Malwarebytes' Anti-Malware 1.30
Database version: 1310
Windows 6.0.6001 Service Pack 1
10/23/2008 7:46:41 PM
mbam-log-2008-10-23 (19-46-41).txt
Scan type: Full Scan (C:\|)
Objects scanned: 134077
Time elapsed: 1 hour(s), 33 minute(s), 50 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
info.txt logfile of random's system information tool 1.04 2008-10-23 19:51:16
======Uninstall list======
-->C:\Windows\system32\rundll32.exe setupapi,InstallHinfSection Remove_DivX 132
C:\Windows\INF\Tpack.inf
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-
808E-B120F86AF5D7}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32
\Adobe\SHOCKW~1\Install.log
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Brother MFL-Pro Suite-->"C:\Program Files\InstallShield Installation Information\{D83BD5E2-5AF4-
49F6-B5C1-484A9760E73D}\Setup.exe" -runfromtemp -l0x0009 Brunin03.dll -removeonly
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch-->C:\Program Files\InstallShield Installation
Information\{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch-->C:\Program Files\InstallShield Installation
Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch-->C:\Program Files\InstallShield
Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files\InstallShield Installation
Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch-->C:\Program Files\InstallShield Installation
Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation
Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Disney Pirates of the Caribbean Online-->C:\Program Files\Disney\Disney
Online\PiratesOnline\uninst.exe
DivX Total Pack-->C:\Program Files\DivX Total Pack\uninstall.exe
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EVEMon-->C:\Program Files\EVEMon\uninstall.exe
Guild Wars-->"C:\Program Files\Guild Wars\Gw.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Killer Driver-->C:\Program Files\InstallShield Installation Information\{49A141D3-78CF-45EA-93A8
-541E08FDB719}\setup.exe -runfromtemp -l0x0009 -removeonly
Logitech GamePanel Software 2.02-->MsiExec.exe /X{0523EAF4-402C-4435-A0DA-13C40193D811}
Logitech Gaming Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32
\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13AA6556-BA96-
4468-A8B4-1AD4A75AD5A0}\setup.exe" -l0x9 -removeonly
LogMeIn-->MsiExec.exe /I{ED0042CA-CBEA-4ADF-B262-FE0518AF2221}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB929729)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322
\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729
\M929729Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
OpenOffice.org 2.4-->MsiExec.exe /I{2CD2C0DB-81C3-416B-9FA6-589B9235359B}
PaperPort Image Printer-->MsiExec.exe /X{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
Razer Lachesis-->C:\Program Files\InstallShield Installation Information\{CB4532F7-A1BD-46D2-
9938-3E7D4656FB18}\Setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1
\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation
Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
RegCure-->"C:\Windows\RegCure\uninstall.exe" "/U:C:\Program
Files\RegCure\Uninstall\uninstall.xml"
ScanSoft PaperPort 11-->MsiExec.exe /I{B6C89654-A6A2-477C-873B-724EC1C56407}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Sound Schemes-->RunDll32 advpack.dll,LaunchINFSection
C:\Windows\INF\UltSound.inf,Uninstall
WinPcap 4.0 beta 2-->C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinRAR-->"C:\Windows\WinRAR\uninstall.exe" "/U:C:\Program Files\WinRAR\Uninstall\uninstall.xml"
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
======Hosts File======
192.168.254.2 mykillernic
127.0.0.1
www.007guard.com127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1
www.008k.com127.0.0.1 008k.com
127.0.0.1
www.00hq.com127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1
www.032439.com======Security center information======
AV: AVG Anti-Virus Free
AS: AVG Anti-Virus Free (disabled)
AS: Spybot - Search and Destroy (disabled)
AS: Windows Defender
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-
219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
-----------------EOF-----------------
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
Logfile of random's system information tool 1.04 (written by random/random)
Run by Admin at 2008-10-23 19:51:03
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 392 GB (82%) free of 477 GB
Total RAM: 2558 MB (62% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:51:15 PM, on 10/23/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Razer\Lachesis\razerhid.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Razer\Lachesis\OSD.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\EVEMon\EVEMon.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Bigfoot Networks\Killer Driver\KillerTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Razer\Lachesis\razertra.exe
C:\Program Files\Razer\Lachesis\razerofa.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Admin\Desktop\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\Admin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD
Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series
Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0
\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft
Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r
"C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-
Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EVEMon] "C:\Program Files\EVEMon\EVEMon.exe" -startMinimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User
'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
(User 'LOCAL SERVICE')
O4 - Global Startup: Killer Tray Menu.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\bfllr.dll
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop.com/betapit/PCPitStop.CABO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8
\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} -
C:\Windows\System32\DreamScene.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1
\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8
\avgwdsvc.exe
O23 - Service: Killer Port Manager - Unknown owner - C:\Program Files\Bigfoot Networks\Killer
Driver\PortManager.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program
Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies -
C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program
Files\Spybot - Search & Destroy\SDWinSec.exe
--
End of file - 7478 bytes
======Scheduled tasks folder======
C:\Windows\tasks\RegCure Program Check.job
C:\Windows\tasks\RegCure.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-08-28 455960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"Lachesis"=C:\Program Files\Razer\Lachesis\razerhid.exe [2007-09-12 172032]
"Launch LCDMon"=C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2007-12-13
2051096]
"Launch LGDCore"=C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
[2007-12-13 2095640]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-09-30 1234712]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11
39792]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-02-28 63048]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006
-10-25 210472]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2007-01-29 30248]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2007-01-29 46632]
"PPort11reminder"=C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [2007-02-01 255528]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-02-06 622592]
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2006-07-19 65536]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-12-12 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-12-12 8530464]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-12-12 81920]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-09-09 6281760]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22
399504]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-20 1233920]
"EVEMon"=C:\Program Files\EVEMon\EVEMon.exe [2008-03-04 847872]
"Start WingMan Profiler"= []
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Killer Tray Menu.lnk - C:\Program Files\Bigfoot Networks\Killer Driver\KillerTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
[2007-07-19 233888]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\stan
dardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\doma
inprofile\authorizedapplications\list]
======List of files/folders created in the last 1 months======
2008-10-23 19:51:03 ----D---- C:\rsit
2008-10-23 14:00:16 ----D---- C:\Users\Admin\AppData\Roaming\Malwarebytes
2008-10-23 14:00:12 ----D---- C:\ProgramData\Malwarebytes
2008-10-23 14:00:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-19 07:59:13 ----D---- C:\ProgramData\Roblox
2008-10-19 01:11:01 ----D---- C:\Program Files\DivX Total Pack
2008-10-16 19:29:56 ----A---- C:\Windows\system32\javaws.exe
2008-10-16 19:29:56 ----A---- C:\Windows\system32\javaw.exe
2008-10-16 19:29:56 ----A---- C:\Windows\system32\java.exe
2008-10-14 15:24:24 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-10-14 15:24:24 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-10-14 15:24:22 ----A---- C:\Windows\system32\mshtml.dll
2008-10-14 15:24:22 ----A---- C:\Windows\system32\ieframe.dll
2008-10-14 15:24:21 ----A---- C:\Windows\system32\urlmon.dll
2008-10-14 15:24:20 ----A---- C:\Windows\system32\wininet.dll
2008-10-14 15:24:20 ----A---- C:\Windows\system32\mstime.dll
2008-10-14 15:24:20 ----A---- C:\Windows\system32\iertutil.dll
2008-10-14 15:24:19 ----A---- C:\Windows\system32\jsproxy.dll
2008-10-14 12:15:46 ----A---- C:\Windows\system32\WavesLib.dll
2008-10-14 12:15:46 ----A---- C:\Windows\system32\SRSWOW.dll
2008-10-14 12:15:46 ----A---- C:\Windows\system32\SRSTSXT.dll
2008-10-14 12:15:46 ----A---- C:\Windows\system32\SRSTSHD.dll
2008-10-14 12:15:46 ----A---- C:\Windows\system32\SRSHP360.dll
2008-10-14 12:15:46 ----A---- C:\Windows\system32\RtkPgExt.dll
2008-10-14 12:15:46 ----A---- C:\Windows\system32\RtkCoInst.dll
2008-10-14 12:15:46 ----A---- C:\Windows\system32\RtkApoApi.dll
2008-10-14 12:15:46 ----A---- C:\Windows\system32\RtkAPO.dll
2008-10-14 12:15:46 ----A---- C:\Windows\system32\ppChain.dll
2008-10-14 12:15:46 ----A---- C:\Windows\system32\MaxxAudioEQ.dll
2008-10-14 12:15:46 ----A---- C:\Windows\system32\MaxxAudioAPO20.dll
2008-10-14 12:15:46 ----A---- C:\Windows\system32\MaxxAudioAPO.dll
2008-10-14 12:15:46 ----A---- C:\Windows\system32\FMAPO.dll
2008-10-14 12:15:46 ----A---- C:\Windows\system32\DaisyWrp.dll
2008-10-14 12:15:46 ----A---- C:\Windows\system32\ctppld.dll
2008-10-14 12:15:46 ----A---- C:\Windows\system32\CTAPO32.dll
2008-10-14 12:15:46 ----A---- C:\Windows\SkyTel.exe
2008-10-14 12:15:46 ----A---- C:\Windows\RtlUpd.exe
2008-10-14 12:15:46 ----A---- C:\Windows\RtHDVCpl.exe
2008-10-14 12:15:45 ----D---- C:\Program Files\Realtek
2008-10-14 12:15:42 ----A---- C:\Windows\RtlExUpd.dll
2008-10-08 20:47:12 ----A---- C:\Windows\system32\xfcodec.dll
======List of files/folders modified in the last 1 months======
2008-10-23 19:51:15 ----D---- C:\Windows\Temp
2008-10-23 19:51:15 ----D---- C:\Windows\Prefetch
2008-10-23 19:47:01 ----D---- C:\Program Files\Mozilla Firefox
2008-10-23 17:40:28 ----D---- C:\Windows\system32\catroot
2008-10-23 17:40:27 ----D---- C:\Windows\winsxs
2008-10-23 14:00:15 ----D---- C:\Windows\system32\drivers
2008-10-23 14:00:12 ----RD---- C:\Program Files
2008-10-23 14:00:12 ----HD---- C:\ProgramData
2008-10-23 14:00:12 ----D---- C:\Windows\System32
2008-10-23 14:00:12 ----D---- C:\Windows\inf
2008-10-23 14:00:12 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-10-23 01:52:45 ----D---- C:\Program Files\LogMeIn
2008-10-22 23:35:25 ----D---- C:\Users\Admin\AppData\Roaming\teamspeak2
2008-10-22 23:14:45 ----D---- C:\Users\Admin\AppData\Roaming\Xfire
2008-10-22 23:12:19 ----A---- C:\Windows\system32\PnkBstrB.exe
2008-10-22 17:32:18 ----SHD---- C:\Windows\Installer
2008-10-22 17:32:17 ----D---- C:\Program Files\Java
2008-10-22 17:31:33 ----D---- C:\Program Files\BitComet
2008-10-22 00:28:43 ----HD---- C:\$AVG8.VAULT$
2008-10-22 00:27:11 ----SD---- C:\Users\Admin\AppData\Roaming\Microsoft
2008-10-21 11:28:11 ----SHD---- C:\System Volume Information
2008-10-21 10:50:53 ----D---- C:\ProgramData\Xfire
2008-10-21 10:50:53 ----D---- C:\Program Files\Xfire
2008-10-20 19:21:36 ----A---- C:\Windows\ntbtlog.txt
2008-10-20 12:17:09 ----D---- C:\Windows\system32\catroot2
2008-10-15 12:30:27 ----D---- C:\Windows\system32\migration
2008-10-15 12:30:27 ----D---- C:\Program Files\Windows Mail
2008-10-14 12:19:45 ----D---- C:\Windows
2008-10-14 12:16:38 ----D---- C:\Windows\system32\RTCOM
2008-10-14 12:15:48 ----A---- C:\Windows\DIFxAPI.dll
2008-10-14 12:15:45 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-14 12:12:07 ----D---- C:\ProgramData\NVIDIA
2008-10-14 12:04:25 ----A---- C:\Windows\HideWin.exe
2008-10-10 08:12:55 ----D---- C:\Downloads
2008-10-07 15:19:40 ----A---- C:\Windows\system32\mrt.exe
2008-10-04 18:27:43 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-24 19:24:25 ----D---- C:\Users\Admin\AppData\Roaming\Mozilla
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)
======
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2008-08-28
97928]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys
[2008-07-03 26824]
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-20 350720]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32
\drivers\LMIRfsDriver.sys [2008-03-07 45848]
R3 AvgWfpX;AVG8 Firewall Driver x86; C:\Windows\System32\Drivers\avgwfpx.sys [2008-07-03 69128]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32
\drivers\RTKVHDA.sys [2008-09-09 2167128]
R3 LachesisFltr;Lachesis Mouse Driver; C:\Windows\system32\drivers\Lachesis.sys [2007-08-08
12032]
R3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys [2008-02-28 10144]
R3 NBv834x;Killer NIC Gaming Adapter Service; C:\Windows\system32\DRIVERS\nbv834x.sys [2008-05-14
104992]
R3 NBvEdge;Killer NIC NDIS-Edge Service; C:\Windows\system32\DRIVERS\NBvEdge.sys [2008-05-14
23072]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys
[2008-08-01 1052704]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-12-12 8238688]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2006
-06-06 11136]
R3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2006-06
-06 21632]
R3 WmHidLo;Logitech Gaming USB Filter Driver; C:\Windows\system32\drivers\WmHidLo.sys [2006-06-06
20864]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys
[2006-06-06 46208]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
[2008-02-28 12856]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008
-01-20 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service;
C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20
8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20
5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-
01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys
[2008-01-20 6016]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2006-10-17 35072]
S3 uisp;Freescale USB JW32 driver; C:\Windows\System32\Drivers\usbicp.sys [2005-12-21 14592]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2006-
06-06 6400]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-
01-20 6656]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\Windows\system32\drivers\LMIRfsClientNP.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32
\drivers\wmiacpi.sys [2008-01-20 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)
======
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-28 875288]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-28 231704]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-20
21504]
R2 Killer Port Manager;Killer Port Manager; C:\Program Files\Bigfoot Networks\Killer
Driver\PortManager.exe [2008-06-04 237568]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-05-16 118784]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-09-23 66872]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search &
Destroy\SDWinSec.exe [2008-07-07 809296]
R3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2008-05-28
116032]
S2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-02-28 63040]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727
\aspnet_state.exe [2008-01-20 33800]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-20
523776]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe
[2006-10-17 86016]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01
-20 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-
20 917504]
-----------------EOF-----------------