Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please help! HijackThis Log inside...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please help! HijackThis Log inside...

Unread postby Petrie » February 2nd, 2009, 5:07 pm

Hi Guys,

Have tried everything, and still can't work out the problem. Computer is running seriously slow and know that I got some malware on my machine recently, just cant seem to shake it now. Any help would be massively appreciated. Here's the HJ log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:03:41 AM, on 3/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\ASUS\Six Engine\SixEngine.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\Ideazon\ZEngine\Zboard.exe
H:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
H:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
H:\Program Files\lg_fwupdate\fwupdate.exe
H:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
H:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
H:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
H:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
H:\Program Files\Java\jre6\bin\jusched.exe
H:\Program Files\Spyware Doctor\pctsTray.exe
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
H:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
H:\Program Files\Curse\CurseClient.exe
H:\Program Files\Messenger\msmsgs.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Windows Desktop Search\WindowsSearch.exe
H:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
H:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\Common Files\LightScribe\LSSrvc.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\Program Files\Spyware Doctor\pctsAuxs.exe
H:\Program Files\Spyware Doctor\pctsSvc.exe
H:\WINDOWS\system32\SearchIndexer.exe
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\WINDOWS\System32\alg.exe
H:\Program Files\Windows Live\Messenger\usnsvc.exe
H:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Six Engine] "H:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zboard] H:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [Launch LCDMon] "H:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "H:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [RemoteControl] "H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "H:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "H:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [TrojanScanner] H:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "H:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Power2GoExpress] "H:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [CurseClient] H:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = H:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Windows Search.lnk = H:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/ ... 586-jc.cab
O16 - DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_test.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - H:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - H:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - H:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 9118 bytes

A million thank you's.
Petrie
Active Member
 
Posts: 8
Joined: February 2nd, 2009, 5:03 pm
Advertisement
Register to Remove

Re: Please help! HijackThis Log inside...

Unread postby peku006 » February 6th, 2009, 2:05 pm

Hello and welcome to Malware Removal.

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:

  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Please continue to respond until I give you the "All Clear"

If you follow these instructions, everything should go smoothly.

1 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform full scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • The log can also be found here:

    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


2 - download and run RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

3 - Status Check
Please reply with

1.the logs from RSIT (log.txt ,info.txt)
2. the Malwarebytes' Anti-Malware Log
description of any problems you are having with your PC

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Please help! HijackThis Log inside...

Unread postby Petrie » February 8th, 2009, 5:27 am

Hi peku006,

First up, thanks for your response. Am currently trying the Malwarebyes' Anti-Malware but it has been running for nearly 24hrs and is still not complete. Is this normal? Or would this be a symptom of the Malware? Have had to reply to the post using my gf's computer as mine is next to unresponsive beyond the Malware program. Will do the 2nd and 3rd steps once the Anti-Malware completes it's check. Just wanted to respond to find out if that length of time is normal (never had a terabyte of HDD before) and so that the post doesn't get closed/forgotten. ;)

Cheers.

Edit: Ran the anti-malware on the GF's computer and it was done in 30 mins...guessing the poor time of my computer's check is due to whatever's affecting it...if that makes sense. :S
Petrie
Active Member
 
Posts: 8
Joined: February 2nd, 2009, 5:03 pm

Re: Please help! HijackThis Log inside...

Unread postby peku006 » February 9th, 2009, 2:58 pm

Hi Petrie

Please continue with random's system information tool

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Please help! HijackThis Log inside...

Unread postby Petrie » February 9th, 2009, 10:02 pm

Ok, here are the logs:

Malwarebytes' Anti-Malware 1.33
Database version: 1736
Windows 5.1.2600 Service Pack 3

2/9/2009 10:44:47 AM
mbam-log-2009-02-09 (10-44-47).txt

Scan type: Full Scan (H:\|)
Objects scanned: 101066
Time elapsed: 59 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VnrBlock (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
H:\Program Files\ppcbooster (Trojan.Agent) -> Quarantined and deleted successfully.
H:\Program Files\runit (Trojan.Agent) -> Quarantined and deleted successfully.
H:\Program Files\IEToolbar (Trojan.Agent) -> Quarantined and deleted successfully.
H:\Program Files\IEToolbar\ECO Bar (Trojan.Agent) -> Quarantined and deleted successfully.
H:\Program Files\iCheck (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
H:\Program Files\runit\config.txt (Trojan.Agent) -> Quarantined and deleted successfully.
H:\Program Files\IEToolbar\ECO Bar\ecobar.dll (Trojan.Agent) -> Quarantined and deleted successfully.
H:\Program Files\IEToolbar\ECO Bar\uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
H:\Program Files\iCheck\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Logfile of random's system information tool 1.05 (written by random/random)
Run by Peter at 2009-02-10 06:43:42
Microsoft Windows XP Professional Service Pack 3
System drive H: has 918 GB (96%) free of 954 GB
Total RAM: 3327 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:43:57 AM, on 2/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\ASUS\Six Engine\SixEngine.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\Ideazon\ZEngine\Zboard.exe
H:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
H:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
H:\Program Files\lg_fwupdate\fwupdate.exe
H:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
H:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
H:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
H:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
H:\Program Files\Java\jre6\bin\jusched.exe
H:\Program Files\Spyware Doctor\pctsTray.exe
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
H:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
H:\Program Files\Curse\CurseClient.exe
H:\Program Files\Messenger\msmsgs.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
H:\Program Files\Windows Desktop Search\WindowsSearch.exe
H:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
H:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\Common Files\LightScribe\LSSrvc.exe
H:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Binn\sqlservr.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\Program Files\Spyware Doctor\pctsAuxs.exe
H:\Program Files\Spyware Doctor\pctsSvc.exe
H:\Program Files\Sophos Enterprise Manager\Library\bin\schdsrvc.exe
H:\Program Files\Sophos\Enterprise Console\Remote Management System\ManagementAgentNT.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Sophos\Enterprise Console\Remote Management System\EMLibUpdateAgentNT.exe
H:\Program Files\Sophos\Enterprise Console\MgntSvc.exe
H:\Program Files\Sophos\Enterprise Console\Remote Management System\RouterNT.exe
H:\WINDOWS\system32\SearchIndexer.exe
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\WINDOWS\system32\SearchProtocolHost.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\WINDOWS\System32\alg.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\system32\SearchFilterHost.exe
H:\Documents and Settings\Peter\My Documents\Programs\RSIT.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe
H:\WINDOWS\system32\SearchProtocolHost.exe
H:\Program Files\Trend Micro\HijackThis\Peter.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - H:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - H:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Six Engine] "H:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zboard] H:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [Launch LCDMon] "H:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "H:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [RemoteControl] "H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "H:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "H:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [TrojanScanner] H:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "H:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Power2GoExpress] "H:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [CurseClient] H:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = H:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Service Manager.lnk = H:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Windows Search.lnk = H:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/ ... 586-jc.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - H:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - H:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - H:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sophos Enterprise Manager Scheduler (SEMScheduler) - Sophos Plc - H:\Program Files\Sophos Enterprise Manager\Library\bin\schdsrvc.exe
O23 - Service: Sophos Agent - Sophos Plc - H:\Program Files\Sophos\Enterprise Console\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos Certification Manager - Sophos Plc - H:\Program Files\Sophos\Enterprise Console\CertificationManagerServiceNT.exe
O23 - Service: Sophos EMLibUpdate Agent - Sophos Plc - H:\Program Files\Sophos\Enterprise Console\Remote Management System\EMLibUpdateAgentNT.exe
O23 - Service: Sophos Management Service - Sophos Plc - H:\Program Files\Sophos\Enterprise Console\MgntSvc.exe
O23 - Service: Sophos Message Router - Sophos Plc - H:\Program Files\Sophos\Enterprise Console\Remote Management System\RouterNT.exe

--
End of file - 11203 bytes

======Scheduled tasks folder======

H:\WINDOWS\tasks\Google Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - H:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - H:\Program Files\Java\jre6\bin\ssv.dll [2009-03-01 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - H:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - h:\program files\google\googletoolbar2.dll [2009-03-01 2133056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - H:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-03-01 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - h:\program files\google\googletoolbar2.dll [2009-03-01 2133056]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - H:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=H:\WINDOWS\RTHDCPL.EXE [2008-05-16 16862720]
"Alcmtr"=H:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"Six Engine"=H:\Program Files\ASUS\Six Engine\SixEngine.exe [2008-06-03 5964800]
"NvCplDaemon"=H:\WINDOWS\system32\NvCpl.dll [2008-11-12 13672448]
"NvMediaCenter"=H:\WINDOWS\system32\NvMcTray.dll [2008-11-12 86016]
"Zboard"=H:\Program Files\Ideazon\ZEngine\Zboard.exe [2008-11-12 57344]
"Launch LCDMon"=H:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2007-12-13 2051096]
"Launch LGDCore"=H:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [2007-12-13 2095640]
"RemoteControl"=H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-10-28 72736]
"LanguageShortcut"=H:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-10-11 62760]
"LGODDFU"=H:\Program Files\lg_fwupdate\fwupdate.exe [2008-12-08 548864]
"TrojanScanner"=H:\Program Files\Trojan Remover\Trjscan.exe [2008-12-10 1230728]
"Adobe Reader Speed Launcher"=H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"SunJavaUpdateSched"=H:\Program Files\Java\jre6\bin\jusched.exe [2009-03-01 136600]
"ISTray"=H:\Program Files\Spyware Doctor\pctsTray.exe [2008-08-25 1168264]
"avast!"=H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-06 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"Power2GoExpress"=H:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe [2007-07-23 2499880]
"CurseClient"=H:\Program Files\Curse\CurseClient.exe [2008-10-11 4789760]
"MSMSGS"=H:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"swg"=H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-10 68856]
"ctfmon.exe"=H:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

H:\Documents and Settings\All Users\Start Menu\Programs\Startup
Service Manager.lnk - H:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
Windows Search.lnk - H:\Program Files\Windows Desktop Search\WindowsSearch.exe

H:\Documents and Settings\Peter\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - H:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
H:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=H:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=H:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe"="H:\Program Files\World of Warcraft\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"H:\Program Files\World of Warcraft\Repair.exe"="H:\Program Files\World of Warcraft\Repair.exe:*:Enabled:Blizzard Repair Utility"
"H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"H:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="H:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"H:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="H:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"H:\Program Files\Windows Live\Messenger\msnmsgr.exe"="H:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"H:\Program Files\Windows Live\Messenger\livecall.exe"="H:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"H:\Program Files\Curse\CurseClient.exe"="H:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client"
"H:\Program Files\Ventrilo\Ventrilo.exe"="H:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"H:\Program Files\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enUS-downloader.exe"="H:\Program Files\World of Warcraft\WoW-3.0.8.9464-to-3.0.8.9506-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"H:\Documents and Settings\Peter\Local Settings\Temp\Blizzard Launcher Temporary - c9908028\Launcher.exe"="H:\Documents and Settings\Peter\Local Settings\Temp\Blizzard Launcher Temporary - c9908028\Launcher.exe:*:Enabled:Blizzard Launcher"
"H:\Documents and Settings\Peter\Local Settings\Temp\Blizzard Launcher Temporary - 04501c58\Launcher.exe"="H:\Documents and Settings\Peter\Local Settings\Temp\Blizzard Launcher Temporary - 04501c58\Launcher.exe:*:Enabled:Blizzard Launcher"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\Windows Live\Messenger\msnmsgr.exe"="H:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"H:\Program Files\Windows Live\Messenger\livecall.exe"="H:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bad6fec6-d6de-11dd-b666-00221599a459}]
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\S-1-5-21-3666692665-148099885-633438025-500\rasman32.exe


======List of files/folders created in the last 1 months======

2009-03-07 00:59:49 ----D---- H:\WINDOWS\system32\appmgmt
2009-03-07 00:55:46 ----D---- H:\Program Files\MSXML 4.0
2009-03-07 00:52:15 ----D---- H:\Documents and Settings\All Users\Application Data\Avg8
2009-03-06 23:38:50 ----D---- H:\Documents and Settings\Peter\Application Data\WinRAR
2009-03-06 23:38:33 ----D---- H:\Program Files\WinRAR
2009-03-05 18:17:23 ----A---- H:\WINDOWS\SAVAdmin.INI
2009-03-05 16:32:56 ----D---- H:\Program Files\Sophos Sweep for NT
2009-03-05 16:32:56 ----D---- H:\Program Files\Sophos Enterprise Manager
2009-03-05 16:26:29 ----D---- H:\Program Files\Crystal Decisions
2009-03-05 16:26:28 ----D---- H:\Program Files\Common Files\Sophos
2009-03-05 16:26:28 ----D---- H:\Program Files\Common Files\Crystal Decisions
2009-03-05 16:26:20 ----D---- H:\Program Files\Sophos
2009-03-05 16:26:20 ----D---- H:\Documents and Settings\All Users\Application Data\Sophos
2009-03-05 16:17:30 ----N---- H:\WINDOWS\system32\dbmsqlgc.dll
2009-03-05 16:17:30 ----N---- H:\WINDOWS\system32\dbmsgnet.dll
2009-03-05 16:17:24 ----A---- H:\WINDOWS\IsUninst.exe
2009-03-05 16:09:41 ----D---- H:\Program Files\Microsoft SQL Server
2009-03-05 15:44:44 ----D---- H:\Documents and Settings\Peter\Application Data\Windows Search
2009-03-05 06:52:11 ----D---- H:\sec31
2009-03-01 20:53:41 ----A---- H:\WINDOWS\system32\aswBoot.exe
2009-03-01 20:53:39 ----D---- H:\Program Files\Alwil Software
2009-03-01 20:43:32 ----D---- H:\Documents and Settings\All Users\Application Data\Google Updater
2009-03-01 20:11:58 ----D---- H:\Program Files\Common Files\PC Tools
2009-03-01 20:11:53 ----D---- H:\Program Files\Spyware Doctor
2009-03-01 20:11:53 ----D---- H:\Documents and Settings\Peter\Application Data\PC Tools
2009-03-01 20:11:53 ----D---- H:\Documents and Settings\All Users\Application Data\PC Tools
2009-03-01 20:01:49 ----A---- H:\WINDOWS\system32\hiwhlspp.exe
2009-03-01 20:01:43 ----A---- H:\WINDOWS\rgmonsvc.exe
2009-03-01 20:01:13 ----A---- H:\WINDOWS\gfpcn57715.exe
2009-03-01 20:01:04 ----A---- H:\WINDOWS\kdiue732.txt
2009-03-01 19:58:11 ----D---- H:\Documents and Settings\Peter\Application Data\LimeWire
2009-03-01 19:57:10 ----D---- H:\WINDOWS\Sun
2009-03-01 19:57:01 ----A---- H:\WINDOWS\system32\javaws.exe
2009-03-01 19:57:01 ----A---- H:\WINDOWS\system32\javaw.exe
2009-03-01 19:57:01 ----A---- H:\WINDOWS\system32\java.exe
2009-03-01 19:57:01 ----A---- H:\WINDOWS\system32\deploytk.dll
2009-03-01 19:56:53 ----D---- H:\Program Files\Java
2009-03-01 19:55:20 ----D---- H:\Documents and Settings\Peter\Application Data\Sun
2009-03-01 19:54:41 ----D---- H:\Program Files\LimeWire
2009-03-01 19:16:33 ----A---- H:\WINDOWS\demdata.txt
2009-03-01 19:08:12 ----D---- H:\Program Files\Native Instruments
2009-03-01 19:08:12 ----A---- H:\WINDOWS\system32\NI_IRC_1_1.dll
2009-03-01 19:08:12 ----A---- H:\WINDOWS\system32\NI_IRC_1_0_3.dll
2009-03-01 19:08:12 ----A---- H:\WINDOWS\system32\NI_DFD_1_4.dll
2009-03-01 19:08:08 ----D---- H:\Program Files\Finale GPO 2.0
2009-03-01 19:07:01 ----A---- H:\WINDOWS\unvise32.exe
2009-03-01 19:05:31 ----D---- H:\Program Files\Finale 2007
2009-02-28 21:30:18 ----HD---- H:\WINDOWS\PIF
2009-02-27 07:31:08 ----HDC---- H:\WINDOWS\$NtUninstallKB941569$
2009-02-27 07:30:59 ----HDC---- H:\WINDOWS\$NtUninstallKB929399$
2009-02-27 07:30:51 ----HDC---- H:\WINDOWS\$NtUninstallKB939683$
2009-02-27 07:30:39 ----HDC---- H:\WINDOWS\$NtUninstallKB954154_WM11$
2009-02-27 07:30:33 ----HDC---- H:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-02-26 19:16:54 ----N---- H:\WINDOWS\system32\spmsg.dll
2009-02-26 19:16:53 ----HDC---- H:\WINDOWS\$NtUninstallMSCompPackV1$
2009-02-26 19:16:42 ----D---- H:\Program Files\Windows Media Connect 2
2009-02-26 19:16:30 ----HDC---- H:\WINDOWS\$NtUninstallwmp11$
2009-02-26 19:16:08 ----HDC---- H:\WINDOWS\$NtUninstallWMFDist11$
2009-02-26 19:15:58 ----D---- H:\c7069b825f3a5a75e4670f7efd97fb37
2009-02-26 19:15:56 ----D---- H:\WINDOWS\system32\LogFiles
2009-02-26 19:15:52 ----HDC---- H:\WINDOWS\$NtUninstallWudf01000$
2009-02-26 19:15:42 ----D---- H:\2eaf676a6a708dc912108ec4845a43
2009-02-10 06:43:42 ----D---- H:\rsit
2009-02-09 09:28:55 ----A---- H:\vioujio.txt
2009-02-07 08:45:10 ----D---- H:\Documents and Settings\Peter\Application Data\Malwarebytes
2009-02-07 08:45:03 ----D---- H:\Program Files\Malwarebytes' Anti-Malware
2009-02-07 08:45:03 ----D---- H:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-07 01:15:20 ----D---- H:\Documents and Settings\Peter\Application Data\AVGTOOLBAR
2009-01-15 09:52:25 ----HDC---- H:\WINDOWS\$NtUninstallKB958687$
2009-01-15 09:52:20 ----HDC---- H:\WINDOWS\$NtUninstallKB951748$
2009-01-12 15:01:51 ----D---- H:\Documents and Settings\Peter\Application Data\Windows Desktop Search
2009-01-12 15:00:38 ----D---- H:\WINDOWS\system32\GroupPolicy
2009-01-12 15:00:38 ----D---- H:\Program Files\Windows Desktop Search
2009-01-12 15:00:24 ----HDC---- H:\WINDOWS\$NtUninstallKB940157$
2009-01-12 15:00:13 ----HDC---- H:\WINDOWS\$NtUninstallKB915800-v4$
2009-01-12 14:32:35 ----D---- H:\Documents and Settings\All Users\Application Data\Office Genuine Advantage

======List of files/folders modified in the last 1 months======

2009-03-07 00:55:52 ----D---- H:\WINDOWS\WinSxS
2009-03-07 00:54:42 ----SD---- H:\WINDOWS\Downloaded Program Files
2009-03-07 00:46:11 ----D---- H:\WINDOWS\system32\config
2009-03-06 17:34:09 ----D---- H:\WINDOWS\system32\CatRoot2
2009-03-05 16:55:53 ----SD---- H:\Documents and Settings\Peter\Application Data\Microsoft
2009-03-05 16:32:37 ----D---- H:\Program Files\Common Files\InstallShield
2009-03-05 16:26:28 ----D---- H:\Program Files\Common Files
2009-03-05 16:17:29 ----HD---- H:\Program Files\Uninstall Information
2009-03-01 22:07:50 ----D---- H:\Program Files\Google
2009-03-01 22:07:50 ----D---- H:\Documents and Settings\All Users\Application Data\Google
2009-03-01 19:32:58 ----RSD---- H:\WINDOWS\Fonts
2009-03-01 19:07:19 ----D---- H:\Program Files\Adobe
2009-02-27 07:31:10 ----HD---- H:\WINDOWS\inf
2009-02-27 07:31:09 ----RSHDC---- H:\WINDOWS\system32\dllcache
2009-02-27 07:31:01 ----A---- H:\WINDOWS\imsins.BAK
2009-02-27 07:30:44 ----D---- H:\WINDOWS\system32\CatRoot
2009-02-26 19:21:44 ----D---- H:\Program Files\World of Warcraft
2009-02-26 19:18:41 ----D---- H:\Program Files\Windows Media Player
2009-02-26 19:16:45 ----A---- H:\WINDOWS\win.ini
2009-02-26 19:16:38 ----D---- H:\WINDOWS\Help
2009-02-10 06:43:49 ----D---- H:\WINDOWS\Prefetch
2009-02-10 06:42:42 ----D---- H:\WINDOWS\Temp
2009-02-10 06:40:51 ----D---- H:\WINDOWS\system32\drivers
2009-02-10 06:40:15 ----AD---- H:\Documents and Settings\All Users\Application Data\TEMP
2009-02-10 06:40:07 ----SD---- H:\WINDOWS\Tasks
2009-02-10 06:39:54 ----D---- H:\Program Files\lg_fwupdate
2009-02-10 06:39:52 ----A---- H:\WINDOWS\lgfwup.ini
2009-02-09 16:06:59 ----D---- H:\WINDOWS\system32
2009-02-09 16:06:59 ----A---- H:\WINDOWS\system32\PerfStringBackup.INI
2009-02-09 10:44:47 ----RD---- H:\Program Files
2009-02-09 09:31:16 ----D---- H:\WINDOWS
2009-02-08 06:40:22 ----A---- H:\WINDOWS\SchedLgU.Txt
2009-02-07 01:15:09 ----SHD---- H:\WINDOWS\Installer
2009-01-15 09:52:55 ----D---- H:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-01-15 09:52:25 ----HD---- H:\WINDOWS\$hf_mig$
2009-01-12 15:00:44 ----SD---- H:\Documents and Settings\All Users\Application Data\Microsoft
2009-01-12 15:00:40 ----D---- H:\WINDOWS\system32\en-US
2009-01-12 15:00:38 ----D---- H:\WINDOWS\system32\wbem

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; H:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-06 26944]
R1 AsIO;AsIO; H:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 aswSP;avast! Self Protection; H:\WINDOWS\system32\drivers\aswSP.sys [2009-02-06 114768]
R1 aswTdi;avast! Network Shield Support; H:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-06 51376]
R1 IKSysFlt;System Filter Driver; H:\WINDOWS\system32\drivers\iksysflt.sys [2008-08-25 66952]
R1 IKSysSec;System Security Driver; H:\WINDOWS\system32\drivers\iksyssec.sys [2008-08-25 81288]
R1 intelppm;Intel Processor Driver; H:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; H:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 pctfw2;pctfw2; \??\H:\WINDOWS\system32\drivers\pctfw2.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; H:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\H:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 aswFsBlk;aswFsBlk; H:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-06 20560]
R2 aswMon2;avast! Standard Shield Support; H:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-06 94032]
R3 Alpham1;Ideazon Fang USB Human Interface Device; H:\WINDOWS\system32\DRIVERS\Alpham1.sys [2007-07-23 42624]
R3 Alpham2;Ideazon Fang MM USB Human Interface Device; H:\WINDOWS\system32\DRIVERS\Alpham2.sys [2007-03-20 18432]
R3 Arp1394;1394 ARP Client Protocol; H:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 aswRdr;aswRdr; H:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-06 23152]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; H:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; H:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); H:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-20 4800000]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; H:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-06-26 36864]
R3 mouhid;Mouse HID Driver; H:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; H:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; H:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; H:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-11-12 6188320]
R3 usbaudio;USB Audio Driver (WDM); H:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; H:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; H:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; H:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbstor;USB Mass Storage Driver; H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; H:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\H:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; H:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; H:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; H:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-06 18752]
R2 avast! Antivirus;avast! Antivirus; H:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-06 138680]
R2 JavaQuickStarterService;Java Quick Starter; H:\Program Files\Java\jre6\bin\jqs.exe [2009-03-01 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; H:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-06-27 79136]
R2 MSSQL$SOPHOS;MSSQL$SOPHOS; H:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Binn\sqlservr.exe [2002-12-17 7520337]
R2 NVSvc;NVIDIA Display Driver Service; H:\WINDOWS\system32\nvsvc32.exe [2008-11-12 163908]
R2 sdAuxService;PC Tools Auxiliary Service; H:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
R2 sdCoreService;PC Tools Security Service; H:\Program Files\Spyware Doctor\pctsSvc.exe [2008-10-09 1079176]
R2 SEMScheduler;Sophos Enterprise Manager Scheduler; H:\Program Files\Sophos Enterprise Manager\Library\bin\schdsrvc.exe [2008-03-11 532554]
R2 Sophos Agent;Sophos Agent; H:\Program Files\Sophos\Enterprise Console\Remote Management System\ManagementAgentNT.exe [2007-08-13 266240]
R2 Sophos EMLibUpdate Agent;Sophos EMLibUpdate Agent; H:\Program Files\Sophos\Enterprise Console\Remote Management System\EMLibUpdateAgentNT.exe [2007-08-13 352256]
R2 Sophos Management Service;Sophos Management Service; H:\Program Files\Sophos\Enterprise Console\MgntSvc.exe [2008-04-01 3452928]
R2 Sophos Message Router;Sophos Message Router; H:\Program Files\Sophos\Enterprise Console\Remote Management System\RouterNT.exe [2007-08-13 790528]
R2 WSearch;Windows Search; H:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 avast! Mail Scanner;avast! Mail Scanner; H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-06 254040]
R3 avast! Web Scanner;avast! Web Scanner; H:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-06 352920]
S2 gusvc;Google Software Updater; H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-01 182768]
S2 Sophos Certification Manager;Sophos Certification Manager; H:\Program Files\Sophos\Enterprise Console\CertificationManagerServiceNT.exe [2007-08-13 49152]
S3 aspnet_state;ASP.NET State Service; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 getPlus(R) Helper;getPlus(R) Helper; H:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; H:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 MSSQLServerADHelper;MSSQLServerADHelper; H:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 odserv;Microsoft Office Diagnostics Service; H:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; H:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SQLAgent$SOPHOS;SQLAgent$SOPHOS; H:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Binn\sqlagent.EXE [2002-12-17 311872]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; H:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; H:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; H:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; H:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.05 2009-02-10 06:44:01

======Uninstall list======

-->MsiExec /X{AC54E544-3E42-443C-A91D-A00A6974C592}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 H:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Acrobat.com-->H:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->H:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->H:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver-->"H:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\Setup.exe" -runfromtemp -l0x0009 -removeonly
avast! Antivirus-->H:\Program Files\Alwil Software\Avast4\aswRunDll.exe "H:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BD/HD Advisor 1.0-->RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}\setup.exe" -uninstall
Curse Client-->H:\Program Files\Curse\uninstall.exe
EPU-6 Engine-->RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{56B83336-FBC1-4C46-8613-90A9E3B440D6}\setup.exe" -l0x9
Finale 2007-->H:\WINDOWS\unvise32.exe H:\Program Files\Finale 2007\uninstal.log
Garritan Ambiance Installer-->H:\Program Files\Finale 2007\uninstallAmbience.exe
getPlus(R) for Adobe-->"H:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "h:\program files\google\googletoolbar2.dll"
Google Updater-->"H:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Hi-Def Suite-->RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
HijackThis 2.0.2-->"H:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"H:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"H:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"H:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"H:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
LabelPrint-->RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
LG ODD Auto Firmware Update-->RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\setup.exe"
LightScribe Optical Disc Kit-->MsiExec.exe /X{71F17309-007D-43F9-9313-DBFBA5FCB3B3}
LimeWire 4.18.1-->"H:\Program Files\LimeWire\uninstall.exe"
Logitech GamePanel Software 2.02-->MsiExec.exe /X{0523EAF4-402C-4435-A0DA-13C40193D811}
Magelo Sync (uninstall only)-->"H:\Program Files\Magelo\Magelo Sync\UnInstall.exe"
Malwarebytes' Anti-Malware-->"H:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
marvell 61xx-->H:\Program Files\Marvell\61xx\uninst-61xx.exe
Microsoft .NET Framework 2.0-->H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"H:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"H:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"H:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"H:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server Desktop Engine (SOPHOS)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"H:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Native Instruments Finale GPO 2.0-->H:\PROGRA~1\FINALE~1.0\UNWISE.EXE H:\PROGRA~1\FINALE~1.0\INSTALL.LOG
NVIDIA Drivers-->H:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX v8.10.13-->MsiExec.exe /X{AC54E544-3E42-443C-A91D-A00A6974C592}
Power2Go 5.0-->RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerBackup-->RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{ADD5DB49-72CF-11D8-9D75-000129760D75}\setup.exe" -uninstall
PowerDVD-->RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Realtek High Definition Audio Driver-->RunDll32 H:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"H:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"H:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"H:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"H:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"H:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"H:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"H:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"H:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"H:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"H:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"H:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"H:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"H:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"H:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"H:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"H:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"H:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"H:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"H:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"H:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"H:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"H:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"H:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"H:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"H:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"H:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"H:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"H:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"H:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"H:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sophos EM Library-->MsiExec.exe /X{6EA1A75B-CACE-482F-8424-7ED10E4FC53E}
Spyware Doctor 6.0-->H:\Program Files\Spyware Doctor\unins000.exe /LOG
Trojan Remover 6.7.5-->"H:\Program Files\Trojan Remover\unins000.exe"
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb959141)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CC6191C2-B0CE-473C-AD77-61EA3497D796}
Update for Windows XP (KB898461)-->"H:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"H:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"H:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"H:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Windows Internet Explorer 7-->"H:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Writer-->MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Format 11 runtime-->"H:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"H:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"H:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"H:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"H:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
WinRAR archiver-->H:\Program Files\WinRAR\uninstall.exe
Z Engine-->MsiExec.exe /X{64E47A5F-B3C4-476A-9100-2D006BD1FFB4}

=====HijackThis Backups=====

O2 - BHO: MSUSER Class - {8D4D2F69-DF30-4471-988C-CC58545E86C8} - H:\WINDOWS\system32\WinHel.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: blueskyadagency - {48b70c89-6075-ab2b-48b9-265bef6f1a7a} - H:\WINDOWS\system32\nsa49.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ECO Bar - {10000000-1000-1000-1000-100000000000} - H:\Program Files\IEToolbar\ECO Bar\ecobar.dll
O2 - BHO: blueskyadagency browser enhancer - {3AA1795E-BCA1-8DDA-AC69-250C9C6A7242} - H:\WINDOWS\system32\cuthxoynhqzvvhg.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: TBSB05288 - {6714ADBD-C6C1-42A8-BD84-9C9339059421} - H:\Program Files\IEToolbar\ECO Bar\ecobar.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ManagerHLP] RUNDLL32.EXE H:\WINDOWS\system32\WinHel.dll,Install
O4 - HKLM\..\Run: [somoshvewvwkhja] H:\WINDOWS\System32\regsvr32.exe /s "H:\WINDOWS\system32\cuthxoynhqzvvhg.dll"
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - H:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O4 - HKCU\..\Run: [VnrBlock21] "H:\Program Files\VnrBlock\VnrBlock21.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "H:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BDRegion] H:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - Startup: runit_32.lnk = H:\Program Files\runit\runit_32.exe
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab
O4 - HKLM\..\Run: [hiwhlspp] "H:\WINDOWS\system32\hiwhlspp.exe"

======Security center information======

AV: Spyware Doctor with AntiVirus
AV: avast! antivirus 4.8.1335 [VPS 090209-0]

System event log

Computer Name: PETER-DE0E43EC9
Event Code: 19
Message: Installation Successful: Windows successfully installed the following update: Security Update for Microsoft Office system 2007 (KB951808)

Record Number: 465
Source Name: Windows Update Agent
Time Written: 20081209225351.000000+600
Event Type: information
User:

Computer Name: PETER-DE0E43EC9
Event Code: 19
Message: Installation Successful: Windows successfully installed the following update: Security Update for the 2007 Microsoft Office System (KB936514)

Record Number: 464
Source Name: Windows Update Agent
Time Written: 20081209225346.000000+600
Event Type: information
User:

Computer Name: PETER-DE0E43EC9
Event Code: 7036
Message: The Windows Installer service entered the running state.

Record Number: 463
Source Name: Service Control Manager
Time Written: 20081209225333.000000+600
Event Type: information
User:

Computer Name: PETER-DE0E43EC9
Event Code: 7035
Message: The Windows Installer service was successfully sent a start control.

Record Number: 462
Source Name: Service Control Manager
Time Written: 20081209225333.000000+600
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: PETER-DE0E43EC9
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 461
Source Name: W32Time
Time Written: 20081209215443.000000+600
Event Type: warning
User:

Application event log

Computer Name: PETER-DE0E43EC9
Event Code: 101
Message: MsnMsgr (1276) The database engine stopped.

Record Number: 830
Source Name: ESENT
Time Written: 20090105094312.000000+600
Event Type: information
User:

Computer Name: PETER-DE0E43EC9
Event Code: 103
Message: MsnMsgr (1276) \\.\H:\Documents and Settings\Peter\Local Settings\Application Data\Microsoft\Messenger\peter_pagett@hotmail.com\SharingMetadata\Working\database_88FC_FE3_FC0F_CA80\dfsr.db: The database engine stopped the instance (0).

Record Number: 829
Source Name: ESENT
Time Written: 20090105094312.000000+600
Event Type: information
User:

Computer Name: PETER-DE0E43EC9
Event Code: 11729
Message: Product: Logitech GamePanel Software 2.02 -- Configuration failed.

Record Number: 828
Source Name: MsiInstaller
Time Written: 20090105085408.000000+600
Event Type: information
User: PETER-DE0E43EC9\Peter

Computer Name: PETER-DE0E43EC9
Event Code: 11729
Message: Product: Logitech GamePanel Software 2.02 -- Configuration failed.

Record Number: 827
Source Name: MsiInstaller
Time Written: 20090105085356.000000+600
Event Type: information
User: PETER-DE0E43EC9\Peter

Computer Name: PETER-DE0E43EC9
Event Code: 7
Message: Successful auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

Record Number: 826
Source Name: crypt32
Time Written: 20090105085324.000000+600
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;H:\Program Files\Microsoft SQL Server\80\Tools\Binn\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=4
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
Petrie
Active Member
 
Posts: 8
Joined: February 2nd, 2009, 5:03 pm

Re: Please help! HijackThis Log inside...

Unread postby peku006 » February 10th, 2009, 11:31 am

Hi Petrie

    It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

    Spyware Doctor with AntiVirus
    avast! antivirus


    Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

    Please remove one of them.

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

Limewire

I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).NOW

1 - Scan With ComboFix

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to Temporarily Disable Anti-virus

Please include the C:\ComboFix.txt in your next reply for further review.

2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

3 - Status Check
Please reply with


1. the ComboFix log(C:\ComboFix.txt)
2. a fresh HijackThis log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Please help! HijackThis Log inside...

Unread postby Petrie » February 13th, 2009, 6:37 pm

Hi peku006,

Thanks so much for persisting with me, here are the logs you're after. The ComboFix is first:

ComboFix 09-02-12.03 - Peter 2009-02-14 8:29:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2701 [GMT 10:00]
Running from: h:\documents and settings\Peter\My Documents\Programs\ComboFix.exe
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

h:\windows\gfpcn57715.exe

.
((((((((((((((((((((((((( Files Created from 2009-01-13 to 2009-02-13 )))))))))))))))))))))))))))))))
.

2009-03-07 00:55 . 2009-03-07 00:55 <DIR> d-------- h:\program files\MSXML 4.0
2009-03-07 00:52 . 2009-02-07 01:15 <DIR> d-------- h:\documents and settings\All Users\Application Data\Avg8
2009-03-05 18:17 . 2009-03-06 06:36 77 --a------ h:\windows\SAVAdmin.INI
2009-03-05 16:32 . 2009-03-05 16:32 <DIR> d-------- h:\program files\Sophos Sweep for NT
2009-03-05 16:32 . 2009-03-05 16:32 <DIR> d-------- h:\program files\Sophos Enterprise Manager
2009-03-05 16:26 . 2009-03-05 16:26 <DIR> d-------- h:\program files\Sophos
2009-03-05 16:26 . 2009-03-05 16:26 <DIR> d-------- h:\program files\Crystal Decisions
2009-03-05 16:26 . 2009-03-05 16:28 <DIR> d-------- h:\documents and settings\All Users\Application Data\Sophos
2009-03-05 16:17 . 1998-10-29 15:45 306,688 --a------ h:\windows\IsUninst.exe
2009-03-05 16:17 . 2002-12-17 16:23 33,340 --------- h:\windows\system32\dbmsqlgc.dll
2009-03-05 16:17 . 2002-10-20 14:05 24,576 --------- h:\windows\system32\dbmsgnet.dll
2009-03-05 16:09 . 2009-03-05 16:09 <DIR> d-------- h:\program files\Microsoft SQL Server
2009-03-05 15:44 . 2009-03-05 15:44 <DIR> d-------- h:\documents and settings\Peter\Application Data\Windows Search
2009-03-05 06:52 . 2009-03-05 06:52 <DIR> d-------- H:\sec31
2009-03-01 20:53 . 2009-03-01 20:53 <DIR> d-------- h:\program files\Alwil Software
2009-03-01 20:43 . 2009-02-13 13:36 <DIR> d-------- h:\documents and settings\All Users\Application Data\Google Updater
2009-03-01 20:12 . 2008-07-28 12:29 160,792 --a------ h:\windows\system32\drivers\pctfw2.sys
2009-03-01 20:11 . 2009-02-14 08:27 <DIR> d-------- h:\program files\Spyware Doctor
2009-03-01 20:11 . 2009-03-01 20:11 <DIR> d-------- h:\documents and settings\Peter\Application Data\PC Tools
2009-03-01 20:11 . 2009-03-01 20:11 <DIR> d-------- h:\documents and settings\All Users\Application Data\PC Tools
2009-03-01 20:11 . 2008-08-25 12:36 81,288 --a------ h:\windows\system32\drivers\iksyssec.sys
2009-03-01 20:11 . 2008-08-25 12:36 66,952 --a------ h:\windows\system32\drivers\iksysflt.sys
2009-03-01 20:11 . 2008-08-25 12:36 40,840 --a------ h:\windows\system32\drivers\ikfilesec.sys
2009-03-01 20:11 . 2008-06-02 16:19 29,576 --a------ h:\windows\system32\drivers\kcom.sys
2009-03-01 20:01 . 2009-03-01 20:01 1,458,176 --a------ h:\windows\system32\hiwhlspp.exe
2009-03-01 20:01 . 2009-03-01 20:01 477,696 --a------ h:\windows\rgmonsvc.exe
2009-03-01 19:58 . 2009-02-11 06:37 <DIR> d-------- h:\documents and settings\Peter\Application Data\LimeWire
2009-03-01 19:57 . 2009-03-01 19:57 <DIR> d-------- h:\windows\Sun
2009-03-01 19:57 . 2009-03-01 19:56 410,984 --a------ h:\windows\system32\deploytk.dll
2009-03-01 19:57 . 2009-03-01 19:56 73,728 --a------ h:\windows\system32\javacpl.cpl
2009-03-01 19:56 . 2009-03-01 19:56 <DIR> d-------- h:\program files\Java
2009-03-01 19:08 . 2009-03-01 19:08 <DIR> d-------- h:\program files\Native Instruments
2009-03-01 19:08 . 2009-03-01 19:12 <DIR> d-------- h:\program files\Finale GPO 2.0
2009-03-01 19:08 . 2006-05-19 16:54 393,216 --a------ h:\windows\system32\NI_IRC_1_1.dll
2009-03-01 19:08 . 2005-04-04 18:00 393,216 --a------ h:\windows\system32\NI_IRC_1_0_3.dll
2009-03-01 19:08 . 2006-07-11 16:16 61,440 --a------ h:\windows\system32\NI_DFD_1_4.dll
2009-03-01 19:07 . 2004-03-29 16:23 90,112 --a------ h:\windows\unvise32.exe
2009-03-01 19:05 . 2009-03-01 19:34 <DIR> d-------- h:\program files\Finale 2007
2009-02-28 21:30 . 2009-02-28 21:30 <DIR> d--h----- h:\windows\PIF
2009-02-26 21:46 . 2009-02-26 21:46 268 --ah----- H:\sqmdata01.sqm
2009-02-26 21:46 . 2009-02-26 21:46 244 --ah----- H:\sqmnoopt01.sqm
2009-02-26 19:17 . 2009-02-26 19:17 268 --ah----- H:\sqmdata00.sqm
2009-02-26 19:17 . 2009-02-26 19:17 244 --ah----- H:\sqmnoopt00.sqm
2009-02-26 19:16 . 2009-02-26 19:16 <DIR> d-------- h:\program files\Windows Media Connect 2
2009-02-26 19:15 . 2009-02-26 19:15 <DIR> d-------- h:\windows\system32\LogFiles
2009-02-26 19:15 . 2009-02-26 19:16 <DIR> d-------- h:\windows\system32\drivers\UMDF
2009-02-26 19:15 . 2009-02-26 19:16 <DIR> d-------- H:\c7069b825f3a5a75e4670f7efd97fb37
2009-02-26 19:15 . 2009-02-26 19:15 <DIR> d-------- H:\2eaf676a6a708dc912108ec4845a43
2009-02-13 17:35 . 2009-02-13 17:35 <DIR> d--h----- h:\documents and settings\All Users\Application Data\CanonBJ
2009-02-13 13:19 . 2009-02-13 13:19 <DIR> d-------- h:\documents and settings\All Users\Application Data\Electronic Arts
2009-02-13 08:38 . 2008-10-10 04:52 4,379,984 --a------ h:\windows\system32\D3DX9_40.dll
2009-02-13 08:38 . 2008-10-10 04:52 2,036,576 --a------ h:\windows\system32\D3DCompiler_40.dll
2009-02-13 08:38 . 2008-10-27 10:04 514,384 --a------ h:\windows\system32\XAudio2_3.dll
2009-02-13 08:38 . 2008-10-10 04:52 452,440 --a------ h:\windows\system32\d3dx10_40.dll
2009-02-13 08:38 . 2008-10-27 10:04 235,856 --a------ h:\windows\system32\xactengine3_3.dll
2009-02-13 08:38 . 2008-10-27 10:04 70,992 --a------ h:\windows\system32\XAPOFX1_2.dll
2009-02-13 08:32 . 2009-02-13 08:37 <DIR> d--h----- h:\windows\msdownld.tmp
2009-02-13 08:32 . 2009-02-13 08:32 <DIR> d-------- h:\windows\Logs
2009-02-13 08:18 . 2009-02-13 08:18 <DIR> d-------- H:\ProgramData
2009-02-13 07:41 . 2009-02-13 08:18 <DIR> d-------- h:\program files\Electronic Arts
2009-02-11 22:33 . 2009-02-11 22:33 268 --ah----- H:\sqmdata02.sqm
2009-02-11 22:33 . 2009-02-11 22:33 244 --ah----- H:\sqmnoopt02.sqm
2009-02-11 06:45 . 2009-02-11 06:45 <DIR> d-------- h:\windows\system32\quicktime
2009-02-11 06:45 . 2009-02-11 06:45 <DIR> d-------- h:\program files\AVI Movie Player
2009-02-10 06:43 . 2009-02-10 06:44 <DIR> d-------- H:\rsit
2009-02-09 09:29 . 2009-02-09 09:29 61,440 --a------ h:\windows\system32\drivers\krkv.sys
2009-02-07 08:45 . 2009-02-07 08:45 <DIR> d-------- h:\program files\Malwarebytes' Anti-Malware
2009-02-07 08:45 . 2009-02-07 08:45 <DIR> d-------- h:\documents and settings\Peter\Application Data\Malwarebytes
2009-02-07 08:45 . 2009-02-07 08:45 <DIR> d-------- h:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-07 08:45 . 2009-01-14 16:11 38,496 --a------ h:\windows\system32\drivers\mbamswissarmy.sys
2009-02-07 08:45 . 2009-01-14 16:11 15,504 --a------ h:\windows\system32\drivers\mbam.sys
2009-02-07 01:15 . 2009-02-07 01:15 <DIR> d-------- h:\documents and settings\Peter\Application Data\AVGTOOLBAR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-05 06:32 --------- d-----w h:\program files\Common Files\InstallShield
2009-03-05 06:26 --------- d-----w h:\program files\Common Files\Sophos
2009-03-05 06:26 --------- d-----w h:\program files\Common Files\Crystal Decisions
2009-03-01 12:07 --------- d-----w h:\program files\Google
2009-03-01 10:15 --------- d-----w h:\program files\Common Files\PC Tools
2009-02-13 22:27 --------- d---a-w h:\documents and settings\All Users\Application Data\TEMP
2009-02-13 22:22 --------- d-----w h:\program files\lg_fwupdate
2009-02-12 22:18 --------- d--h--w h:\program files\InstallShield Installation Information
2009-02-11 12:34 --------- d-----w h:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-10 20:41 --------- d-----w h:\documents and settings\Peter\Application Data\CyberLink
2009-02-10 05:17 --------- d-----w h:\program files\World of Warcraft
2009-01-12 05:01 --------- d-----w h:\documents and settings\Peter\Application Data\Windows Desktop Search
2009-01-12 05:00 --------- d-----w h:\program files\Windows Desktop Search
2009-01-12 04:32 --------- d-----w h:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-01-04 09:30 --------- d-----w h:\documents and settings\Peter\Application Data\Ventrilo
2008-12-30 02:06 --------- d-----w h:\program files\Common Files\Adobe AIR
2008-12-30 02:04 --------- d-----w h:\program files\Common Files\Adobe
2008-12-30 02:02 --------- d-----w h:\documents and settings\All Users\Application Data\NOS
2008-12-30 01:58 --------- d-----w h:\program files\NOS
2008-12-29 20:12 683,520 ----a-w h:\windows\system32\nsa49.dll
2008-12-27 04:27 --------- d-----w h:\program files\Magelo
2008-12-20 23:15 826,368 ----a-w h:\windows\system32\wininet.dll
2008-12-16 22:15 --------- d-----w h:\program files\Trend Micro
2008-12-16 22:09 --------- d-----w h:\program files\Trojan Remover
2008-12-16 22:08 --------- d-----w h:\documents and settings\Peter\Application Data\Simply Super Software
2008-12-16 22:08 --------- d-----w h:\documents and settings\All Users\Application Data\Simply Super Software
2008-12-16 15:19 --------- d-----w h:\program files\AVG
2008-12-06 06:14 315,392 ----a-w h:\windows\HideWin.exe
2008-12-05 18:26 130,048 ----a-w h:\windows\avicodecpl.dll
2006-06-24 06:48 32,768 ----a-r h:\windows\inf\UpdateUSB.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="h:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Power2GoExpress"="h:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2007-07-23 2499880]
"CurseClient"="h:\program files\Curse\CurseClient.exe" [2008-10-11 4789760]
"MSMSGS"="h:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="h:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-10 68856]
"ctfmon.exe"="h:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"EA Core"="h:\program files\Electronic Arts\EADM\Core.exe" [2009-02-07 3325952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"="h:\program files\ASUS\Six Engine\SixEngine.exe" [2008-06-03 5964800]
"NvCplDaemon"="h:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"NvMediaCenter"="h:\windows\system32\NvMcTray.dll" [2008-11-12 86016]
"Zboard"="h:\program files\Ideazon\ZEngine\Zboard.exe" [2008-11-12 57344]
"Launch LCDMon"="h:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"Launch LGDCore"="h:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"RemoteControl"="h:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 72736]
"LanguageShortcut"="h:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"LGODDFU"="h:\program files\lg_fwupdate\fwupdate.exe" [2008-12-08 548864]
"TrojanScanner"="h:\program files\Trojan Remover\Trjscan.exe" [2008-12-10 1230728]
"Adobe Reader Speed Launcher"="h:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="h:\program files\Java\jre6\bin\jusched.exe" [2009-03-01 136600]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 h:\windows\RTHDCPL.exe]

h:\documents and settings\Peter\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - h:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

h:\documents and settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - h:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
Windows Search.lnk - h:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "h:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= h:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"h:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"h:\\Program Files\\World of Warcraft\\Repair.exe"=
"h:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"h:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"h:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"h:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"h:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"h:\\Program Files\\Curse\\CurseClient.exe"=
"h:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"h:\\Program Files\\World of Warcraft\\WoW-3.0.8.9464-to-3.0.8.9506-enUS-downloader.exe"=
"h:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 mv61xx;mv61xx;h:\windows\system32\drivers\mv61xx.sys [2008-06-24 150568]
R1 pctfw2;pctfw2;h:\windows\system32\drivers\pctfw2.sys [2009-03-01 160792]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};h:\program files\CyberLink\PowerDVD\000.fcl [2008-12-08 15:24:45 41456]
R2 MSSQL$SOPHOS;MSSQL$SOPHOS;h:\program files\Microsoft SQL Server\MSSQL$SOPHOS\Binn\sqlservr.exe -sSOPHOS --> h:\program files\Microsoft SQL Server\MSSQL$SOPHOS\Binn\sqlservr.exe -sSOPHOS [?]
R2 SEMScheduler;Sophos Enterprise Manager Scheduler;h:\program files\Sophos Enterprise Manager\Library\bin\schdsrvc.exe [2008-03-11 532554]
R2 Sophos EMLibUpdate Agent;Sophos EMLibUpdate Agent;h:\program files\Sophos\Enterprise Console\Remote Management System\EMLibUpdateAgentNT.exe [2007-08-13 352256]
R2 Sophos Management Service;Sophos Management Service;h:\program files\Sophos\Enterprise Console\MgntSvc.exe [2008-04-01 3452928]
R3 Alpham1;Ideazon Fang USB Human Interface Device;h:\windows\system32\drivers\Alpham1.sys [2007-07-23 42624]
R3 Alpham2;Ideazon Fang MM USB Human Interface Device;h:\windows\system32\drivers\Alpham2.sys [2007-03-20 18432]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;h:\windows\system32\drivers\l1e51x86.sys [2008-12-06 36864]
S2 Sophos Certification Manager;Sophos Certification Manager;h:\program files\Sophos\Enterprise Console\CertificationManagerServiceNT.exe [2007-08-13 49152]
S3 getPlus(R) Helper;getPlus(R) Helper;h:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-12-30 33752]
S3 sdAuxService;PC Tools Auxiliary Service;h:\program files\Spyware Doctor\pctsAuxs.exe [2009-03-01 356920]
S3 SQLAgent$SOPHOS;SQLAgent$SOPHOS;h:\program files\Microsoft SQL Server\MSSQL$SOPHOS\Binn\sqlagent.EXE -i SOPHOS --> h:\program files\Microsoft SQL Server\MSSQL$SOPHOS\Binn\sqlagent.EXE -i SOPHOS [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bad6fec6-d6de-11dd-b666-00221599a459}]
\Shell\AutoRun\command - h:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\S-1-5-21-3666692665-148099885-633438025-500\rasman32.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-13 h:\windows\Tasks\Google Software Updater.job
- h:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-01 20:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - h:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: h:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 08:30:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sophos Message Router]
"ImagePath"="\"h:\program files\Sophos\Enterprise Console\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\h:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(832)
h:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
.
Completion time: 2009-02-14 8:31:05
ComboFix-quarantined-files.txt 2009-02-13 22:31:03

Pre-Run: 948,882,501,632 bytes free
Post-Run: 949,334,204,416 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
h:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

230 --- E O F --- 2009-02-11 12:35:22


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:35:27 AM, on 2/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\ASUS\Six Engine\SixEngine.exe
H:\Program Files\Ideazon\ZEngine\Zboard.exe
H:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
H:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
H:\Program Files\lg_fwupdate\fwupdate.exe
H:\Program Files\Java\jre6\bin\jusched.exe
H:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
H:\Program Files\Curse\CurseClient.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Electronic Arts\EADM\Core.exe
H:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
H:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
H:\Program Files\Windows Desktop Search\WindowsSearch.exe
H:\Program Files\Common Files\LightScribe\LSSrvc.exe
H:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
H:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Binn\sqlservr.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\Program Files\Sophos Enterprise Manager\Library\bin\schdsrvc.exe
H:\Program Files\Sophos\Enterprise Console\Remote Management System\ManagementAgentNT.exe
H:\Program Files\Sophos\Enterprise Console\Remote Management System\EMLibUpdateAgentNT.exe
H:\Program Files\Sophos\Enterprise Console\MgntSvc.exe
H:\Program Files\Sophos\Enterprise Console\Remote Management System\RouterNT.exe
H:\WINDOWS\system32\SearchIndexer.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
H:\WINDOWS\system32\wscntfy.exe
H:\WINDOWS\system32\notepad.exe
H:\WINDOWS\explorer.exe
H:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - H:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - H:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Six Engine] "H:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zboard] H:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [Launch LCDMon] "H:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "H:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [RemoteControl] "H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "H:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "H:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [TrojanScanner] H:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Power2GoExpress] "H:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [CurseClient] H:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "H:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = H:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Service Manager.lnk = H:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Windows Search.lnk = H:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/ ... 586-jc.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - H:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - H:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - H:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sophos Enterprise Manager Scheduler (SEMScheduler) - Sophos Plc - H:\Program Files\Sophos Enterprise Manager\Library\bin\schdsrvc.exe
O23 - Service: Sophos Agent - Sophos Plc - H:\Program Files\Sophos\Enterprise Console\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos Certification Manager - Sophos Plc - H:\Program Files\Sophos\Enterprise Console\CertificationManagerServiceNT.exe
O23 - Service: Sophos EMLibUpdate Agent - Sophos Plc - H:\Program Files\Sophos\Enterprise Console\Remote Management System\EMLibUpdateAgentNT.exe
O23 - Service: Sophos Management Service - Sophos Plc - H:\Program Files\Sophos\Enterprise Console\MgntSvc.exe
O23 - Service: Sophos Message Router - Sophos Plc - H:\Program Files\Sophos\Enterprise Console\Remote Management System\RouterNT.exe

--
End of file - 9715 bytes

Cheers muchly!
Petrie
Petrie
Active Member
 
Posts: 8
Joined: February 2nd, 2009, 5:03 pm

Re: Please help! HijackThis Log inside...

Unread postby peku006 » February 14th, 2009, 4:55 am

Hi Petrie

1 - Remove bad HijackThis entries
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):


      O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - H:\Program Files\AVG\AVG8\avgssie.dll (file missing)
      O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - H:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
      O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - H:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

2 - Run CFScript

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
h:\windows\system32\hiwhlspp.exe
h:\windows\rgmonsvc.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bad6fec6-d6de-11dd-b666-00221599a459}]


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

4 - Status Check
Please reply with


1. the ComboFix log(C:\ComboFix.txt)
2. a fresh HijackThis log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Please help! HijackThis Log inside...

Unread postby Petrie » February 14th, 2009, 5:16 am

Here's the logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:15:25 PM, on 2/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\ASUS\Six Engine\SixEngine.exe
H:\Program Files\Ideazon\ZEngine\Zboard.exe
H:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
H:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
H:\Program Files\lg_fwupdate\fwupdate.exe
H:\Program Files\Java\jre6\bin\jusched.exe
H:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
H:\Program Files\Curse\CurseClient.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Electronic Arts\EADM\Core.exe
H:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
H:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
H:\Program Files\Windows Desktop Search\WindowsSearch.exe
H:\Program Files\Common Files\LightScribe\LSSrvc.exe
H:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
H:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Binn\sqlservr.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\Program Files\Sophos Enterprise Manager\Library\bin\schdsrvc.exe
H:\Program Files\Sophos\Enterprise Console\Remote Management System\ManagementAgentNT.exe
H:\Program Files\Sophos\Enterprise Console\Remote Management System\EMLibUpdateAgentNT.exe
H:\Program Files\Sophos\Enterprise Console\MgntSvc.exe
H:\Program Files\Sophos\Enterprise Console\Remote Management System\RouterNT.exe
H:\WINDOWS\system32\SearchIndexer.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\Windows Live\Messenger\usnsvc.exe
H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
H:\WINDOWS\system32\notepad.exe
H:\WINDOWS\explorer.exe
H:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\Program Files\Windows Live\Messenger\msnmsgr.exe
H:\WINDOWS\system32\SearchProtocolHost.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Six Engine] "H:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zboard] H:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [Launch LCDMon] "H:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "H:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [RemoteControl] "H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "H:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "H:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [TrojanScanner] H:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Power2GoExpress] "H:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [CurseClient] H:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "H:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = H:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Service Manager.lnk = H:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Windows Search.lnk = H:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/ ... 586-jc.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - H:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - H:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - H:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sophos Enterprise Manager Scheduler (SEMScheduler) - Sophos Plc - H:\Program Files\Sophos Enterprise Manager\Library\bin\schdsrvc.exe
O23 - Service: Sophos Agent - Sophos Plc - H:\Program Files\Sophos\Enterprise Console\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos Certification Manager - Sophos Plc - H:\Program Files\Sophos\Enterprise Console\CertificationManagerServiceNT.exe
O23 - Service: Sophos EMLibUpdate Agent - Sophos Plc - H:\Program Files\Sophos\Enterprise Console\Remote Management System\EMLibUpdateAgentNT.exe
O23 - Service: Sophos Management Service - Sophos Plc - H:\Program Files\Sophos\Enterprise Console\MgntSvc.exe
O23 - Service: Sophos Message Router - Sophos Plc - H:\Program Files\Sophos\Enterprise Console\Remote Management System\RouterNT.exe

--
End of file - 9467 bytes


ComboFix 09-02-12.03 - Peter 2009-02-14 19:11:14.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2611 [GMT 10:00]
Running from: h:\documents and settings\Peter\My Documents\Programs\ComboFix.exe
Command switches used :: h:\documents and settings\Peter\My Documents\Programs\CFScript.txt
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
h:\windows\rgmonsvc.exe
h:\windows\system32\hiwhlspp.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

h:\windows\rgmonsvc.exe
h:\windows\system32\hiwhlspp.exe

.
((((((((((((((((((((((((( Files Created from 2009-01-14 to 2009-02-14 )))))))))))))))))))))))))))))))
.

2009-03-07 00:55 . 2009-03-07 00:55 <DIR> d-------- h:\program files\MSXML 4.0
2009-03-07 00:52 . 2009-02-07 01:15 <DIR> d-------- h:\documents and settings\All Users\Application Data\Avg8
2009-03-05 18:17 . 2009-03-06 06:36 77 --a------ h:\windows\SAVAdmin.INI
2009-03-05 16:32 . 2009-03-05 16:32 <DIR> d-------- h:\program files\Sophos Sweep for NT
2009-03-05 16:32 . 2009-03-05 16:32 <DIR> d-------- h:\program files\Sophos Enterprise Manager
2009-03-05 16:26 . 2009-03-05 16:26 <DIR> d-------- h:\program files\Sophos
2009-03-05 16:26 . 2009-03-05 16:26 <DIR> d-------- h:\program files\Crystal Decisions
2009-03-05 16:26 . 2009-03-05 16:28 <DIR> d-------- h:\documents and settings\All Users\Application Data\Sophos
2009-03-05 16:17 . 1998-10-29 15:45 306,688 --a------ h:\windows\IsUninst.exe
2009-03-05 16:17 . 2002-12-17 16:23 33,340 --------- h:\windows\system32\dbmsqlgc.dll
2009-03-05 16:17 . 2002-10-20 14:05 24,576 --------- h:\windows\system32\dbmsgnet.dll
2009-03-05 16:09 . 2009-03-05 16:09 <DIR> d-------- h:\program files\Microsoft SQL Server
2009-03-05 15:44 . 2009-03-05 15:44 <DIR> d-------- h:\documents and settings\Peter\Application Data\Windows Search
2009-03-05 06:52 . 2009-03-05 06:52 <DIR> d-------- H:\sec31
2009-03-01 20:53 . 2009-03-01 20:53 <DIR> d-------- h:\program files\Alwil Software
2009-03-01 20:43 . 2009-02-14 14:37 <DIR> d-------- h:\documents and settings\All Users\Application Data\Google Updater
2009-03-01 20:12 . 2008-07-28 12:29 160,792 --a------ h:\windows\system32\drivers\pctfw2.sys
2009-03-01 20:11 . 2009-02-14 08:27 <DIR> d-------- h:\program files\Spyware Doctor
2009-03-01 20:11 . 2009-03-01 20:11 <DIR> d-------- h:\documents and settings\Peter\Application Data\PC Tools
2009-03-01 20:11 . 2009-03-01 20:11 <DIR> d-------- h:\documents and settings\All Users\Application Data\PC Tools
2009-03-01 20:11 . 2008-08-25 12:36 81,288 --a------ h:\windows\system32\drivers\iksyssec.sys
2009-03-01 20:11 . 2008-08-25 12:36 66,952 --a------ h:\windows\system32\drivers\iksysflt.sys
2009-03-01 20:11 . 2008-08-25 12:36 40,840 --a------ h:\windows\system32\drivers\ikfilesec.sys
2009-03-01 20:11 . 2008-06-02 16:19 29,576 --a------ h:\windows\system32\drivers\kcom.sys
2009-03-01 19:58 . 2009-02-11 06:37 <DIR> d-------- h:\documents and settings\Peter\Application Data\LimeWire
2009-03-01 19:57 . 2009-03-01 19:57 <DIR> d-------- h:\windows\Sun
2009-03-01 19:57 . 2009-03-01 19:56 410,984 --a------ h:\windows\system32\deploytk.dll
2009-03-01 19:57 . 2009-03-01 19:56 73,728 --a------ h:\windows\system32\javacpl.cpl
2009-03-01 19:56 . 2009-03-01 19:56 <DIR> d-------- h:\program files\Java
2009-03-01 19:08 . 2009-03-01 19:08 <DIR> d-------- h:\program files\Native Instruments
2009-03-01 19:08 . 2009-03-01 19:12 <DIR> d-------- h:\program files\Finale GPO 2.0
2009-03-01 19:08 . 2006-05-19 16:54 393,216 --a------ h:\windows\system32\NI_IRC_1_1.dll
2009-03-01 19:08 . 2005-04-04 18:00 393,216 --a------ h:\windows\system32\NI_IRC_1_0_3.dll
2009-03-01 19:08 . 2006-07-11 16:16 61,440 --a------ h:\windows\system32\NI_DFD_1_4.dll
2009-03-01 19:07 . 2004-03-29 16:23 90,112 --a------ h:\windows\unvise32.exe
2009-03-01 19:05 . 2009-03-01 19:34 <DIR> d-------- h:\program files\Finale 2007
2009-02-28 21:30 . 2009-02-28 21:30 <DIR> d--h----- h:\windows\PIF
2009-02-26 21:46 . 2009-02-26 21:46 268 --ah----- H:\sqmdata01.sqm
2009-02-26 21:46 . 2009-02-26 21:46 244 --ah----- H:\sqmnoopt01.sqm
2009-02-26 19:17 . 2009-02-26 19:17 268 --ah----- H:\sqmdata00.sqm
2009-02-26 19:17 . 2009-02-26 19:17 244 --ah----- H:\sqmnoopt00.sqm
2009-02-26 19:16 . 2009-02-26 19:16 <DIR> d-------- h:\program files\Windows Media Connect 2
2009-02-26 19:15 . 2009-02-26 19:15 <DIR> d-------- h:\windows\system32\LogFiles
2009-02-26 19:15 . 2009-02-26 19:16 <DIR> d-------- h:\windows\system32\drivers\UMDF
2009-02-26 19:15 . 2009-02-26 19:16 <DIR> d-------- H:\c7069b825f3a5a75e4670f7efd97fb37
2009-02-26 19:15 . 2009-02-26 19:15 <DIR> d-------- H:\2eaf676a6a708dc912108ec4845a43
2009-02-13 17:35 . 2009-02-13 17:35 <DIR> d--h----- h:\documents and settings\All Users\Application Data\CanonBJ
2009-02-13 13:19 . 2009-02-13 13:19 <DIR> d-------- h:\documents and settings\All Users\Application Data\Electronic Arts
2009-02-13 08:38 . 2008-10-10 04:52 4,379,984 --a------ h:\windows\system32\D3DX9_40.dll
2009-02-13 08:38 . 2008-10-10 04:52 2,036,576 --a------ h:\windows\system32\D3DCompiler_40.dll
2009-02-13 08:38 . 2008-10-27 10:04 514,384 --a------ h:\windows\system32\XAudio2_3.dll
2009-02-13 08:38 . 2008-10-10 04:52 452,440 --a------ h:\windows\system32\d3dx10_40.dll
2009-02-13 08:38 . 2008-10-27 10:04 235,856 --a------ h:\windows\system32\xactengine3_3.dll
2009-02-13 08:38 . 2008-10-27 10:04 70,992 --a------ h:\windows\system32\XAPOFX1_2.dll
2009-02-13 08:32 . 2009-02-13 08:37 <DIR> d--h----- h:\windows\msdownld.tmp
2009-02-13 08:32 . 2009-02-13 08:32 <DIR> d-------- h:\windows\Logs
2009-02-13 08:18 . 2009-02-13 08:18 <DIR> d-------- H:\ProgramData
2009-02-13 07:41 . 2009-02-13 08:18 <DIR> d-------- h:\program files\Electronic Arts
2009-02-11 22:33 . 2009-02-11 22:33 268 --ah----- H:\sqmdata02.sqm
2009-02-11 22:33 . 2009-02-11 22:33 244 --ah----- H:\sqmnoopt02.sqm
2009-02-11 06:45 . 2009-02-11 06:45 <DIR> d-------- h:\windows\system32\quicktime
2009-02-11 06:45 . 2009-02-11 06:45 <DIR> d-------- h:\program files\AVI Movie Player
2009-02-10 06:43 . 2009-02-10 06:44 <DIR> d-------- H:\rsit
2009-02-09 09:29 . 2009-02-09 09:29 61,440 --a------ h:\windows\system32\drivers\krkv.sys
2009-02-07 08:45 . 2009-02-07 08:45 <DIR> d-------- h:\program files\Malwarebytes' Anti-Malware
2009-02-07 08:45 . 2009-02-07 08:45 <DIR> d-------- h:\documents and settings\Peter\Application Data\Malwarebytes
2009-02-07 08:45 . 2009-02-07 08:45 <DIR> d-------- h:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-07 08:45 . 2009-01-14 16:11 38,496 --a------ h:\windows\system32\drivers\mbamswissarmy.sys
2009-02-07 08:45 . 2009-01-14 16:11 15,504 --a------ h:\windows\system32\drivers\mbam.sys
2009-02-07 01:15 . 2009-02-07 01:15 <DIR> d-------- h:\documents and settings\Peter\Application Data\AVGTOOLBAR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-05 06:32 --------- d-----w h:\program files\Common Files\InstallShield
2009-03-05 06:26 --------- d-----w h:\program files\Common Files\Sophos
2009-03-05 06:26 --------- d-----w h:\program files\Common Files\Crystal Decisions
2009-03-01 12:07 --------- d-----w h:\program files\Google
2009-03-01 10:15 --------- d-----w h:\program files\Common Files\PC Tools
2009-02-14 01:20 --------- d-----w h:\program files\World of Warcraft
2009-02-13 22:27 --------- d---a-w h:\documents and settings\All Users\Application Data\TEMP
2009-02-13 22:22 --------- d-----w h:\program files\lg_fwupdate
2009-02-12 22:18 --------- d--h--w h:\program files\InstallShield Installation Information
2009-02-11 12:34 --------- d-----w h:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-10 20:41 --------- d-----w h:\documents and settings\Peter\Application Data\CyberLink
2009-01-12 05:01 --------- d-----w h:\documents and settings\Peter\Application Data\Windows Desktop Search
2009-01-12 05:00 --------- d-----w h:\program files\Windows Desktop Search
2009-01-12 04:32 --------- d-----w h:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-01-04 09:30 --------- d-----w h:\documents and settings\Peter\Application Data\Ventrilo
2008-12-30 02:06 --------- d-----w h:\program files\Common Files\Adobe AIR
2008-12-30 02:04 --------- d-----w h:\program files\Common Files\Adobe
2008-12-30 02:02 --------- d-----w h:\documents and settings\All Users\Application Data\NOS
2008-12-30 01:58 --------- d-----w h:\program files\NOS
2008-12-29 20:12 683,520 ----a-w h:\windows\system32\nsa49.dll
2008-12-27 04:27 --------- d-----w h:\program files\Magelo
2008-12-20 23:15 826,368 ----a-w h:\windows\system32\wininet.dll
2008-12-16 22:15 --------- d-----w h:\program files\Trend Micro
2008-12-16 22:09 --------- d-----w h:\program files\Trojan Remover
2008-12-16 22:08 --------- d-----w h:\documents and settings\Peter\Application Data\Simply Super Software
2008-12-16 22:08 --------- d-----w h:\documents and settings\All Users\Application Data\Simply Super Software
2008-12-16 15:19 --------- d-----w h:\program files\AVG
2008-12-06 06:14 315,392 ----a-w h:\windows\HideWin.exe
2008-12-05 18:26 130,048 ----a-w h:\windows\avicodecpl.dll
2006-06-24 06:48 32,768 ----a-r h:\windows\inf\UpdateUSB.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="h:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Power2GoExpress"="h:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2007-07-23 2499880]
"CurseClient"="h:\program files\Curse\CurseClient.exe" [2008-10-11 4789760]
"MSMSGS"="h:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="h:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-10 68856]
"ctfmon.exe"="h:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"EA Core"="h:\program files\Electronic Arts\EADM\Core.exe" [2009-02-07 3325952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"="h:\program files\ASUS\Six Engine\SixEngine.exe" [2008-06-03 5964800]
"NvCplDaemon"="h:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"NvMediaCenter"="h:\windows\system32\NvMcTray.dll" [2008-11-12 86016]
"Zboard"="h:\program files\Ideazon\ZEngine\Zboard.exe" [2008-11-12 57344]
"Launch LCDMon"="h:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"Launch LGDCore"="h:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"RemoteControl"="h:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-10-28 72736]
"LanguageShortcut"="h:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760]
"LGODDFU"="h:\program files\lg_fwupdate\fwupdate.exe" [2008-12-08 548864]
"TrojanScanner"="h:\program files\Trojan Remover\Trjscan.exe" [2008-12-10 1230728]
"Adobe Reader Speed Launcher"="h:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="h:\program files\Java\jre6\bin\jusched.exe" [2009-03-01 136600]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 h:\windows\RTHDCPL.exe]

h:\documents and settings\Peter\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - h:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

h:\documents and settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - h:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
Windows Search.lnk - h:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "h:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= h:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"h:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"h:\\Program Files\\World of Warcraft\\Repair.exe"=
"h:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"h:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"h:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"h:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"h:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"h:\\Program Files\\Curse\\CurseClient.exe"=
"h:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"h:\\Program Files\\World of Warcraft\\WoW-3.0.8.9464-to-3.0.8.9506-enUS-downloader.exe"=
"h:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"h:\\Program Files\\World of Warcraft\\Launcher.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 mv61xx;mv61xx;h:\windows\system32\drivers\mv61xx.sys [2008-06-24 150568]
R1 pctfw2;pctfw2;h:\windows\system32\drivers\pctfw2.sys [2009-03-01 160792]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};h:\program files\CyberLink\PowerDVD\000.fcl [2008-12-08 15:24:45 41456]
R2 MSSQL$SOPHOS;MSSQL$SOPHOS;h:\program files\Microsoft SQL Server\MSSQL$SOPHOS\Binn\sqlservr.exe -sSOPHOS --> h:\program files\Microsoft SQL Server\MSSQL$SOPHOS\Binn\sqlservr.exe -sSOPHOS [?]
R2 SEMScheduler;Sophos Enterprise Manager Scheduler;h:\program files\Sophos Enterprise Manager\Library\bin\schdsrvc.exe [2008-03-11 532554]
R2 Sophos EMLibUpdate Agent;Sophos EMLibUpdate Agent;h:\program files\Sophos\Enterprise Console\Remote Management System\EMLibUpdateAgentNT.exe [2007-08-13 352256]
R2 Sophos Management Service;Sophos Management Service;h:\program files\Sophos\Enterprise Console\MgntSvc.exe [2008-04-01 3452928]
R3 Alpham1;Ideazon Fang USB Human Interface Device;h:\windows\system32\drivers\Alpham1.sys [2007-07-23 42624]
R3 Alpham2;Ideazon Fang MM USB Human Interface Device;h:\windows\system32\drivers\Alpham2.sys [2007-03-20 18432]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;h:\windows\system32\drivers\l1e51x86.sys [2008-12-06 36864]
S2 Sophos Certification Manager;Sophos Certification Manager;h:\program files\Sophos\Enterprise Console\CertificationManagerServiceNT.exe [2007-08-13 49152]
S3 getPlus(R) Helper;getPlus(R) Helper;h:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-12-30 33752]
S3 sdAuxService;PC Tools Auxiliary Service;h:\program files\Spyware Doctor\pctsAuxs.exe [2009-03-01 356920]
S3 SQLAgent$SOPHOS;SQLAgent$SOPHOS;h:\program files\Microsoft SQL Server\MSSQL$SOPHOS\Binn\sqlagent.EXE -i SOPHOS --> h:\program files\Microsoft SQL Server\MSSQL$SOPHOS\Binn\sqlagent.EXE -i SOPHOS [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2009-02-14 h:\windows\Tasks\Google Software Updater.job
- h:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-01 20:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - h:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: h:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 19:12:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sophos Message Router]
"ImagePath"="\"h:\program files\Sophos\Enterprise Console\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\h:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(832)
h:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
.
Completion time: 2009-02-14 19:13:04
ComboFix-quarantined-files.txt 2009-02-14 09:13:02
ComboFix2.txt 2009-02-13 22:31:06

Pre-Run: 949,232,627,712 bytes free
Post-Run: 949,251,702,784 bytes free

226 --- E O F --- 2009-02-11 12:35:22
Petrie
Active Member
 
Posts: 8
Joined: February 2nd, 2009, 5:03 pm

Re: Please help! HijackThis Log inside...

Unread postby peku006 » February 14th, 2009, 6:04 am

Hi Petrie
Looking good :)
Let's make sure we got everything

1 - Clean temp files

    Download and Run ATF Cleaner
    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.Double-click ATF Cleaner.exe to open it.

    Under Main choose:
      Windows Temp
      Current User Temp
      All Users Temp
      Temporary Internet Files
      Prefetch
      Java Cache

      *The other boxes are optional*
      Then click the Empty Selected button.
    if you use Firefox:
      Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
    if you use Opera:
      Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program

2 - Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

4 - Status Check
Please reply with

1. the Kaspersky online scanner report
2. a fresh HijackThis log
How's the computer running now? Any problems?

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Please help! HijackThis Log inside...

Unread postby Petrie » February 14th, 2009, 9:10 am

Hi Peku006,

The machine has been running a hell of a lot smoother now, thanks! Here are the logs you asked for:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:50 PM, on 2/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\ASUS\Six Engine\SixEngine.exe
H:\Program Files\Ideazon\ZEngine\Zboard.exe
H:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
H:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
H:\Program Files\lg_fwupdate\fwupdate.exe
H:\Program Files\Java\jre6\bin\jusched.exe
H:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
H:\Program Files\Curse\CurseClient.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Electronic Arts\EADM\Core.exe
H:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
H:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
H:\Program Files\Windows Desktop Search\WindowsSearch.exe
H:\Program Files\Common Files\LightScribe\LSSrvc.exe
H:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
H:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Binn\sqlservr.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\Program Files\Sophos Enterprise Manager\Library\bin\schdsrvc.exe
H:\Program Files\Sophos\Enterprise Console\Remote Management System\ManagementAgentNT.exe
H:\Program Files\Sophos\Enterprise Console\Remote Management System\EMLibUpdateAgentNT.exe
H:\Program Files\Sophos\Enterprise Console\MgntSvc.exe
H:\Program Files\Sophos\Enterprise Console\Remote Management System\RouterNT.exe
H:\WINDOWS\system32\SearchIndexer.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\Windows Live\Messenger\usnsvc.exe
H:\WINDOWS\explorer.exe
H:\Program Files\Windows Live\Messenger\msnmsgr.exe
H:\Program Files\Internet Explorer\IEXPLORE.EXE
H:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
H:\Program Files\Java\jre6\bin\java.exe
H:\WINDOWS\system32\SearchProtocolHost.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - h:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - h:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Six Engine] "H:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zboard] H:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKLM\..\Run: [Launch LCDMon] "H:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "H:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [RemoteControl] "H:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "H:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [LGODDFU] "H:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [TrojanScanner] H:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Power2GoExpress] "H:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [CurseClient] H:\Program Files\Curse\CurseClient.exe -silent
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "H:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = H:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Service Manager.lnk = H:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Windows Search.lnk = H:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/ ... 586-jc.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - H:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - H:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - H:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - H:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sophos Enterprise Manager Scheduler (SEMScheduler) - Sophos Plc - H:\Program Files\Sophos Enterprise Manager\Library\bin\schdsrvc.exe
O23 - Service: Sophos Agent - Sophos Plc - H:\Program Files\Sophos\Enterprise Console\Remote Management System\ManagementAgentNT.exe
O23 - Service: Sophos Certification Manager - Sophos Plc - H:\Program Files\Sophos\Enterprise Console\CertificationManagerServiceNT.exe
O23 - Service: Sophos EMLibUpdate Agent - Sophos Plc - H:\Program Files\Sophos\Enterprise Console\Remote Management System\EMLibUpdateAgentNT.exe
O23 - Service: Sophos Management Service - Sophos Plc - H:\Program Files\Sophos\Enterprise Console\MgntSvc.exe
O23 - Service: Sophos Message Router - Sophos Plc - H:\Program Files\Sophos\Enterprise Console\Remote Management System\RouterNT.exe

--
End of file - 9476 bytes



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, February 14, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, February 14, 2009 11:34:05
Records in database: 1796091
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 48874
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 00:35:54


File name / Threat name / Threats count
H:\Documents and Settings\Peter\My Documents\Incomplete\T-460090-ashlynn brooke chick teaches another girl how to fist her (very hot).mpg Infected: Trojan-Downloader.WMA.GetCodec.e 1

The selected area was scanned.

Cheers,
Petrie
Petrie
Active Member
 
Posts: 8
Joined: February 2nd, 2009, 5:03 pm

Re: Please help! HijackThis Log inside...

Unread postby peku006 » February 14th, 2009, 9:33 am

Hi Petrie
Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete this file (if present):
H:\Documents and Settings\Peter\My Documents\Incomplete\T-460090-ashlynn brooke chick teaches another girl how to fist her (very hot).mpg

After that.............

Congratulations, your log looks clean! :)

Next we remove all used tools.
Delete RSIT from your desktop, also delete this folder C:\rsit.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Disable and Enable System Restore-WINDOWS XP
This is a good time to clear your existing system restore points and establish a new clean restore point:

Turn off System Restore
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
  • Reboot.
Turn ON System Restore
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check *Turn off System Restore*.
  • Click Apply, and then click OK.
This will remove all restore points except the new one you just created.

Here are some free programs I recommend that could help you improve your computer's security.

Spybot Search and Destroy 1.6
Download it from here. Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here

Install SpyWare Blaster 4.0
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install FireTrust SiteHound
You can find information and download it from here

Install MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com

Please check out Tony Klein's article "How did I get infected in the first place?"

Read some information here how to prevent Malware.

Is your pc running slow?
Read What to do if your Computer is running slowly

Happy safe surfing! :thumbup:
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Please help! HijackThis Log inside...

Unread postby peku006 » February 14th, 2009, 9:34 am

Hi Petrie

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete this file (if present):
H:\Documents and Settings\Peter\My Documents\Incomplete\T-460090-ashlynn brooke chick teaches another girl how to fist her (very hot).mpg

After that.............

Congratulations, your log looks clean! :)

Next we remove all used tools.
Delete RSIT from your desktop, also delete this folder C:\rsit.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Disable and Enable System Restore-WINDOWS XP
This is a good time to clear your existing system restore points and establish a new clean restore point:

Turn off System Restore
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
  • Reboot.
Turn ON System Restore
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check *Turn off System Restore*.
  • Click Apply, and then click OK.
This will remove all restore points except the new one you just created.

Here are some free programs I recommend that could help you improve your computer's security.

Spybot Search and Destroy 1.6
Download it from here. Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here

Install SpyWare Blaster 4.0
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install FireTrust SiteHound
You can find information and download it from here

Install MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com

Please check out Tony Klein's article "How did I get infected in the first place?"

Read some information here how to prevent Malware.

Is your pc running slow?
Read What to do if your Computer is running slowly

Happy safe surfing! :thumbup:
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Please help! HijackThis Log inside...

Unread postby Petrie » February 14th, 2009, 6:37 pm

Awesome!

Many many thanks for that!!!! :D
Petrie
Active Member
 
Posts: 8
Joined: February 2nd, 2009, 5:03 pm

Re: Please help! HijackThis Log inside...

Unread postby Gary R » February 16th, 2009, 5:44 pm

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 492 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware