Life-->MsiExec.exe /X{6A1F0A1A-474C-4151-8534-5F61832D88CD}
Command & Conquer The First Decade-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}\setup.exe" -l0x9 -removeonly
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Cool & Quiet-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}\Setup.exe" -l0x9
Critical Update for Windows Media Player 11 (KB959772)-->"F:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Curse Client-->F:\Program Files\Curse\uninstall.exe
Disc2Phone-->MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
DivX Converter-->F:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->F:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->F:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only)-->"F:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"F:\Program Files\DVD Shrink\unins000.exe"
FLVPlayer4Free Free FLV Player 3.1.0.0-->"F:\Program Files\FLVPlayer4Free\unins000.exe"
GA-Virtual City-->F:\WINDOWS\UnSc9286.exe "F:\Program Files\GA-Virtual City\Unscr.log"
Google Earth-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Hijackthis 1.99.1-->"F:\Program Files\Hijackthis\unins000.exe"
HijackThis 2.0.2-->"F:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->F:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->F:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->F:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"F:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"F:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"F:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"F:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"F:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"F:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"F:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"F:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
ieSpell-->"F:\Program Files\ieSpell\uninst.exe"
iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Kaspersky Online Scanner-->F:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Logitech GamePanel Software 3.03.133-->MsiExec.exe /X{6CC95B76-D380-46B2-9022-9353938E48BA}
Logitech SetPoint-->"F:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x0009 -removeonly
Malwarebytes' Anti-Malware-->"F:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"F:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "F:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->F:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"F:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"F:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"F:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"F:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"F:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"F:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mobile PhoneTools-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{F18E8A0F-BE99-4305-96A5-6C0FD9D7D999}\setup.exe" -l0x9
Mozilla Firefox (3.5.6)-->F:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MSXML4SP2-->MsiExec.exe /I{451BB54C-8B23-4455-8BDC-14FC7D43E056}
Nero 7 Ultra Edition-->MsiExec.exe /I{F14B8ECC-BDA0-4987-9201-D7B7DBE11033}
NVIDIA Drivers-->F:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nTune-->F:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
NVIDIA nView Desktop Manager-->F:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
NVIDIA WDM Drivers-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}\Setup.exe"
Panda ActiveScan-->F:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PaperPort-->MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
PowerDVD-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Realtek AC'97 Audio-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RivaTuner v2.22-->"F:\Program Files\RivaTuner v2.22\uninstall.exe"
Safari-->MsiExec.exe /I{0AFC9710-5DD6-4C6A-BA52-91AE992B2C9D}
Satellite Antenna Alignment v2.37.2-->"F:\Program Files\AL-Software\Satellite Antenna Alignment\unins000.exe"
Sci-Fi Fighters-->F:\WINDOWS\UnSc9974.exe "F:\Program Files\Sci-Fi Fighters\Unscr.log"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB937143)-->"F:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"F:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"F:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"F:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"F:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"F:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"F:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"F:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"F:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"F:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"F:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"F:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"F:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"F:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"F:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"F:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"F:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"F:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"F:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"F:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"F:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"F:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"F:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"F:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"F:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"F:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"F:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"F:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"F:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"F:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"F:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"F:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"F:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"F:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"F:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"F:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"F:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"F:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"F:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"F:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"F:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"F:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"F:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"F:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"F:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"F:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"F:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"F:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"F:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"F:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"F:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"F:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"F:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"F:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"F:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"F:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"F:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"F:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"F:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"F:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"F:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"F:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"F:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"F:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"F:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"F:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"F:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"F:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"F:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"F:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"F:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"F:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"F:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"F:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"F:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"F:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"F:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"F:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"F:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"F:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"F:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"F:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"F:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"F:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"F:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"F:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"F:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sid Meier's Civilization 4-->RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SnappySoft-->F:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F07DDF60-12BA-433C-BD70-013C7E22DB86}
Soap 3.0 Toolkit-->MsiExec.exe /I{2C464EC1-2B0C-4490-9CAC-D4562DD8377A}
Spybot - Search & Destroy-->"F:\Program Files\Spybot - Search & Destroy\unins001.exe"
SpywareBlaster 4.1-->"F:\Program Files\SpywareBlaster\unins000.exe"
System Requirements Lab-->F:\Program Files\SystemRequirementsLab\Uninstall.exe
TomTom HOME 2.5.2.60-->F:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
UFile 2007-->MsiExec.exe /X{37D74171-3131-498A-BE5D-7E3DA6AC0DBE}
UFile 2008-->MsiExec.exe /X{2A5C6AD0-F7B3-40A1-B140-23B085B1B8CE}
UFile Updater 2007-->MsiExec.exe /X{BAF0296B-77EA-425B-934E-671B4DBAED6E}
UFile Updater 2008-->MsiExec.exe /X{C9967B5A-6E08-4E79-BFBD-BBB07DB0CA04}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->F:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB971930)-->"F:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"F:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"F:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"F:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"F:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"F:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"F:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"F:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"F:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"F:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"F:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Virtual Earth 3D (Beta)-->MsiExec.exe /I{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}
Winamp (remove only)-->"F:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component-->"F:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"F:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->F:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live OneCare safety scanner-->RunDll32.exe "F:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Connect-->"F:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"F:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"F:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"F:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"F:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"F:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
World of Warcraft-->F:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft Public Test-PTR (2)\Uninstall.exe
XviD 1.1 final uninstall-->"F:\Program Files\XviD\unins000.exe"
ZoneAlarm Spy Blocker-->rundll32 F:\PROGRA~1\ZONEAL~1\bar\1.bin\SpyBlock.dll,O
ZoneAlarm-->F:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

=====HijackThis Backups=====

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) [2010-01-01]
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [2010-01-01]

======Security center information======

AV: AVG Anti-Virus Free
FW: ZoneAlarm Firewall

======System event log======

Computer Name: NISMO
Event Code: 7000
Message: The nVidia WDM A/V Crossbar service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 3683
Source Name: Service Control Manager
Time Written: 20091209032226.000000-480
Event Type: error
User:

Computer Name: NISMO
Event Code: 7000
Message: The nVidia WDM TVAudio Crossbar service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 3682
Source Name: Service Control Manager
Time Written: 20091209032226.000000-480
Event Type: error
User:

Computer Name: NISMO
Event Code: 7000
Message: The nVidia WDM TVTuner service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 3681
Source Name: Service Control Manager
Time Written: 20091209032226.000000-480
Event Type: error
User:

Computer Name: NISMO
Event Code: 7000
Message: The nVidia WDM Video Capture (universal) service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 3680
Source Name: Service Control Manager
Time Written: 20091209032226.000000-480
Event Type: error
User:

Computer Name: NISMO
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 3651
Source Name: W32Time
Time Written: 20091209014118.000000-480
Event Type: warning
User:

=====Application event log=====

Computer Name: NISMO
Event Code: 1
Message:
Record Number: 10164
Source Name: nview_info
Time Written: 20090731002123.000000-420
Event Type: error
User:

Computer Name: NISMO
Event Code: 1
Message:
Record Number: 10163
Source Name: nview_info
Time Written: 20090731002123.000000-420
Event Type: error
User:

Computer Name: NISMO
Event Code: 1
Message:
Record Number: 10162
Source Name: nview_info
Time Written: 20090731002123.000000-420
Event Type: error
User:

Computer Name: NISMO
Event Code: 1
Message:
Record Number: 10161
Source Name: nview_info
Time Written: 20090731002123.000000-420
Event Type: error
User:

Computer Name: NISMO
Event Code: 1
Message:
Record Number: 10160
Source Name: nview_info
Time Written: 20090731002123.000000-420
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;F:\Program Files\Common Files\Ulead Systems\MPEG;F:\Program Files\Ulead Systems\Ulead DVD MovieFactory 3 Suite;F:\Program Files\Zone Labs\ZoneAlarm\MailFrontier;F:\Program Files\Common Files\Teleca Shared;F:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 39 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=2701
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"tvdumpflags"=8
"CLASSPATH"=.;F:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=F:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
ronn79
Active Member
 
Posts: 11
Joined: December 27th, 2009, 5:38 pm

Re: bsod, slow, crash, redirects, virus...

Unread postby km2357 » January 5th, 2010, 3:36 pm

Step # 1: Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Step # 2 Run Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware.
  • Before running a scan, click the Update tab, next click Check for Updates to download any updates, if available.
  • Next click the Scanner tab and select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • You can also access the log by doing the following:
  • Click on the Malwarebytes' Anti-Malware icon to launch the program.
  • Click on the Logs tab.
  • Click on the log at the bottom of those listed to highlight it.
  • Click Open.


Post the MalwareBytes' Log in your next post/reply.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 51 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware