Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Random Popups

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Random Popups

Unread postby Nummol » June 4th, 2010, 7:39 pm

A few days ago I caught AntiVirus Soft, or something similar to that. I used Malware bytes and it cleaned it up, or so I thought. Since then I have been getting the odd popup (it actually opens a new tab in firefox) to various innocent looking websites (like cancer research or environmental websites). After noticing it a few times I tried malware bytes and other free searches online and couldn't find anything on my computer. So here I am, seeking some help.

HiJackThis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:29:28 PM, on 6/4/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
C:\Program Files\AVG\AVG9\avgemc.exe
c:\Program Files\tbh\base\bin\tbhDaemon.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
C:\Program Files\tbh\base\bin\tbhSystray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Acer Display\eDisplay Management\DTHtml.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Documents and Settings\Jared\My Documents\Downloads\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT ACR] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -ACR
O4 - HKLM\..\Run: [tbhSystray] C:\Program Files\tbh\base\bin\tbhSystray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/Juni ... Client.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O20 - Winlogon Notify: Multi - C:\Program Files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: EnterpriseDB ApachePHP (EnterpriseDBApachePHP) - Apache Software Foundation - C:\Program Files\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: The Browser Highlighter Monitor (tbhMonitor.exe) - Unknown owner - C:\Program Files\tbh\monitor\bin\tbhMonitor.exe

--
End of file - 11232 bytes

Uninstall List:

32 Bit HP CIO Components Installer
7-Zip 4.65
Acer eDisplay Management
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Web Premium
Adobe Creative Suite 4 Web Premium
Adobe CS4 American English Speech Analysis Models
Adobe CS4 French Speech Analysis Models
Adobe CS4 German Speech Analysis Models
Adobe CS4 International English Speech Analysis Models
Adobe CS4 Italian Speech Analysis Models
Adobe CS4 Japanese Speech Analysis Models
Adobe CS4 Korean Speech Analysis Models
Adobe CS4 Spanish Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.1
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advertising Center
Altitude 1.0.0
ApachePhp 2.2.11-5.2.9
AVG Free 9.0
BioShock Demo
Browser Highlighter - Firefox
Connect
Dragon Age: Origins
FileZilla Client 3.3.1
GHC 6.10.4
Guild Wars
Guild Wars: Trilogy
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 10.0
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
HP Imaging Device Functions 10.0
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
ICCup Launcher
ISO Recorder
Java DB 10.4.2.1
Java(TM) 6 Update 18
Java(TM) SE Development Kit 6 Update 16
Juniper Installer Service
Juniper Networks Network Connect 6.4.0
Juniper Networks Setup Client Activex Control
kuler
Logitech GamePanel Software 3.02.173
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.9)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Multiplicity
Nero 9 Essentials
Nero ControlCenter
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart OEM
neroxml
NetBeans IDE 6.7.1
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
Openbravo POS
OpenOffice.org 3.2
PDF Settings CS4
Photoshop Camera Raw
phpPgAdmin 4.2.2
Pivot Software
Pixel Bender Toolkit
PostgreSQL 8.4
RapidSVN-0.12.0
Realtek High Definition Audio Driver
SDK
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Shop for HP Supplies
Skype Toolbars
Skype™ 4.2
StarCraft
StarCraft II Beta
Steam
Suite Shared Configuration CS4
Synergy
System Requirements Lab
TortoiseSVN 1.6.7.18415 (32 bit)
Trillian
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB925720)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB980182)
Nummol
Regular Member
 
Posts: 42
Joined: June 25th, 2007, 6:41 pm
Advertisement
Register to Remove

Re: Random Popups

Unread postby MWR 3 day Mod » June 7th, 2010, 9:49 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Random Popups

Unread postby askey127 » June 8th, 2010, 7:36 am

Nummol,
Is this machine used for business?
It looks like you do Web Development.
Do you develop with Java?

Your machine is very vulnerable in its unpatched condition.
----------------------------------------------
Run Temp File Cleaner
Download Temp File Cleaner and save it to your desktop.
Double click to run it. (Right click and Run as Administrator in Vista)
If it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.
---------------------------------------------
Run CKScanner
Download CKScanner from HERE
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a couple minutes or less, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
---------------------------------------------
Get Win XP Service Pack 3:
http://www.microsoft.com/downloads/deta ... laylang=en

Install it and let me know how it goes.
So we are looking for the answers to my initial questions, the CKScanner log, and any anecdotes you have on the Service Pack update.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Random Popups

Unread postby Nummol » June 9th, 2010, 1:43 am

Yes, I develop with Java, I am a software developer, which makes this even more embarrassing. I develop mostly Java-based Desktop applications, but I also dip into a little bit of web development as a hobby. This computer is my personal computer, but I do a lot of work at home and this machine is used for that.


Ran the temp file cleaner, neat utility. It cleared up over 600mb of files.

Requested CKScanner Log:

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11
----- EOF -----

I am surprised to realize I am only on service pack 2, but I shouldn't be as it was my fault I never re-patched it. A few weeks ago I was messing around with my system (not because of any virus, just experimenting) and messed up some drivers which made it impossible to connect through my network card, or play any sound, self inflicted virus if you will. So I just decided to reinstall windows again on top of my existing installation instead of spending hours trying to undo what I had done. An hour later I had a working system, this was maybe 2-3 weeks ago. I had assumed windows update would take care of it for me, when I shut down my computer for the night it had to do 90-something updates, when I woke up it was off and running fine, never thought to look back. I guess that is what contributed to my downfall of getting this popup/hijacker thing on my computer last week.

Anyway, thats the explanation, just want to get it cleared up.

Btw, I didn't have any spare disks to burn the SP3 onto, so I had to download Deamon Tools Lite to create a virtual drive.

Other than that, all went smooth, but were still getting popups and the occasional search result hijack (not every time).
Nummol
Regular Member
 
Posts: 42
Joined: June 25th, 2007, 6:41 pm

Re: Random Popups

Unread postby askey127 » June 9th, 2010, 6:38 am

Nummol,
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :
Java(TM) 6 Update 18
Adobe Reader 9.1
Advertising Center

Take extra care in answering questions posed by any Uninstaller.
------------------------------------------------------------
Older versions of Java have been vulnerable to malware infections in the past. It is important to install the newest version and make sure all older ones have been removed.
Download the latest version of Java Runtime Environment from here : http://java.sun.com/javase/downloads/index.jsp, and install it to your computer.
In the first section on the page, labeled JDK 6 Update 20 (JDK or JRE), click on the button labeled Download JRE.
If you want to update your JDK, you can Uninstall your present one and download that installer also.
Select the Platform Windows and check the box to agree to the license.
Choose the Windows Offline installation version and click on the link.
Download it, choose Save, and save it to your desktop.
Then doubleclick it on your desktop, and it will install the newest version of Java for you to use.
You can then remove the Installer from your desktop.
--------------------------------------------------------
You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 9.3 are vulnerable.
  • Go HERE and click on AdbeRdr930_en_US.exe to download the latest version of Adobe Acrobat Reader.
  • Save this file to your desktop and run it to install the latest version of Adobe Reader.
----------------------------------------------
Disable CD Emulator(s)
We need to use powerful tools to check out your system.
*If* you are are using a CD Emulator (Daemon Tools, Alcohol 120%, Astroburn, AnyDVD) be aware that they use hidden drivers with rootkit-like techniques to hide from other applications. When dealing with a malware infections, CD Emulators can interfere with investigative tools producing misleading or inaccurate scan results, false detection of legitimate files, cause unexpected crashes, BSODs, and general 'dross' which often makes it hard to differentiate between malicious rootkits and the legitimate drivers used by Emulators. Since CD Emulators use a hidden driver which can be seen as a rootkit and can interfere with investigative tools or cause other problems, we need to remove or disable them until disinfection is completed.

Please download DeFogger by jpshortstuff and save it to your desktop.
  • Double click DeFogger.exe to run the tool.
  • The application window will appear.
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue.
  • A 'Finished!' message will appear.
  • Click OK...DeFogger will now ask to reboot the machine...click OK. If not, reboot manually.
  • Do not re-enable these drivers until instructed or your system has been cleaned.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
------------------------------------------------------------
Please download GMER Rootkit Scanner from Here.
    • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
      See image below
      Image
    • Then click the Scan button & wait for it to finish
    • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
    • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

So we are looking for the contents of the Gmer.txt log and any comments you may have.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Random Popups

Unread postby Nummol » June 9th, 2010, 9:25 pm

I did all your instructions:

Two hiccups.

1). Advertisement Center was not in the uninstall list
2). I was unable to run the GMER Scan to completion. Unfortunately it would either crash or blue screen before completing. When it would blue screen it would have a STOP error on SCSIPort.SYS. It wouldn't always crash at the same point, I could typically get further when I in safe mode though. Below is one of the better runs I could get a log of, which I obtained in safe mode scanning everything except IAT/EAT and Files on my system drive:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-09 18:06:57
Windows 5.1.2600 Service Pack 3
Running: 1dd4u93v.exe; Driver: C:\DOCUME~1\ADMINI~1.HOM\LOCALS~1\Temp\afloyfog.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x08 0x80 0x5C 0xC0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x53 0x37 0x83 0x8A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF1 0x74 0x2D 0x3E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD6 0x27 0x68 0x31 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x08 0x80 0x5C 0xC0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x53 0x37 0x83 0x8A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF1 0x74 0x2D 0x3E ...

---- EOF - GMER 1.0.15 ----

Althought his is the best I could get, when I as not in safe mode I would get different results. Several notices about jump instructions and memory being writable which shouldn't be.


I have also noticed that searches are being hijacked more frequently than I thought they were. I don't do enough searching to have noticed the frequency that was probably always there.

Thanks!
Nummol
Regular Member
 
Posts: 42
Joined: June 25th, 2007, 6:41 pm

Re: Random Popups

Unread postby askey127 » June 10th, 2010, 6:57 am

Nummol,
Your machine will be occupied for a couple hours running this one, but under the circumstances, I feel it's justified.
-----------------------------------------------------
Run an Online Kaspersky WebScan
  • Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the Program and Database downloads have finished, (may take a while), Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post the contents of this log in your next reply.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Random Popups

Unread postby Nummol » June 10th, 2010, 7:56 pm

You weren't kidding when you said a couple hours, and it looks like we found something, but I am not convinced that is it, I downloaded those files months ago, but then again, I am not the expert!

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, June 10, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, June 10, 2010 07:44:50
Records in database: 4247200
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 179230
Threats found: 1
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 02:45:03


File name / Threat / Threats count
C:\Documents and Settings\Jared\My Documents\Downloads\Chaoslauncher\APMAlert.bwl Infected: Trojan-Downloader.Win32.Adload.rsc 1
C:\Documents and Settings\Jared\My Documents\Downloads\Chaoslauncher.zip Infected: Trojan-Downloader.Win32.Adload.rsc 1

Selected area has been scanned.
Nummol
Regular Member
 
Posts: 42
Joined: June 25th, 2007, 6:41 pm

Re: Random Popups

Unread postby askey127 » June 11th, 2010, 7:09 am

Nummol,
That file will download and run malicious code from a remote server when it's opened..
Typical of free games, etc. They make their money by actually distributing spyware for someone else.
------------------------------------------------------------
Please download OTM and save to your Desktop.
  • Please double-click OTM.exe to run it.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Do NOT copy the word "Code" :
Code: Select all
:files
C:\Documents and Settings\Jared\My Documents\Downloads\Chaoslauncher.zip
C:\Documents and Settings\Jared\My Documents\Downloads\Chaoslauncher

:Commands
[emptytemp]
  • Return to OTM, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
  • Then click the red MoveIt! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next Reply.
  • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  • Close OTM.
Note: the logs are saved in C:\_OTM\MovedFiles\ if you need to retrieve one.
-----------------------------------------------
Run the RSIT Scanner
Please download the scanner from here and save it to your desktop. The icon will be named RSIT.exe
Doubleclick the RSIT icon.
When the scan is complete, two text files will open
log.txt <- this one will be maximized
info.txt <- this one will be minimized
( Both files will be saved here -> C:\rsit\ )
Copy/Paste the contents of both log.txt and info.txt into your next post please. Use two posts if you prefer.

So we will be looking for the contents of the OTM log, and the two logs from the RSIT scanner.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Random Popups

Unread postby Nummol » June 11th, 2010, 6:26 pm

OTM Log:

All processes killed
========== FILES ==========
C:\Documents and Settings\Jared\My Documents\Downloads\Chaoslauncher.zip moved successfully.
C:\Documents and Settings\Jared\My Documents\Downloads\Chaoslauncher folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.HOME-3964D01043
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jared
->Temp folder emptied: 204550153 bytes
->Temporary Internet Files folder emptied: 647713 bytes
->Java cache emptied: 128094 bytes
->FireFox cache emptied: 83852219 bytes
->Flash cache emptied: 16042 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 103661558 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 11040 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 97931790 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 468.00 mb


OTM by OldTimer - Version 3.1.12.2 log created on 06112010_151807

Files moved on Reboot...

Registry entries deleted on Reboot...


log.txt:

Logfile of random's system information tool 1.07 (written by random/random)
Run by Jared at 2010-06-11 15:23:29
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 75 GB (52%) free of 143 GB
Total RAM: 2046 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:23:35 PM, on 6/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
C:\Program Files\AVG\AVG9\avgemc.exe
c:\Program Files\tbh\base\bin\tbhDaemon.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\notepad.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\lcdmon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
C:\Program Files\tbh\base\bin\tbhSystray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Acer Display\eDisplay Management\DTHtml.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Documents and Settings\Jared\My Documents\Downloads\RSIT.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\trend micro\Jared.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT ACR] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -ACR
O4 - HKLM\..\Run: [tbhSystray] C:\Program Files\tbh\base\bin\tbhSystray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/Juni ... Client.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O20 - Winlogon Notify: Multi - C:\Program Files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: EnterpriseDB ApachePHP (EnterpriseDBApachePHP) - Apache Software Foundation - C:\Program Files\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: The Browser Highlighter Monitor (tbhMonitor.exe) - Unknown owner - C:\Program Files\tbh\monitor\bin\tbhMonitor.exe

--
End of file - 11717 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-06-02 1615200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-06-09 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"=C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [2009-05-04 354312]
"Launch LCDMon"=C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2009-05-04 1572872]
"Launch LGDCore"=C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [2009-05-04 2817544]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-06-02 2065248]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
""= []
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]
"Adobe_ID0ENQBO"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2008-08-15 378224]
"PivotSoftware"=C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe [2007-02-09 694008]
"DT ACR"=C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe [2008-06-06 81920]
"tbhSystray"=C:\Program Files\tbh\base\bin\tbhSystray.exe [2010-06-11 492840]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"nwiz"=nwiz.exe /installquiet []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-11-20 12669544]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-11-20 110184]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-08-24 18702336]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-03-09 26100520]
"Steam"=C:\Program Files\Steam\Steam.exe [2010-05-07 1238352]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\Jared\Start Menu\Programs\Startup
OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-03-13 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Multi]
C:\Program Files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll [2008-04-09 90112]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe"="C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad"
"C:\Program Files\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe"="C:\Program Files\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\Synergy\synergys.exe"="C:\Program Files\Synergy\synergys.exe:*:Enabled:synergys"
"C:\Program Files\Java\jdk1.6.0_16\bin\java.exe"="C:\Program Files\Java\jdk1.6.0_16\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server"
"C:\Program Files\Sony\EverQuestA\EQVoiceService.exe"="C:\Program Files\Sony\EverQuestA\EQVoiceService.exe:*:Enabled:EQVoiceService"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Dragon Age\bin_ship\daorigins.exe"="C:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game"
"C:\Program Files\Dragon Age\DAOriginsLauncher.exe"="C:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher"
"C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe"="C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater"
"C:\Program Files\tbh\base\bin\tbhDaemon.exe"="C:\Program Files\tbh\base\bin\tbhDaemon.exe:*:Enabled:The Browser Highlighter - Daemon"
"C:\Program Files\tbh\monitor\bin\tbhMonitor.exe"="C:\Program Files\tbh\monitor\bin\tbhMonitor.exe:*:Enabled:The Browser Highlighter - Monitor"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\StarCraft\StarCraft.exe"="C:\Program Files\StarCraft\StarCraft.exe:*:Enabled:StarCraft - Brood War"
"C:\Program Files\StarCraft II Beta\StarCraft II.exe"="C:\Program Files\StarCraft II Beta\StarCraft II.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\StarCraft II Beta\Support\BlizzardDownloader.exe"="C:\Program Files\StarCraft II Beta\Support\BlizzardDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Steam\steamapps\common\bioshock demo\Builds\Release\Bioshock.exe"="C:\Program Files\Steam\steamapps\common\bioshock demo\Builds\Release\Bioshock.exe:*:Enabled:BioShock Demo"
"C:\Program Files\Steam\steamapps\common\guild wars\Gw.exe"="C:\Program Files\Steam\steamapps\common\guild wars\Gw.exe:*:Enabled:Guild Wars: Trilogy"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{853d53a7-ae2d-11de-8968-00044b05f1b4}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======File associations======

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2010-06-11 15:23:29 ----D---- C:\rsit
2010-06-11 15:23:29 ----D---- C:\Program Files\trend micro
2010-06-11 15:18:07 ----D---- C:\_OTM
2010-06-09 09:30:51 ----D---- C:\Program Files\Common Files\Java
2010-06-09 09:30:36 ----A---- C:\WINDOWS\system32\javaws.exe
2010-06-09 09:30:36 ----A---- C:\WINDOWS\system32\javaw.exe
2010-06-09 09:30:36 ----A---- C:\WINDOWS\system32\java.exe
2010-06-09 09:30:36 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-06-08 22:27:03 ----D---- C:\WINDOWS\Prefetch
2010-06-08 22:24:04 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2010-06-08 22:23:32 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-06-08 22:21:26 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2010-06-08 22:21:26 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2010-06-08 22:21:26 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2010-06-08 22:21:26 ----N---- C:\WINDOWS\system32\aaclient.dll
2010-06-08 22:21:25 ----N---- C:\WINDOWS\system32\dot3msm.dll
2010-06-08 22:21:25 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2010-06-08 22:21:25 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2010-06-08 22:21:25 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2010-06-08 22:21:25 ----N---- C:\WINDOWS\system32\dot3api.dll
2010-06-08 22:21:25 ----N---- C:\WINDOWS\system32\dimsroam.dll
2010-06-08 22:21:25 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2010-06-08 22:21:25 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2010-06-08 22:21:25 ----N---- C:\WINDOWS\system32\credssp.dll
2010-06-08 22:21:25 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2010-06-08 22:21:25 ----N---- C:\WINDOWS\system32\azroles.dll
2010-06-08 22:21:25 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2010-06-08 22:21:25 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2010-06-08 22:21:25 ----N---- C:\WINDOWS\system32\ati3duag.dll
2010-06-08 22:21:25 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2010-06-08 22:21:24 ----N---- C:\WINDOWS\system32\eapsvc.dll
2010-06-08 22:21:24 ----N---- C:\WINDOWS\system32\eapqec.dll
2010-06-08 22:21:24 ----N---- C:\WINDOWS\system32\eappprxy.dll
2010-06-08 22:21:24 ----N---- C:\WINDOWS\system32\eapphost.dll
2010-06-08 22:21:24 ----N---- C:\WINDOWS\system32\eappgnui.dll
2010-06-08 22:21:24 ----N---- C:\WINDOWS\system32\eappcfg.dll
2010-06-08 22:21:24 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2010-06-08 22:21:24 ----N---- C:\WINDOWS\system32\eapolqec.dll
2010-06-08 22:21:24 ----N---- C:\WINDOWS\system32\dot3ui.dll
2010-06-08 22:21:24 ----N---- C:\WINDOWS\system32\dot3svc.dll
2010-06-08 22:21:23 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2010-06-08 22:21:23 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2010-06-08 22:21:23 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2010-06-08 22:21:22 ----N---- C:\WINDOWS\system32\mmcperf.exe
2010-06-08 22:21:22 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2010-06-08 22:21:22 ----N---- C:\WINDOWS\system32\mmcex.dll
2010-06-08 22:21:22 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2010-06-08 22:21:22 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2010-06-08 22:21:22 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2010-06-08 22:21:22 ----N---- C:\WINDOWS\system32\kmsvc.dll
2010-06-08 22:21:22 ----N---- C:\WINDOWS\system32\kbdpash.dll
2010-06-08 22:21:22 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2010-06-08 22:21:21 ----N---- C:\WINDOWS\system32\s3gnb.dll
2010-06-08 22:21:21 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2010-06-08 22:21:21 ----N---- C:\WINDOWS\system32\rasqec.dll
2010-06-08 22:21:21 ----N---- C:\WINDOWS\system32\qutil.dll
2010-06-08 22:21:21 ----N---- C:\WINDOWS\system32\qcliprov.dll
2010-06-08 22:21:21 ----N---- C:\WINDOWS\system32\qagentrt.dll
2010-06-08 22:21:21 ----N---- C:\WINDOWS\system32\qagent.dll
2010-06-08 22:21:21 ----N---- C:\WINDOWS\system32\onex.dll
2010-06-08 22:21:21 ----N---- C:\WINDOWS\system32\napstat.exe
2010-06-08 22:21:21 ----N---- C:\WINDOWS\system32\napmontr.dll
2010-06-08 22:21:21 ----N---- C:\WINDOWS\system32\napipsec.dll
2010-06-08 22:21:21 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2010-06-08 22:21:21 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2010-06-08 22:21:21 ----N---- C:\WINDOWS\system32\mssha.dll
2010-06-08 22:21:20 ----N---- C:\WINDOWS\system32\verclsid.exe
2010-06-08 22:21:20 ----N---- C:\WINDOWS\system32\tspkg.dll
2010-06-08 22:21:20 ----N---- C:\WINDOWS\system32\tsgqec.dll
2010-06-08 22:21:20 ----N---- C:\WINDOWS\system32\slserv.exe
2010-06-08 22:21:20 ----N---- C:\WINDOWS\system32\slrundll.exe
2010-06-08 22:21:20 ----N---- C:\WINDOWS\system32\slgen.dll
2010-06-08 22:21:20 ----N---- C:\WINDOWS\system32\slextspk.dll
2010-06-08 22:21:20 ----N---- C:\WINDOWS\system32\slcoinst.dll
2010-06-08 22:21:20 ----N---- C:\WINDOWS\system32\setupn.exe
2010-06-08 22:21:19 ----N---- C:\WINDOWS\system32\wlanapi.dll
2010-06-08 22:21:18 ----N---- C:\WINDOWS\system32\xmllite.dll
2010-06-08 22:21:18 ----N---- C:\WINDOWS\slrundll.exe
2010-06-08 22:21:18 ----D---- C:\WINDOWS\system32\scripting
2010-06-08 22:21:17 ----D---- C:\WINDOWS\system32\en
2010-06-08 22:21:17 ----D---- C:\WINDOWS\system32\bits
2010-06-08 22:21:17 ----D---- C:\WINDOWS\l2schemas
2010-06-08 22:17:48 ----D---- C:\WINDOWS\network diagnostic
2010-06-08 22:14:59 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-06-08 22:14:58 ----D---- C:\WINDOWS\EHome
2010-06-08 21:48:47 ----D---- C:\Program Files\DAEMON Tools Lite
2010-06-08 21:48:13 ----D---- C:\Documents and Settings\Jared\Application Data\DAEMON Tools Lite
2010-06-08 21:48:08 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2010-06-05 18:41:45 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-06-02 18:39:45 ----D---- C:\Program Files\Altitude
2010-05-26 01:08:40 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-05-26 01:08:35 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-05-26 01:08:29 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-05-25 00:26:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-05-25 00:26:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-05-25 00:26:19 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-05-25 00:26:15 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-05-25 00:26:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-05-25 00:26:07 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-05-25 00:26:03 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-05-25 00:25:56 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-05-25 00:25:50 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2010-05-25 00:25:47 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2010-05-25 00:25:40 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-05-25 00:25:36 ----HDC---- C:\WINDOWS\$NtUninstallKB981350$
2010-05-25 00:25:30 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-05-25 00:25:26 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-05-25 00:25:21 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-05-25 00:25:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-05-25 00:25:12 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-05-25 00:25:08 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-05-25 00:25:04 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-05-25 00:24:59 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-05-25 00:24:46 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2010-05-25 00:24:43 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-05-25 00:24:39 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-05-25 00:24:34 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-05-25 00:24:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-05-25 00:24:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-05-25 00:24:14 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-05-25 00:24:07 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-05-25 00:24:02 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2010-05-25 00:23:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-05-25 00:23:50 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-05-25 00:23:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-05-25 00:23:37 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-05-25 00:23:33 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-05-25 00:23:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-05-25 00:23:21 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-05-25 00:23:17 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-05-25 00:23:12 ----HDC---- C:\WINDOWS\$NtUninstallKB953155$
2010-05-25 00:23:07 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-05-25 00:22:56 ----HDC---- C:\WINDOWS\$NtUninstallKB980182$
2010-05-25 00:22:48 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-05-25 00:22:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-05-25 00:22:40 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-05-25 00:22:34 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-05-25 00:22:29 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-05-25 00:22:23 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-05-25 00:22:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-05-25 00:22:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-05-25 00:22:05 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-05-25 00:21:59 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-05-25 00:21:55 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-05-25 00:21:50 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-05-25 00:21:45 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2010-05-25 00:21:40 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-05-25 00:21:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-05-25 00:21:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-05-25 00:21:26 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-05-25 00:21:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-05-25 00:21:13 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2010-05-25 00:21:08 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2010-05-25 00:21:03 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-05-25 00:20:57 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-05-25 00:20:50 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-05-24 21:07:38 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-05-24 21:03:57 ----A---- C:\WINDOWS\pnplog.txt
2010-05-24 20:55:19 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-05-24 20:55:19 ----A---- C:\WINDOWS\system32\irclass.dll
2010-05-24 20:38:15 ----D---- C:\$WIN_NT$.~BT
2010-05-24 20:38:15 ----A---- C:\WINDOWS\UPGRADE.TXT
2010-05-24 20:38:13 ----D---- C:\WINDOWS\setup.pss
2010-05-24 19:48:52 ----A---- C:\WINDOWS\system32\nvunrm.exe
2010-05-24 19:48:52 ----A---- C:\WINDOWS\system32\cohelper.dll
2010-05-24 18:45:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-24 18:22:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware(2)
2010-05-24 16:14:03 ----A---- C:\mbam-error.txt
2010-05-24 16:08:30 ----A---- C:\WINDOWS\ntbtlog.txt

======List of files/folders modified in the last 1 months======

2010-06-11 15:23:29 ----RD---- C:\Program Files
2010-06-11 15:22:27 ----D---- C:\WINDOWS\Temp
2010-06-11 15:22:15 ----D---- C:\Documents and Settings\Jared\Application Data\Skype
2010-06-11 15:21:03 ----D---- C:\Program Files\Mozilla Firefox
2010-06-11 15:20:31 ----D---- C:\Program Files\Steam
2010-06-11 15:18:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-11 15:13:06 ----D---- C:\Documents and Settings\Jared\Application Data\skypePM
2010-06-10 23:50:37 ----D---- C:\Program Files\Trillian
2010-06-10 23:50:19 ----D---- C:\Documents and Settings\Jared\Application Data\FileZilla
2010-06-10 20:44:42 ----D---- C:\Program Files\NetBeans 6.7.1
2010-06-09 18:16:37 ----D---- C:\WINDOWS\Minidump
2010-06-09 18:16:29 ----D---- C:\WINDOWS
2010-06-09 09:33:45 ----SHD---- C:\WINDOWS\Installer
2010-06-09 09:33:45 ----HD---- C:\Config.Msi
2010-06-09 09:33:24 ----D---- C:\Program Files\Common Files\Adobe
2010-06-09 09:33:15 ----D---- C:\Program Files\Adobe
2010-06-09 09:33:09 ----D---- C:\WINDOWS\system32
2010-06-09 09:30:51 ----D---- C:\Program Files\Common Files
2010-06-09 09:30:22 ----D---- C:\Program Files\Java
2010-06-08 22:31:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-08 22:28:22 ----A---- C:\WINDOWS\OEWABLog.txt
2010-06-08 22:27:42 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-08 22:27:05 ----A---- C:\WINDOWS\setuplog.txt
2010-06-08 22:26:41 ----D---- C:\WINDOWS\system32\Setup
2010-06-08 22:26:41 ----D---- C:\WINDOWS\AppPatch
2010-06-08 22:26:40 ----D---- C:\WINDOWS\system32\wbem
2010-06-08 22:26:40 ----D---- C:\Program Files\Common Files\System
2010-06-08 22:26:39 ----RSD---- C:\WINDOWS\Fonts
2010-06-08 22:26:34 ----D---- C:\WINDOWS\system32\drivers
2010-06-08 22:25:44 ----D---- C:\WINDOWS\security
2010-06-08 22:24:12 ----D---- C:\WINDOWS\WinSxS
2010-06-08 22:23:49 ----HD---- C:\WINDOWS\inf
2010-06-08 22:23:47 ----D---- C:\WINDOWS\system32\CatRoot
2010-06-08 22:23:46 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-08 22:21:39 ----D---- C:\Program Files\Messenger
2010-06-08 22:21:38 ----D---- C:\Program Files\Windows Media Player
2010-06-08 22:21:37 ----D---- C:\WINDOWS\Help
2010-06-08 22:21:27 ----D---- C:\WINDOWS\ime
2010-06-08 22:21:18 ----D---- C:\WINDOWS\system32\usmt
2010-06-08 22:21:18 ----D---- C:\WINDOWS\system32\en-US
2010-06-08 22:21:18 ----D---- C:\Program Files\Internet Explorer
2010-06-08 22:21:17 ----D---- C:\WINDOWS\PeerNet
2010-06-08 22:21:17 ----D---- C:\Program Files\Movie Maker
2010-06-08 22:19:35 ----D---- C:\WINDOWS\ServicePackFiles
2010-06-08 22:19:30 ----D---- C:\WINDOWS\system32\Restore
2010-06-08 22:19:30 ----D---- C:\WINDOWS\system32\npp
2010-06-08 22:19:29 ----D---- C:\WINDOWS\msagent
2010-06-08 22:19:28 ----D---- C:\WINDOWS\srchasst
2010-06-08 22:19:28 ----D---- C:\Program Files\NetMeeting
2010-06-08 22:19:27 ----D---- C:\WINDOWS\system32\Com
2010-06-08 22:19:24 ----D---- C:\Program Files\Windows NT
2010-06-08 22:19:24 ----D---- C:\Program Files\Outlook Express
2010-06-08 22:19:05 ----D---- C:\WINDOWS\system32\oobe
2010-06-08 22:19:03 ----D---- C:\WINDOWS\system
2010-06-06 10:43:20 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-06-04 16:24:33 ----D---- C:\Documents and Settings\Jared\Application Data\HPAppData
2010-06-02 17:43:04 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-06-02 17:39:24 ----SHD---- C:\RECYCLER
2010-06-02 17:38:26 ----D---- C:\Documents and Settings
2010-05-24 21:30:42 ----D---- C:\WINDOWS\Registration
2010-05-24 21:28:37 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-24 21:13:57 ----D---- C:\WINDOWS\SoftwareDistribution
2010-05-24 21:12:24 ----SHD---- C:\System Volume Information
2010-05-24 21:11:38 ----D---- C:\WINDOWS\system32\config
2010-05-24 21:08:11 ----A---- C:\WINDOWS\ODBCINST.INI
2010-05-24 21:07:39 ----RD---- C:\WINDOWS\Web
2010-05-24 21:07:34 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-05-24 21:07:26 ----A---- C:\WINDOWS\win.ini
2010-05-24 21:05:45 ----SH---- C:\boot.ini
2010-05-24 20:55:22 ----A---- C:\WINDOWS\system.ini
2010-05-24 20:55:12 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2010-05-24 19:43:27 ----D---- C:\NVIDIA
2010-05-24 13:52:14 ----D---- C:\WINDOWS\Media
2010-05-24 13:49:41 ----D---- C:\WINDOWS\twain_32
2010-05-24 13:49:03 ----D---- C:\WINDOWS\system32\icsxml
2010-05-24 13:48:44 ----D---- C:\WINDOWS\system32\ias
2010-05-24 13:48:41 ----D---- C:\WINDOWS\system32\1033
2010-05-24 13:47:52 ----D---- C:\WINDOWS\Driver Cache
2010-05-22 15:41:34 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-03-13 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-06-02 29584]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-06-02 242896]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 Pivot;Pivot; C:\WINDOWS\System32\drivers\pivot.sys [2007-02-09 17465]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 dsNcAdpt;Juniper Network Connect Adapter; C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2009-03-11 23552]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-08-31 5891584]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-11-20 10235968]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2009-07-01 67328]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2009-07-01 15872]
R3 PdiPorts;Portrait Displays low level device driver; C:\WINDOWS\System32\Drivers\PdiPorts.sys [2008-06-04 17064]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-10-30 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-30 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-10-30 21568]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 pivotmou;Pivot Mouse/Pointers Filter Driver; \??\C:\WINDOWS\system32\drivers\pivotmou.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-06-08 691696]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-03-13 916760]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-03-13 308064]
R2 dsNcService;Juniper Network Connect Service; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [2009-03-11 611624]
R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe [2008-06-06 69632]
R2 EnterpriseDBApachePHP;EnterpriseDB ApachePHP; C:\Program Files\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe [2009-07-13 18432]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-06-09 153376]
R2 JuniperAccessService;Juniper Unified Network Service; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2009-03-02 124200]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-11-20 154216]
R2 PdiService;Portrait Displays SDK Service; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2008-06-04 90112]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 tbhMonitor.exe;The Browser Highlighter Monitor; C:\Program Files\tbh\monitor\bin\tbhMonitor.exe [2009-10-22 70952]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 postgresql-8.4;PostgreSQL Server 8.4; C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files/PostgreSQL/8.4/data -w []
S3 Adobe Version Cue CS4;Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-16 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Imapi Helper;Imapi Helper; C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [2006-01-05 163840]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Info.txt:

info.txt logfile of random's system information tool 1.06 2010-06-11 15:23:37

======Uninstall list======

-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
-->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Acer eDisplay Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A586DC50-B18D-48FB-B7CC-A598200457C2}\setup.exe" -l0x9 -removeonly
Acrobat.com-->msiexec /qb /x {C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}
Acrobat.com-->MsiExec.exe /I{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Asset Services CS4-->MsiExec.exe /I{B9F4561A-924D-4510-A85A-BB0960C338CB}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe Contribute CS4-->MsiExec.exe /I{A6EC82A0-1414-475D-8AFD-469089F3080D}
Adobe Creative Suite 4 Web Premium-->C:\Program Files\Common Files\Adobe\Installers\4db064343401efd6449f33f8411c14b\Setup.exe --uninstall=1
Adobe Creative Suite 4 Web Premium-->MsiExec.exe /I{377FD9B9-8377-49B9-A052-17BEFFEEE4A2}
Adobe CS4 American English Speech Analysis Models-->MsiExec.exe /I{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}
Adobe CS4 French Speech Analysis Models-->MsiExec.exe /I{9AACCD0F-2734-4E8C-8C24-2702D4506E93}
Adobe CS4 German Speech Analysis Models-->MsiExec.exe /I{9A7C4EAC-6E38-42E3-85AA-408874A803DE}
Adobe CS4 International English Speech Analysis Models-->MsiExec.exe /I{4F213D2A-B942-4611-AEE5-49F9D42D0A2F}
Adobe CS4 Italian Speech Analysis Models-->MsiExec.exe /I{0B561CF4-0C7D-4745-AF53-161E24E44F87}
Adobe CS4 Japanese Speech Analysis Models-->MsiExec.exe /I{B35FDD04-48FD-4D3D-B0EB-088C5137CD42}
Adobe CS4 Korean Speech Analysis Models-->MsiExec.exe /I{48E9A4FB-17C6-4B14-BC9D-D83AF2A4059A}
Adobe CS4 Spanish Speech Analysis Models-->MsiExec.exe /I{1FD653A8-9CFA-4392-B89C-CCDB114DE442}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Dreamweaver CS4-->MsiExec.exe /I{30C8AA56-4088-426F-91D1-0EDFD3A25678}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe Dynamiclink Support-->MsiExec.exe /I{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Fireworks CS4-->MsiExec.exe /I{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}
Adobe Flash CS4 Extension - Flash Lite STI en-->MsiExec.exe /I{793D1D88-6141-43DE-BE58-59BCE31B4090}
Adobe Flash CS4 STI-en-->MsiExec.exe /I{2168245A-B5AD-40D8-A641-48E3E070B5B6}
Adobe Flash CS4-->MsiExec.exe /I{F6E99614-F042-4459-82B7-8B38B2601356}
Adobe Flash Player 10 ActiveX-->MsiExec.exe /X{3A6829EF-0791-4FDD-9382-C690DD0821B9}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Illustrator CS4-->MsiExec.exe /I{87532CAB-7932-4F84-8937-823337622807}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Encoder CS4 Importer-->MsiExec.exe /I{8186FF34-D389-4B7E-9A2F-C197585BCFBD}
Adobe Media Encoder CS4-->MsiExec.exe /I{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Reader 9.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{7AAC4B2B-C3D2-465C-9F2C-B9DCF0D7FDB8}
Adobe Soundbooth CS4 Codecs-->MsiExec.exe /I{52232EF4-CC12-4C21-ABCF-ADB79618302D}
Adobe Soundbooth CS4-->MsiExec.exe /I{14F70205-1940-4000-88C7-BE799A6B2CAD}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe Version Cue CS4 Server-->MsiExec.exe /I{1B7C06E1-4888-47A6-992A-0990B9683486}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Advertising Center-->MsiExec.exe /X{b2ec4a38-b545-4a00-8214-13fe0e915e6d}
Altitude 1.0.0-->C:\Program Files\Altitude\uninstall.exe
ApachePhp 2.2.11-5.2.9-->C:\Program Files\PostgreSQL\EnterpriseDB-ApachePhp\uninstall-apachephp.exe
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
BioShock Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/7710
Browser Highlighter - Firefox-->MsiExec.exe /X{3B62CF95-5E25-4720-A3D6-B4A2B0501961}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Dragon Age: Origins-->C:\Program Files\Common Files\BioWare\Uninstall Dragon Age.exe
FileZilla Client 3.3.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
GHC 6.10.4-->"C:\ghc\ghc-6.10.4\unins000.exe"
Guild Wars: Trilogy-->"C:\Program Files\Steam\steam.exe" steam://uninstall/29570
Guild Wars-->"c:\program files\steam\steamapps\common\guild wars\Gw.exe" -uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
HP Customer Participation Program 10.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3-->C:\Program Files\HP\Digital Imaging\{D77D43B5-ED55-426b-B67B-E21F804F6102}\setup\hpzscr01.exe -datfile hposcr27.dat -onestop
HP Imaging Device Functions 10.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 10.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
ICCup Launcher-->"C:\Program Files\ICCup\Launcher\unins000.exe"
ISO Recorder-->MsiExec.exe /I{DFC6573E-124D-4026-BFA4-B433C9D3FF21}
Java DB 10.4.2.1-->MsiExec.exe /X{926C96FB-9D0A-4504-8000-C6D3A4A3118E}
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
Java(TM) SE Development Kit 6 Update 16-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160160}
Juniper Installer Service-->MsiExec.exe /X{D76EF4AF-5CFD-4B85-81C8-99B5C4BB5CDB}
Juniper Networks Network Connect 6.4.0-->"C:\Program Files\Juniper Networks\Network Connect 6.4.0\uninstall.exe"
Juniper Networks Setup Client Activex Control-->C:\WINDOWS\Downloaded Program Files\JuniperSetupClientCtrlUninstaller.exe
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Logitech GamePanel Software 3.02.173-->MsiExec.exe /X{EB731227-8AC5-4889-ACE9-7D87864A9F19}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins001.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Mozilla Firefox (3.5.9)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
Multiplicity-->C:\PROGRA~1\Stardock\THINKD~1\MULTIP~1\UNWISE.EXE C:\PROGRA~1\Stardock\THINKD~1\MULTIP~1\INSTALL.LOG
Nero 9 Essentials-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="XM02-508X-MHAT-19WU-9Z3Z-0CH0-3U6E-85W5-MMHH-6647-1Z5L-7M8C-0U45-758P-0000"
Nero ControlCenter-->MsiExec.exe /X{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}
Nero Installer-->MsiExec.exe /X{e8a80433-302b-4ff1-815d-fcc8eac482ff}
Nero Online Upgrade-->MsiExec.exe /X{dba84796-8503-4ff0-af57-1747dd9a166d}
Nero StartSmart OEM-->MsiExec.exe /X{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}
Nero StartSmart-->MsiExec.exe /X{7748ac8c-18e3-43bb-959b-088faea16fb2}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetBeans IDE 6.7.1-->"C:\Program Files\NetBeans 6.7.1\uninstall.exe"
NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
Openbravo POS-->C:\Program Files\openbravopos-2.30\uninstall.exe
OpenOffice.org 3.2-->MsiExec.exe /I{6ADD0603-16EF-400D-9F9E-486432835002}
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
phpPgAdmin 4.2.2-->C:\Program Files\PostgreSQL\EnterpriseDB-ApachePhp\uninstall-phppgadmin.exe
Pivot Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}\setup.exe" -l0x9 -removeonly
Pixel Bender Toolkit-->MsiExec.exe /I{43509E18-076E-40FE-AF38-CA5ED400A5A9}
PostgreSQL 8.4-->C:\Program Files\PostgreSQL\8.4\uninstall-postgresql.exe
RapidSVN-0.12.0-->"C:\Program Files\RapidSVN-0.12.0\unins000.exe"
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
SDK-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}\setup.exe" -l0x9
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
StarCraft II Beta-->C:\Program Files\Common Files\Blizzard Entertainment\StarCraft II Beta\Uninstall.exe
StarCraft-->C:\Program Files\Common Files\Blizzard Entertainment\StarCraft\Uninstall.exe
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Synergy-->"C:\Program Files\Synergy\uninstall.exe"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TortoiseSVN 1.6.7.18415 (32 bit)-->MsiExec.exe /X{5DC6B387-DCD5-4B66-B866-434020FF2ECC}
Trillian-->C:\Program Files\Trillian\Trillian.exe /uninstall
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB980182)-->"C:\WINDOWS\$NtUninstallKB980182$\spuninst\spuninst.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: HOME-3964D01043
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.

Record Number: 21920
Source Name: Service Control Manager
Time Written: 20100528115638.000000-420
Event Type: error
User:

Computer Name: HOME-3964D01043
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.

Record Number: 21893
Source Name: Service Control Manager
Time Written: 20100527153720.000000-420
Event Type: error
User:

Computer Name: HOME-3964D01043
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.

Record Number: 21867
Source Name: Service Control Manager
Time Written: 20100526181858.000000-420
Event Type: error
User:

Computer Name: HOME-3964D01043
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.

Record Number: 21825
Source Name: Service Control Manager
Time Written: 20100525195709.000000-420
Event Type: error
User:

Computer Name: HOME-3964D01043
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.

Record Number: 21801
Source Name: Service Control Manager
Time Written: 20100525124419.000000-420
Event Type: error
User:

=====Application event log=====

Computer Name: HOME-3964D01043
Event Code: 1517
Message: Windows saved user HOME-3964D01043\Jared registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 1074
Source Name: Userenv
Time Written: 20100217095112.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: HOME-3964D01043
Event Code: 1517
Message: Windows saved user HOME-3964D01043\Jared registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 990
Source Name: Userenv
Time Written: 20100213185209.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: HOME-3964D01043
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 989
Source Name: Userenv
Time Written: 20100213185208.000000-480
Event Type: warning
User: HOME-3964D01043\Jared

Computer Name: HOME-3964D01043
Event Code: 11904
Message: Product: SolutionCenter -- Error 1904. Module C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx failed to register. HRESULT -2147220473. Contact your support personnel.

Record Number: 931
Source Name: MsiInstaller
Time Written: 20100210170659.000000-480
Event Type: error
User: HOME-3964D01043\Jared

Computer Name: HOME-3964D01043
Event Code: 1000
Message: Faulting application rapidsvn.exe, version 0.12.0.0, faulting module ntdll.dll, version 5.1.2600.3520, fault address 0x000101b3.

Record Number: 824
Source Name: Application Error
Time Written: 20100125221028.000000-480
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\Java\jdk1.6.0_16\bin\;C:\Program Files\TortoiseSVN\bin
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f06
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%

-----------------EOF-----------------
Nummol
Regular Member
 
Posts: 42
Joined: June 25th, 2007, 6:41 pm

Re: Random Popups

Unread postby askey127 » June 12th, 2010, 6:40 am

Nummol,
At this point, I don't see any malware on your system.
If it's running OK, you should be good to go.
You now have a reasonably secure setup.
You should keep malwarebytes Anti-malware, update it and scan with it every week or so.
Let me know if there is anything else we need to look for.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Random Popups

Unread postby Nummol » June 12th, 2010, 9:47 pm

I am still experiencing search hijacks. When I search on google, it will sometimes (not always) redirect the result to one domain, which then immediately forwards me to another domain.
Nummol
Regular Member
 
Posts: 42
Joined: June 25th, 2007, 6:41 pm

Re: Random Popups

Unread postby askey127 » June 13th, 2010, 7:44 am

Nummol,
We can check for a rootkit that may be hiding something.
I am not going to attempt any diagnostics or repair involving the Juniper networks setup or your domain access.

----------------------------------------------
IF YOU RE-ENABLED the CD emulators, run this Disable CD Emulators sequence again. Otherwise skip.

Disable CD Emulator(s)
  • Double click DeFogger.exe to run the tool.
  • The application window will appear.
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue.
  • A 'Finished!' message will appear.
  • Click OK...DeFogger will now ask to reboot the machine...click OK. If not, reboot manually.
  • Do not re-enable these drivers until instructed or your system has been cleaned.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
------------------------------------------------
Download and Run Rkill
Please download Rkill from one of the following links and save to your Desktop:
One, Two,Three or Four
  • Double click on Rkill.
  • A command window will open then disappear upon completion, this is normal.
  • Please leave Rkill on the Desktop until otherwise advised.
Note: If your security software warns about Rkill, please ignore and allow the download to continue.
If you cannot get Rkill to run without being stopped, don't proceed further, and post back to tell me about it.
---------------------------------------------
SysProt Antirootkit
Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).
http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.
  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box set up the following items.
    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected
  • At the bottom of the page
    • Hidden Objects Only << Selected
  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Random Popups

Unread postby Nummol » June 13th, 2010, 2:07 pm

Thank you for continuing to help me. I really hope we can find whats going on. Heres the log for that scan.


SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_diskdump.sys
Service Name: ---
Module Base: B44D0000
Module End: B44D4000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_nvgts.sys
Service Name: ---
Module Base: A622D000
Module End: A6258000
Hidden: Yes

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\_restore{2F4495F6-AFCC-4CE9-8759-32C7C1694F82}
Status: Access denied

Object: C:\System Volume Information\_restore{2F4495F6-AFCC-4CE9-8759-32C7C1694F82}(2)
Status: Access denied
Nummol
Regular Member
 
Posts: 42
Joined: June 25th, 2007, 6:41 pm

Re: Random Popups

Unread postby Nummol » June 13th, 2010, 2:34 pm

I thought I would attempt to run GMER again just to see if I got any new results. It still blue screened and didn't finish, but I did get these results: I am not sure it helps any though:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-13 11:20:30
Windows 5.1.2600 Service Pack 3
Running: 1dd4u93v.exe; Driver: C:\DOCUME~1\Jared\LOCALS~1\Temp\afloyfog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6D21380, 0x5414D5, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1436] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 007F000A
.text C:\WINDOWS\System32\svchost.exe[1436] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 0080000A
.text C:\WINDOWS\System32\svchost.exe[1436] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 5 Bytes JMP 007E000C
.text C:\WINDOWS\System32\svchost.exe[1436] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00DB000A
.text C:\WINDOWS\system32\wuauclt.exe[2628] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 0084000A
.text C:\WINDOWS\system32\wuauclt.exe[2628] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 0085000A
.text C:\WINDOWS\system32\wuauclt.exe[2628] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 5 Bytes JMP 003E000C
.text C:\WINDOWS\system32\wuauclt.exe[4924] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 00AC000A
.text C:\WINDOWS\system32\wuauclt.exe[4924] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 00AD000A
.text C:\WINDOWS\system32\wuauclt.exe[4924] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 5 Bytes JMP 003E000C
.text C:\WINDOWS\explorer.exe[5180] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 00A2000A
.text C:\WINDOWS\explorer.exe[5180] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 00B0000A
.text C:\WINDOWS\explorer.exe[5180] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 5 Bytes JMP 00A1000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device -> \Driver\nvgts \Device\Harddisk0\DR0 88F69EC5

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\nvgts.sys suspicious modification

---- EOF - GMER 1.0.15 ----
Nummol
Regular Member
 
Posts: 42
Joined: June 25th, 2007, 6:41 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 287 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware