Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan Horse virus help needed please

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Trojan Horse virus help needed please

Unread postby DJGarry » June 9th, 2009, 2:04 pm

Hi there.

Managed to get rid of most of a trojan horse virus that stopped virtually all .exe files from running. It was called WinBlueSoft I believe ..... and/or maybe Generic Trojan 13.AXZL.
The machine was prevoiusly protected by VirginMedia's PC Guard. It came in via a pirate movie file downloaded, and when run with Windows MediaPlayer, it opened a browser page and stated a codec was needed to run the file ..... This obviously invoked the trojan.

PC Guard would not un-install either to allow me to install AVG, but managed to disable it.

Because I couldn't run .exe, I couldn't send you a HighJackThis log before , but managed to get MalwareBytes to run eventuallyand kill most of it, then AVG took care of some more, but we still can't get some .exe file to run .... Had to rename HighJackThis to iexplore.exe to get it to work.

Anyway, could you please help me to get .exe's to run, PC Guard to un-install and sometimes, when I click on a web link, especiallly in google, it takes you to a non-related page.


Many thanks, Garry. ............. log below.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:42:49, on 09/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Xerox One Touch\OneTouchMon.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Documents and Settings\MUM\Desktop\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.medway-magic.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [PP8 Reminder] "C:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "C:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [OneTouch Monitor] "C:\Program Files\Xerox One Touch\OneTouchMon.exe"
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\PC Healthcheck\SpySweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\blueyonder-istconfig.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.blueyonder.co.uk/dial
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: blocker.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\fws.exe
O23 - Service: WUSB54GSv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: (no name) - http://www.ofsted.gov.uk/images/welcome.gif

--
End of file - 11141 bytes
DJGarry
Regular Member
 
Posts: 55
Joined: May 30th, 2008, 11:05 am
Location: UK
Advertisement
Register to Remove

Re: Trojan Horse virus help needed please

Unread postby peku006 » June 12th, 2009, 12:49 pm

Hello and welcome to Malware Removal.

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:

  • I f you don't know or understand something please don't hesitate to ask
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • It is important that you reply to this thread. Do not start a new topic.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Absence of symptoms does not mean that everything is clear.

1 - download and run RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

2 - Status Check
Please reply with

1.the logs from RSIT (log.txt ,info.txt)

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Trojan Horse virus help needed please

Unread postby DJGarry » June 12th, 2009, 3:03 pm

Logfile of random's system information tool 1.06 (written by random/random)
Run by MUM at 2009-06-12 19:48:44
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 3 GB (5%) free of 76 GB
Total RAM: 1022 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:48:49, on 12/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\MUM\Desktop\RSIT.exe
C:\Documents and Settings\MUM\Desktop\MUM.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.medway-magic.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [PP8 Reminder] "C:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "C:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [OneTouch Monitor] "C:\Program Files\Xerox One Touch\OneTouchMon.exe"
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\PC Healthcheck\SpySweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.blueyonder.co.uk/dial
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\fws.exe
O23 - Service: WUSB54GSv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: (no name) - http://www.ofsted.gov.uk/images/welcome.gif

--
End of file - 10770 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{243B17DE-77C7-46BF-B94B-0B5F309A0E64}]
C:\Program Files\Microsoft Money\System\mnyside.dll [2002-07-17 163906]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C060EA2-E6A9-4E49-A530-D4657B8C449A}]
PopKill Class - C:\Program Files\Virgin Broadband\PCguard\pkR.dll [2007-01-24 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-06-08 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2004-05-12 744960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56071E0D-C61B-11D3-B41C-00E02927A304}]
ZKBho Class - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll [2007-01-24 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
SITEguard

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PP8 Reminder"=C:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe -r C:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini []
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]
"IndexSearch"=C:\Program Files\Scansoft\PaperPort\IndexSearch.exe [2005-03-17 40960]
"OneTouch Monitor"=C:\Program Files\Xerox One Touch\OneTouchMon.exe [2003-06-12 86016]
"SetDefPrt"=C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe [2005-01-26 49152]
"ControlCenter2.0"=C:\Program Files\Brother\ControlCenter2\brctrcen.exe [2005-05-17 933888]
"Motive SmartBridge"=C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe [2005-09-22 438359]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-08 1947928]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"=c:\Program Files\Microsoft Works\WkDetect.exe [2000-07-13 28739]
"SpySweeper"=C:\Program Files\PC Healthcheck\SpySweeper\SpySweeper.exe /0 []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\MUM\Start Menu\Programs\Startup
WordWeb.lnk - C:\Program Files\WordWeb\wweb32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-06-08 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-04-06 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Disabled:backWeb-7288971"
"C:\Program Files\WinMX\WinMX.exe"="C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Disabled:RTC App Sharing"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\THQ\Dawn of War - Soulstorm\Soulstorm.exe"="C:\Program Files\THQ\Dawn of War - Soulstorm\Soulstorm.exe:*:Enabled:Soulstorm"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe"="C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\THQ\Dawn of War - Dark Crusade\ttru_DarkCrusade.exe"="C:\Program Files\THQ\Dawn of War - Dark Crusade\ttru_DarkCrusade.exe:*:Enabled:ttru_DarkCrusade"
"C:\Program Files\Steam\SteamApps\common\dawn of war 2\DOW2.exe"="C:\Program Files\Steam\SteamApps\common\dawn of war 2\DOW2.exe:*:Enabled:DOW2"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Spotify\spotify.exe"="C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-0-1-31-100020772-100020679-100008838-1553.com c:\
shell\Open\command - RECYCLER\S-0-1-31-100020772-100020679-100008838-1553.com c:\

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9307b540-4536-11de-8d85-00402b770968}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-7-5-37-100010957-100002010-100032393-5115.com f:\
shell\Open\command - F:\RECYCLER\S-7-5-37-100010957-100002010-100032393-5115.com f:\

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93c24bb8-2f28-11de-8d66-00402b770968}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b67ab4c0-54ad-11d8-823a-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-0-1-31-100020772-100020679-100008838-1553.com c:\
shell\Open\command - RECYCLER\S-0-1-31-100020772-100020679-100008838-1553.com c:\


======List of files/folders created in the last 1 months======

2009-12-22 23:33:04 ----A---- C:\WINDOWS\1559195rz147.exe
2009-12-22 21:08:54 ----A---- C:\WINDOWS\system32\129zwo5ma4.exe
2009-12-21 22:52:16 ----A---- C:\WINDOWS\system32\9797spyzb5.dll
2009-12-21 05:11:02 ----A---- C:\WINDOWS\53330spa9bot1zc.dll
2009-12-19 12:34:57 ----A---- C:\WINDOWS\system32\160109otz5-virus28e.exe
2009-12-15 15:58:17 ----A---- C:\WINDOWS\system32\75f5zddware289.exe
2009-12-15 05:09:00 ----A---- C:\WINDOWS\system32\126419ro51a0z.exe
2009-12-12 12:16:28 ----A---- C:\WINDOWS\910085irusz58.dll
2009-12-11 02:44:45 ----A---- C:\WINDOWS\system32\2a25te9l2758z.dll
2009-12-08 02:36:05 ----A---- C:\WINDOWS\9739spam5oz79d.exe
2009-11-26 23:53:47 ----A---- C:\WINDOWS\9dsp9zs53199.exe
2009-11-24 23:23:32 ----A---- C:\WINDOWS\system32\7851hzc9too54f3.exe
2009-11-21 16:42:00 ----A---- C:\WINDOWS\system32\f74s5arse3z99.dll
2009-11-21 08:33:58 ----A---- C:\WINDOWS\3b83vir956z5.dll
2009-11-18 17:10:22 ----A---- C:\WINDOWS\system32\5097spy5arez095.dll
2009-11-17 16:32:53 ----A---- C:\WINDOWS\9998trz57e2.dll
2009-11-15 08:50:16 ----A---- C:\WINDOWS\system32\4ed1spy59re2042z.dll
2009-11-13 22:03:22 ----A---- C:\WINDOWS\72c9t5r9at25z95.exe
2009-11-06 12:20:44 ----A---- C:\WINDOWS\system32\987zo5-a9virus637.exe
2009-11-06 03:36:45 ----A---- C:\WINDOWS\27169zirus65a.dll
2009-11-05 19:15:30 ----A---- C:\WINDOWS\5378spywarez966.dll
2009-11-03 20:25:57 ----A---- C:\WINDOWS\system32\5794spambo552z.exe
2009-11-02 19:20:45 ----A---- C:\WINDOWS\system32\14511spz9bot578.exe
2009-10-29 00:07:41 ----A---- C:\WINDOWS\system32\63915zrm4b5.dll
2009-10-25 18:54:34 ----A---- C:\WINDOWS\system32\993fbackdozr1825.exe
2009-10-24 06:07:29 ----A---- C:\WINDOWS\system32\283749zcktool455.exe
2009-10-20 05:28:21 ----A---- C:\WINDOWS\system32\8z24wo5m965.exe
2009-10-12 03:13:12 ----A---- C:\WINDOWS\system32\79dste5l2656z.dll
2009-10-08 06:23:21 ----A---- C:\WINDOWS\1z238not5a-virus439.exe
2009-10-04 05:15:29 ----A---- C:\WINDOWS\system32\2azdvi9511.exe
2009-09-27 04:39:22 ----A---- C:\WINDOWS\z6949v5rus1c3.dll
2009-09-23 19:56:59 ----A---- C:\WINDOWS\system32\2ze99hief14575.exe
2009-09-22 20:57:50 ----A---- C:\WINDOWS\5az95ir1944.exe
2009-09-18 20:58:14 ----A---- C:\WINDOWS\system32\39a9sparz59495.exe
2009-09-15 19:43:16 ----A---- C:\WINDOWS\system32\234zdownloader5659.dll
2009-09-15 10:28:38 ----A---- C:\WINDOWS\system32\16853spaz59t200.dll
2009-09-14 02:53:04 ----A---- C:\WINDOWS\20010haczt5ol839.exe
2009-09-08 21:43:25 ----A---- C:\WINDOWS\system32\62b1downlo9zer5590.exe
2009-09-08 10:43:27 ----A---- C:\WINDOWS\system32\4989s5yz0a.exe
2009-09-05 11:40:30 ----A---- C:\WINDOWS\system32\113z5spambo5199.exe
2009-09-04 02:31:32 ----A---- C:\WINDOWS\system32\9z8backd5or505.dll
2009-09-03 06:22:28 ----A---- C:\WINDOWS\17350not-a-vir9s23z.dll
2009-08-25 06:08:13 ----A---- C:\WINDOWS\system32\82bst5a9140z.dll
2009-08-23 22:08:23 ----A---- C:\WINDOWS\system32\7ade5i99z9.dll
2009-08-17 11:37:42 ----A---- C:\WINDOWS\system32\23998n5t-z-virus337.dll
2009-08-13 10:41:01 ----A---- C:\WINDOWS\system32\4b59th5ef29z2.dll
2009-08-05 02:59:21 ----A---- C:\WINDOWS\system32\67ad9zar5e2195.exe
2009-08-04 19:53:55 ----A---- C:\WINDOWS\3b9cviz5659.dll
2009-08-02 21:09:29 ----A---- C:\WINDOWS\system32\22555z9oj452.exe
2009-07-21 15:48:48 ----A---- C:\WINDOWS\system32\554429ot-a-viruz76c.dll
2009-07-21 09:05:48 ----A---- C:\WINDOWS\system32\46395h9ef150z.dll
2009-07-21 03:44:10 ----A---- C:\WINDOWS\system32\16574hac9tzol451.dll
2009-07-21 03:30:13 ----A---- C:\WINDOWS\system32\6907not9a5virzsb0.exe
2009-07-20 02:17:11 ----A---- C:\WINDOWS\91615vi5uz2e6.exe
2009-07-19 02:53:29 ----A---- C:\WINDOWS\39dthz9f2515.exe
2009-07-18 13:51:42 ----A---- C:\WINDOWS\22995hacktooz370.exe
2009-07-17 17:57:09 ----A---- C:\WINDOWS\5d9dstzal2189.dll
2009-07-13 10:49:20 ----A---- C:\WINDOWS\system32\229azddwa9e550.exe
2009-07-11 20:31:46 ----A---- C:\WINDOWS\system32\9995trzj47d.exe
2009-07-11 03:00:01 ----A---- C:\WINDOWS\9925zpambot3265.exe
2009-07-06 00:24:37 ----A---- C:\WINDOWS\system32\649cadd5aze2272.exe
2009-07-04 21:33:28 ----A---- C:\WINDOWS\system32\46e45zdware1279.dll
2009-07-03 11:20:59 ----A---- C:\WINDOWS\389zvir2525.dll
2009-06-27 18:42:44 ----A---- C:\WINDOWS\189dt5iefz039.exe
2009-06-21 05:52:55 ----A---- C:\WINDOWS\71389teal8z5.exe
2009-06-18 02:13:47 ----A---- C:\WINDOWS\1z520virus4209.dll
2009-06-17 09:23:03 ----A---- C:\WINDOWS\system32\26756tz9519f.exe
2009-06-15 21:20:56 ----A---- C:\WINDOWS\system32\287z35acktool32f9.dll
2009-06-15 05:20:41 ----A---- C:\WINDOWS\999cadd5are2099z.exe
2009-06-12 19:48:44 ----D---- C:\rsit
2009-06-12 03:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-12 03:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-12 03:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-12 03:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-11 17:22:02 ----A---- C:\WINDOWS\system32\34z4spar9e1575.dll
2009-06-10 18:20:50 ----D---- C:\Program Files\QuickTime
2009-06-09 10:41:06 ----D---- C:\Avenger
2009-06-09 10:41:05 ----A---- C:\avenger.txt
2009-06-09 09:54:45 ----D---- C:\Documents and Settings\MUM\Application Data\Malwarebytes
2009-06-09 07:16:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-09 07:16:43 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-06-08 21:13:48 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-06-08 21:13:22 ----D---- C:\Program Files\AVG
2009-06-08 21:13:22 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-06-08 20:46:28 ----SHD---- C:\$RECYCLE.BIN
2009-06-08 20:45:39 ----HD---- C:\$AVG8.VAULT$
2009-06-08 06:00:06 ----A---- C:\WINDOWS\2099zownloader151.exe
2009-06-07 00:33:52 ----A---- C:\WINDOWS\system32\2fz4bac5door3297.exe
2009-06-05 16:35:31 ----A---- C:\WINDOWS\regedit.com
2009-06-05 10:02:34 ----A---- C:\WINDOWS\system32\125c5ow9loader458z.exe
2009-06-05 09:59:34 ----A---- C:\WINDOWS\9589hizf2513.dll
2009-06-04 19:22:37 ----D---- C:\Program Files\Windows Live Safety Center
2009-06-03 23:46:18 ----D---- C:\WINDOWS\Application Data
2009-06-03 00:41:49 ----A---- C:\WINDOWS\system32\f14s9ywar5z023.exe
2009-06-03 00:41:49 ----A---- C:\WINDOWS\system32\55cbsp5rze9625.dll
2009-06-03 00:41:49 ----A---- C:\WINDOWS\system32\214vi9z6525.dll
2009-06-03 00:41:49 ----A---- C:\WINDOWS\system32\17c7vi53z59.dll
2009-06-03 00:41:49 ----A---- C:\WINDOWS\2z975ha9ktoo5471.dll
2009-06-03 00:41:49 ----A---- C:\WINDOWS\2eb9sza5se3007.exe
2009-06-03 00:41:49 ----A---- C:\WINDOWS\26754t9oj415z.exe
2009-06-03 00:41:49 ----A---- C:\WINDOWS\24z6th5ef1997.dll
2009-06-03 00:41:49 ----A---- C:\WINDOWS\23e89aczdoor1795.dll
2009-06-03 00:41:48 ----A---- C:\WINDOWS\system32\53898spy17ez.exe
2009-06-03 00:41:48 ----A---- C:\WINDOWS\system32\2468s9azs579.dll
2009-06-03 00:41:48 ----A---- C:\WINDOWS\system32\10327vi9zs751.dll
2009-06-03 00:41:48 ----A---- C:\WINDOWS\701hacktzol5579.dll
2009-06-03 00:41:48 ----A---- C:\WINDOWS\4z5thief5729.dll
2009-06-03 00:41:47 ----A---- C:\WINDOWS\system32\89ftzi5f107.exe
2009-06-03 00:41:47 ----A---- C:\WINDOWS\system32\50e2thr9atz4905.exe
2009-06-03 00:41:47 ----A---- C:\WINDOWS\system32\15691zr5j229.exe
2009-06-03 00:41:47 ----A---- C:\WINDOWS\410b5ackdoo99z6.dll
2009-06-03 00:41:47 ----A---- C:\WINDOWS\27093spambz553d.dll
2009-06-03 00:41:47 ----A---- C:\WINDOWS\25022zp52759.exe
2009-06-03 00:41:47 ----A---- C:\WINDOWS\1z493spambo52e2.exe
2009-06-03 00:41:46 ----A---- C:\WINDOWS\system32\9c3dba5kdoor1658z.dll
2009-06-03 00:41:46 ----A---- C:\WINDOWS\system32\5521zhre9t7503.exe
2009-06-03 00:41:46 ----A---- C:\WINDOWS\system32\2cefzownlo5der3139.exe
2009-06-03 00:41:46 ----A---- C:\WINDOWS\f72downl5aze92319.exe
2009-06-03 00:41:46 ----A---- C:\WINDOWS\4529spambo5317z.dll
2009-06-03 00:41:46 ----A---- C:\WINDOWS\22c0backdooz54169.dll
2009-06-03 00:41:46 ----A---- C:\WINDOWS\18705sza9bot155.dll
2009-06-03 00:41:45 ----A---- C:\WINDOWS\65f4v9r21z4.exe
2009-06-03 00:41:44 ----A---- C:\WINDOWS\system32\57c6s9ywarez748.dll
2009-06-03 00:41:44 ----A---- C:\WINDOWS\system32\3994worz159.dll
2009-06-03 00:41:43 ----A---- C:\WINDOWS\z73059irus385.dll
2009-06-03 00:41:43 ----A---- C:\WINDOWS\system32\5z4thie51979.exe
2009-06-03 00:41:42 ----A---- C:\WINDOWS\516spywar9z140.exe
2009-06-03 00:41:42 ----A---- C:\WINDOWS\23595troj4f9z.exe
2009-06-03 00:41:40 ----A---- C:\WINDOWS\system32\4ec1thrzat92695.exe
2009-06-03 00:41:40 ----A---- C:\WINDOWS\system32\1z15ir31039.exe
2009-06-03 00:41:40 ----A---- C:\WINDOWS\ef7a95ware126z.exe
2009-06-03 00:41:39 ----A---- C:\WINDOWS\system32\956back9zor2952.dll
2009-06-03 00:41:39 ----A---- C:\WINDOWS\system32\752ethr9az22454.exe
2009-06-03 00:41:39 ----A---- C:\WINDOWS\system32\31579v5ru94cz.dll
2009-06-03 00:41:39 ----A---- C:\WINDOWS\system32\13z95irus95b.exe
2009-06-03 00:41:39 ----A---- C:\WINDOWS\72faddw9rz5848.exe
2009-06-03 00:41:38 ----A---- C:\WINDOWS\58573zpy49c.exe
2009-06-03 00:41:37 ----A---- C:\WINDOWS\system32\548spazse1962.dll
2009-06-03 00:41:37 ----A---- C:\WINDOWS\77a9s9eal241z5.exe
2009-06-03 00:41:37 ----A---- C:\WINDOWS\52777tr9j1ez.exe
2009-06-03 00:41:36 ----A---- C:\WINDOWS\system32\9385zvirus525.dll
2009-06-03 00:41:35 ----A---- C:\WINDOWS\system32\c45dowzlo5der1964.exe
2009-06-03 00:41:35 ----A---- C:\WINDOWS\system32\5954v9z9565.dll
2009-05-28 22:48:39 ----D---- C:\WINDOWS\Minidump
2009-05-27 18:05:14 ----A---- C:\WINDOWS\system32\z454t9reat7483.exe
2009-05-25 14:09:39 ----A---- C:\WINDOWS\284zvi59556.exe
2009-05-22 16:51:59 ----A---- C:\WINDOWS\system32\1459thzeat31508.exe
2009-05-21 05:07:27 ----A---- C:\WINDOWS\system32\6909down5ozder1492.dll
2009-05-21 02:39:42 ----A---- C:\WINDOWS\system32\14e3zownload9r28785.exe
2009-05-18 21:28:51 ----D---- C:\Documents and Settings\All Users\Application Data\NCH Software
2009-05-18 20:45:17 ----D---- C:\Program Files\NCH Software
2009-05-18 07:06:40 ----A---- C:\WINDOWS\system32\9cczthief55.dll
2009-05-17 22:27:47 ----A---- C:\WINDOWS\56b6zownloader590.exe
2009-05-16 16:05:27 ----A---- C:\WINDOWS\56b9vir1z61.dll

======List of files/folders modified in the last 1 months======

2009-06-12 19:07:10 ----D---- C:\WINDOWS\Prefetch
2009-06-12 11:42:12 ----D---- C:\WINDOWS\system32
2009-06-12 11:42:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-12 10:19:10 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-12 07:13:47 ----D---- C:\WINDOWS\temp
2009-06-12 07:13:44 ----A---- C:\WINDOWS\win.ini
2009-06-12 07:13:36 ----D---- C:\WINDOWS
2009-06-12 03:08:18 ----D---- C:\Program Files\Internet Explorer
2009-06-12 03:07:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-12 03:01:53 ----HD---- C:\WINDOWS\inf
2009-06-12 03:01:52 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-12 03:01:44 ----A---- C:\WINDOWS\imsins.BAK
2009-06-12 03:01:38 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-12 03:01:11 ----D---- C:\WINDOWS\system32\en-US
2009-06-11 17:44:22 ----A---- C:\WINDOWS\NeroDigital.ini
2009-06-11 06:56:45 ----HD---- C:\Config.Msi
2009-06-10 22:05:43 ----SHD---- C:\WINDOWS\Installer
2009-06-10 18:20:50 ----RD---- C:\Program Files
2009-06-10 10:48:26 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-06-09 18:11:33 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-09 17:14:05 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-06-09 16:34:54 ----D---- C:\WINDOWS\network diagnostic
2009-06-09 10:58:41 ----D---- C:\Program Files\Norton Security Scan
2009-06-09 10:57:20 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-09 10:55:38 ----D---- C:\Program Files\iTunes
2009-06-09 10:55:13 ----D---- C:\Program Files\Google
2009-06-09 10:55:13 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-06-09 10:54:57 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-06-09 10:54:57 ----D---- C:\Program Files\NOS
2009-06-09 10:54:57 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-06-09 10:41:06 ----D---- C:\WINDOWS\system32\drivers
2009-06-08 21:47:57 ----SHD---- C:\RECYCLER
2009-06-08 21:29:00 ----D---- C:\Program Files\Common Files
2009-06-08 21:20:07 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-06-08 21:06:02 ----D---- C:\Program Files\Virgin Broadband
2009-06-08 21:05:04 ----D---- C:\Program Files\VideoLAN
2009-06-08 20:55:17 ----D---- C:\Program Files\Common Files\PestPatrol
2009-06-07 19:04:20 ----D---- C:\WINDOWS\security
2009-06-04 14:16:45 ----SD---- C:\WINDOWS\Tasks
2009-06-04 14:04:49 ----D---- C:\Documents and Settings\MUM\Application Data\HPAppData
2009-06-01 17:51:12 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-27 11:49:19 ----D---- C:\Documents and Settings\MUM\Application Data\U3
2009-05-27 09:59:49 ----A---- C:\WINDOWS\msoffice.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-06-08 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-08 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-08 108552]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2005-09-07 44288]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2005-09-07 24960]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-06-25 17801]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2002-01-01 8552]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 CSS DVP;CSS DVP; C:\WINDOWS\system32\DRIVERS\css-dvp.sys [2007-04-27 840352]
R2 FreeTdi;Radialpoint Filter (RPS-12798); C:\WINDOWS\System32\Drivers\FreeTdi.sys [2006-01-11 54840]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2001-10-22 9855]
R2 STEC3;STEC3; \??\C:\WINDOWS\System32\STEC3.sys []
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-06-19 752764]
R3 Freedom;Freedom Miniport; C:\WINDOWS\system32\DRIVERS\FREEDOM.SYS [2003-09-24 33408]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2002-02-13 1171584]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2002-02-13 166419]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-04-15 90907]
R3 rtl8139;Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2003-07-11 25434]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2002-02-13 594032]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2004-10-15 15295]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\WINDOWS\System32\Drivers\BrSerIf.sys [2004-09-29 51712]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [2004-01-10 11648]
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 cpuz129;cpuz129; \??\C:\DOCUME~1\MUM\LOCALS~1\Temp\cpuz_x32.sys []
S3 gbalink;GBA Link Driver (gbalink.sys); C:\WINDOWS\System32\Drivers\gbalink.sys [2001-03-08 19677]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-10-30 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-30 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-10-30 21568]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 USB_RNDIS;Linksys Wireless-G USB Network Adapter with SpeedBooster Driver v2; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-08 298776]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 dvpapi;DvpApi; C:\Program Files\Common Files\Command Software\dvpapi.exe [2007-04-27 177688]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 RP_FWS;PCguard Firewall; C:\Program Files\Virgin Broadband\PCguard\fws.exe [2007-01-24 316920]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S2 WUSB54GSv2SVC;WUSB54GSv2SVC; C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [2005-07-04 53307]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\System32\tcpsvcs.exe [2002-08-29 19456]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------
















info.txt logfile of random's system information tool 1.06 2009-06-12 19:49:27

======Uninstall list======

-->C:\PROGRA~1\BLUEYO~1\Uninstall.exe blueyonder
-->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
-->MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA}
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BigFix-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
BitLord 1.1-->C:\Program Files\BitLord\uninst.exe
blueyonder Instant Support Tool-->C:\WINDOWS\Motive\blueyonder\MCCUninst.exe
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Brother MFL-Pro Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll
Conexant SoftK56 Modem(M)-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_8D8B155D\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F00&SUBSYS_200214F1
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dawn of War - Dark Crusade-->C:\Program Files\InstallShield Installation Information\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}\setup.exe -runfromtemp -l0x0009 -removeonly
HijackThis 2.0.2-->"C:\Documents and Settings\MUM\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Customer Participation Program 10.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3-->C:\Program Files\HP\Digital Imaging\{D77D43B5-ED55-426b-B67B-E21F804F6102}\setup\hpzscr01.exe -datfile hposcr27.dat -onestop
HP Imaging Device Functions 10.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 10.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
iPod for Windows 2006-01-10-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 8-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Linksys Wireless-G USB Network Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}\setup.exe" -l0x9
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money System Pack-->MsiExec.exe /I{02CA7E66-1AD1-4DE9-BA9E-86A0EEB019C7}
Microsoft Money-->MsiExec.exe /I{01A2E33A-8ADA-42D1-9173-8F65149E952F}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Standard-->MsiExec.exe /I{00020409-78E1-11D2-B60F-006097C998E7}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSa22.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 6.0-->MsiExec.exe /I{F8D0829C-9C6F-11D3-8080-00C04FA329AA}
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Multimedia Keyboard Driver Ver1.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF262740-C85A-11D5-BBEC-00D0B740900A}\Setup.exe" -l0x9
Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Napster-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9 -removeonly
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
PaperPort-->MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
PhotoPad Image Editor-->C:\Program Files\NCH Software\PhotoPad\uninst.exe
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Python 2.4.1-->MsiExec.exe /I{4D4F5346-7E4A-40B5-9387-FDB6181357FC}
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Rhapsody Player Engine-->MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Spybot - Search & Destroy 1.3-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TTRU Mod DC-->C:\Program Files\THQ\Dawn of War - Dark Crusade\Uninstall TTRU.exe
Ulead Photo Express 3.0 SE-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\Uninst.isu" -c"C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\IS32Inst.dll"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Viewpoint Media Player (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe -u
Virtual Villagers-->"C:\Program Files\Virgin Media Games\Virtual Villagers\Uninstall.exe" "C:\Program Files\Virgin Media Games\Virtual Villagers\install.log"
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WordWeb-->C:\Program Files\WordWeb\uninst.exe
WWTBAM 2nd Edition-->MsiExec.exe /I{23F20D6B-F211-486F-93DA-DA68AF7FE55F}
Xerox One Touch-->C:\PROGRA~1\XEROXO~1\UNWISE.EXE C:\PROGRA~1\XEROXO~1\INSTALL.LOG
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
Zac Browser English-->C:\WINDOWS\Zac Browser English Uninstaller.exe

=====HijackThis Backups=====

O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\blueyonder-istconfig.exe [2009-06-10]
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2009-06-10]
O20 - AppInit_DLLs: blocker.dll [2009-06-10]
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe [2009-06-10]

======Security center information======

AV: AVG Anti-Virus Free
AV: PCguard Anti-Virus (disabled) (outdated)
FW: PCguard Firewall

======System event log======

Computer Name: GAYNA
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.

Record Number: 7329
Source Name: Service Control Manager
Time Written: 20090521095452.000000+060
Event Type: error
User:

Computer Name: GAYNA
Event Code: 1002
Message: The IP address lease 192.168.1.100 for the Network Card with network address 00402B770968 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 7327
Source Name: Dhcp
Time Written: 20090521095314.000000+060
Event Type: error
User:

Computer Name: GAYNA
Event Code: 50
Message: {Delayed Write Failed}
Windows was unable to save all the data for the file . The data has been lost.
This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.

Record Number: 7319
Source Name: Fastfat
Time Written: 20090520131403.000000+060
Event Type: warning
User:

Computer Name: GAYNA
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 7318
Source Name: Disk
Time Written: 20090520131342.000000+060
Event Type: warning
User:

Computer Name: GAYNA
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 7317
Source Name: Disk
Time Written: 20090520131341.000000+060
Event Type: warning
User:

=====Application event log=====

Computer Name: GAYNA
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 178
Source Name: crypt32
Time Written: 20090607161025.000000+060
Event Type: error
User:

Computer Name: GAYNA
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 177
Source Name: crypt32
Time Written: 20090607161025.000000+060
Event Type: error
User:

Computer Name: GAYNA
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server returned an invalid or unrecognized response


Record Number: 176
Source Name: crypt32
Time Written: 20090607161024.000000+060
Event Type: error
User:

Computer Name: GAYNA
Event Code: 11719
Message: Product: PCguard -- Error 1719.The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Record Number: 133
Source Name: MsiInstaller
Time Written: 20090604191226.000000+060
Event Type: error
User: GAYNA\MUM

Computer Name: GAYNA
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 50
Source Name: Userenv
Time Written: 20090604000045.000000+060
Event Type: warning
User: GAYNA\MUM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------
DJGarry
Regular Member
 
Posts: 55
Joined: May 30th, 2008, 11:05 am
Location: UK

Re: Trojan Horse virus help needed please

Unread postby DJGarry » June 12th, 2009, 3:04 pm

Logfile of random's system information tool 1.06 (written by random/random)
Run by MUM at 2009-06-12 19:48:44
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 3 GB (5%) free of 76 GB
Total RAM: 1022 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:48:49, on 12/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virgin Broadband\PCguard\fws.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\MUM\Desktop\RSIT.exe
C:\Documents and Settings\MUM\Desktop\MUM.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.medway-magic.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [PP8 Reminder] "C:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "C:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [OneTouch Monitor] "C:\Program Files\Xerox One Touch\OneTouchMon.exe"
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\PC Healthcheck\SpySweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.blueyonder.co.uk/dial
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\fws.exe
O23 - Service: WUSB54GSv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: (no name) - http://www.ofsted.gov.uk/images/welcome.gif

--
End of file - 10770 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{243B17DE-77C7-46BF-B94B-0B5F309A0E64}]
C:\Program Files\Microsoft Money\System\mnyside.dll [2002-07-17 163906]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C060EA2-E6A9-4E49-A530-D4657B8C449A}]
PopKill Class - C:\Program Files\Virgin Broadband\PCguard\pkR.dll [2007-01-24 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-06-08 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2004-05-12 744960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56071E0D-C61B-11D3-B41C-00E02927A304}]
ZKBho Class - C:\Program Files\Virgin Broadband\PCguard\FBHR.dll [2007-01-24 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
SITEguard

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PP8 Reminder"=C:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe -r C:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini []
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]
"IndexSearch"=C:\Program Files\Scansoft\PaperPort\IndexSearch.exe [2005-03-17 40960]
"OneTouch Monitor"=C:\Program Files\Xerox One Touch\OneTouchMon.exe [2003-06-12 86016]
"SetDefPrt"=C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe [2005-01-26 49152]
"ControlCenter2.0"=C:\Program Files\Brother\ControlCenter2\brctrcen.exe [2005-05-17 933888]
"Motive SmartBridge"=C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe [2005-09-22 438359]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-08 1947928]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"=c:\Program Files\Microsoft Works\WkDetect.exe [2000-07-13 28739]
"SpySweeper"=C:\Program Files\PC Healthcheck\SpySweeper\SpySweeper.exe /0 []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\MUM\Start Menu\Programs\Startup
WordWeb.lnk - C:\Program Files\WordWeb\wweb32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-06-08 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-04-06 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Disabled:backWeb-7288971"
"C:\Program Files\WinMX\WinMX.exe"="C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Disabled:RTC App Sharing"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\THQ\Dawn of War - Soulstorm\Soulstorm.exe"="C:\Program Files\THQ\Dawn of War - Soulstorm\Soulstorm.exe:*:Enabled:Soulstorm"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe"="C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\THQ\Dawn of War - Dark Crusade\ttru_DarkCrusade.exe"="C:\Program Files\THQ\Dawn of War - Dark Crusade\ttru_DarkCrusade.exe:*:Enabled:ttru_DarkCrusade"
"C:\Program Files\Steam\SteamApps\common\dawn of war 2\DOW2.exe"="C:\Program Files\Steam\SteamApps\common\dawn of war 2\DOW2.exe:*:Enabled:DOW2"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Spotify\spotify.exe"="C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-0-1-31-100020772-100020679-100008838-1553.com c:\
shell\Open\command - RECYCLER\S-0-1-31-100020772-100020679-100008838-1553.com c:\

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9307b540-4536-11de-8d85-00402b770968}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-7-5-37-100010957-100002010-100032393-5115.com f:\
shell\Open\command - F:\RECYCLER\S-7-5-37-100010957-100002010-100032393-5115.com f:\

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{93c24bb8-2f28-11de-8d66-00402b770968}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b67ab4c0-54ad-11d8-823a-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-0-1-31-100020772-100020679-100008838-1553.com c:\
shell\Open\command - RECYCLER\S-0-1-31-100020772-100020679-100008838-1553.com c:\


======List of files/folders created in the last 1 months======

2009-12-22 23:33:04 ----A---- C:\WINDOWS\1559195rz147.exe
2009-12-22 21:08:54 ----A---- C:\WINDOWS\system32\129zwo5ma4.exe
2009-12-21 22:52:16 ----A---- C:\WINDOWS\system32\9797spyzb5.dll
2009-12-21 05:11:02 ----A---- C:\WINDOWS\53330spa9bot1zc.dll
2009-12-19 12:34:57 ----A---- C:\WINDOWS\system32\160109otz5-virus28e.exe
2009-12-15 15:58:17 ----A---- C:\WINDOWS\system32\75f5zddware289.exe
2009-12-15 05:09:00 ----A---- C:\WINDOWS\system32\126419ro51a0z.exe
2009-12-12 12:16:28 ----A---- C:\WINDOWS\910085irusz58.dll
2009-12-11 02:44:45 ----A---- C:\WINDOWS\system32\2a25te9l2758z.dll
2009-12-08 02:36:05 ----A---- C:\WINDOWS\9739spam5oz79d.exe
2009-11-26 23:53:47 ----A---- C:\WINDOWS\9dsp9zs53199.exe
2009-11-24 23:23:32 ----A---- C:\WINDOWS\system32\7851hzc9too54f3.exe
2009-11-21 16:42:00 ----A---- C:\WINDOWS\system32\f74s5arse3z99.dll
2009-11-21 08:33:58 ----A---- C:\WINDOWS\3b83vir956z5.dll
2009-11-18 17:10:22 ----A---- C:\WINDOWS\system32\5097spy5arez095.dll
2009-11-17 16:32:53 ----A---- C:\WINDOWS\9998trz57e2.dll
2009-11-15 08:50:16 ----A---- C:\WINDOWS\system32\4ed1spy59re2042z.dll
2009-11-13 22:03:22 ----A---- C:\WINDOWS\72c9t5r9at25z95.exe
2009-11-06 12:20:44 ----A---- C:\WINDOWS\system32\987zo5-a9virus637.exe
2009-11-06 03:36:45 ----A---- C:\WINDOWS\27169zirus65a.dll
2009-11-05 19:15:30 ----A---- C:\WINDOWS\5378spywarez966.dll
2009-11-03 20:25:57 ----A---- C:\WINDOWS\system32\5794spambo552z.exe
2009-11-02 19:20:45 ----A---- C:\WINDOWS\system32\14511spz9bot578.exe
2009-10-29 00:07:41 ----A---- C:\WINDOWS\system32\63915zrm4b5.dll
2009-10-25 18:54:34 ----A---- C:\WINDOWS\system32\993fbackdozr1825.exe
2009-10-24 06:07:29 ----A---- C:\WINDOWS\system32\283749zcktool455.exe
2009-10-20 05:28:21 ----A---- C:\WINDOWS\system32\8z24wo5m965.exe
2009-10-12 03:13:12 ----A---- C:\WINDOWS\system32\79dste5l2656z.dll
2009-10-08 06:23:21 ----A---- C:\WINDOWS\1z238not5a-virus439.exe
2009-10-04 05:15:29 ----A---- C:\WINDOWS\system32\2azdvi9511.exe
2009-09-27 04:39:22 ----A---- C:\WINDOWS\z6949v5rus1c3.dll
2009-09-23 19:56:59 ----A---- C:\WINDOWS\system32\2ze99hief14575.exe
2009-09-22 20:57:50 ----A---- C:\WINDOWS\5az95ir1944.exe
2009-09-18 20:58:14 ----A---- C:\WINDOWS\system32\39a9sparz59495.exe
2009-09-15 19:43:16 ----A---- C:\WINDOWS\system32\234zdownloader5659.dll
2009-09-15 10:28:38 ----A---- C:\WINDOWS\system32\16853spaz59t200.dll
2009-09-14 02:53:04 ----A---- C:\WINDOWS\20010haczt5ol839.exe
2009-09-08 21:43:25 ----A---- C:\WINDOWS\system32\62b1downlo9zer5590.exe
2009-09-08 10:43:27 ----A---- C:\WINDOWS\system32\4989s5yz0a.exe
2009-09-05 11:40:30 ----A---- C:\WINDOWS\system32\113z5spambo5199.exe
2009-09-04 02:31:32 ----A---- C:\WINDOWS\system32\9z8backd5or505.dll
2009-09-03 06:22:28 ----A---- C:\WINDOWS\17350not-a-vir9s23z.dll
2009-08-25 06:08:13 ----A---- C:\WINDOWS\system32\82bst5a9140z.dll
2009-08-23 22:08:23 ----A---- C:\WINDOWS\system32\7ade5i99z9.dll
2009-08-17 11:37:42 ----A---- C:\WINDOWS\system32\23998n5t-z-virus337.dll
2009-08-13 10:41:01 ----A---- C:\WINDOWS\system32\4b59th5ef29z2.dll
2009-08-05 02:59:21 ----A---- C:\WINDOWS\system32\67ad9zar5e2195.exe
2009-08-04 19:53:55 ----A---- C:\WINDOWS\3b9cviz5659.dll
2009-08-02 21:09:29 ----A---- C:\WINDOWS\system32\22555z9oj452.exe
2009-07-21 15:48:48 ----A---- C:\WINDOWS\system32\554429ot-a-viruz76c.dll
2009-07-21 09:05:48 ----A---- C:\WINDOWS\system32\46395h9ef150z.dll
2009-07-21 03:44:10 ----A---- C:\WINDOWS\system32\16574hac9tzol451.dll
2009-07-21 03:30:13 ----A---- C:\WINDOWS\system32\6907not9a5virzsb0.exe
2009-07-20 02:17:11 ----A---- C:\WINDOWS\91615vi5uz2e6.exe
2009-07-19 02:53:29 ----A---- C:\WINDOWS\39dthz9f2515.exe
2009-07-18 13:51:42 ----A---- C:\WINDOWS\22995hacktooz370.exe
2009-07-17 17:57:09 ----A---- C:\WINDOWS\5d9dstzal2189.dll
2009-07-13 10:49:20 ----A---- C:\WINDOWS\system32\229azddwa9e550.exe
2009-07-11 20:31:46 ----A---- C:\WINDOWS\system32\9995trzj47d.exe
2009-07-11 03:00:01 ----A---- C:\WINDOWS\9925zpambot3265.exe
2009-07-06 00:24:37 ----A---- C:\WINDOWS\system32\649cadd5aze2272.exe
2009-07-04 21:33:28 ----A---- C:\WINDOWS\system32\46e45zdware1279.dll
2009-07-03 11:20:59 ----A---- C:\WINDOWS\389zvir2525.dll
2009-06-27 18:42:44 ----A---- C:\WINDOWS\189dt5iefz039.exe
2009-06-21 05:52:55 ----A---- C:\WINDOWS\71389teal8z5.exe
2009-06-18 02:13:47 ----A---- C:\WINDOWS\1z520virus4209.dll
2009-06-17 09:23:03 ----A---- C:\WINDOWS\system32\26756tz9519f.exe
2009-06-15 21:20:56 ----A---- C:\WINDOWS\system32\287z35acktool32f9.dll
2009-06-15 05:20:41 ----A---- C:\WINDOWS\999cadd5are2099z.exe
2009-06-12 19:48:44 ----D---- C:\rsit
2009-06-12 03:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-12 03:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-12 03:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-12 03:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-11 17:22:02 ----A---- C:\WINDOWS\system32\34z4spar9e1575.dll
2009-06-10 18:20:50 ----D---- C:\Program Files\QuickTime
2009-06-09 10:41:06 ----D---- C:\Avenger
2009-06-09 10:41:05 ----A---- C:\avenger.txt
2009-06-09 09:54:45 ----D---- C:\Documents and Settings\MUM\Application Data\Malwarebytes
2009-06-09 07:16:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-09 07:16:43 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-06-08 21:13:48 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-06-08 21:13:22 ----D---- C:\Program Files\AVG
2009-06-08 21:13:22 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-06-08 20:46:28 ----SHD---- C:\$RECYCLE.BIN
2009-06-08 20:45:39 ----HD---- C:\$AVG8.VAULT$
2009-06-08 06:00:06 ----A---- C:\WINDOWS\2099zownloader151.exe
2009-06-07 00:33:52 ----A---- C:\WINDOWS\system32\2fz4bac5door3297.exe
2009-06-05 16:35:31 ----A---- C:\WINDOWS\regedit.com
2009-06-05 10:02:34 ----A---- C:\WINDOWS\system32\125c5ow9loader458z.exe
2009-06-05 09:59:34 ----A---- C:\WINDOWS\9589hizf2513.dll
2009-06-04 19:22:37 ----D---- C:\Program Files\Windows Live Safety Center
2009-06-03 23:46:18 ----D---- C:\WINDOWS\Application Data
2009-06-03 00:41:49 ----A---- C:\WINDOWS\system32\f14s9ywar5z023.exe
2009-06-03 00:41:49 ----A---- C:\WINDOWS\system32\55cbsp5rze9625.dll
2009-06-03 00:41:49 ----A---- C:\WINDOWS\system32\214vi9z6525.dll
2009-06-03 00:41:49 ----A---- C:\WINDOWS\system32\17c7vi53z59.dll
2009-06-03 00:41:49 ----A---- C:\WINDOWS\2z975ha9ktoo5471.dll
2009-06-03 00:41:49 ----A---- C:\WINDOWS\2eb9sza5se3007.exe
2009-06-03 00:41:49 ----A---- C:\WINDOWS\26754t9oj415z.exe
2009-06-03 00:41:49 ----A---- C:\WINDOWS\24z6th5ef1997.dll
2009-06-03 00:41:49 ----A---- C:\WINDOWS\23e89aczdoor1795.dll
2009-06-03 00:41:48 ----A---- C:\WINDOWS\system32\53898spy17ez.exe
2009-06-03 00:41:48 ----A---- C:\WINDOWS\system32\2468s9azs579.dll
2009-06-03 00:41:48 ----A---- C:\WINDOWS\system32\10327vi9zs751.dll
2009-06-03 00:41:48 ----A---- C:\WINDOWS\701hacktzol5579.dll
2009-06-03 00:41:48 ----A---- C:\WINDOWS\4z5thief5729.dll
2009-06-03 00:41:47 ----A---- C:\WINDOWS\system32\89ftzi5f107.exe
2009-06-03 00:41:47 ----A---- C:\WINDOWS\system32\50e2thr9atz4905.exe
2009-06-03 00:41:47 ----A---- C:\WINDOWS\system32\15691zr5j229.exe
2009-06-03 00:41:47 ----A---- C:\WINDOWS\410b5ackdoo99z6.dll
2009-06-03 00:41:47 ----A---- C:\WINDOWS\27093spambz553d.dll
2009-06-03 00:41:47 ----A---- C:\WINDOWS\25022zp52759.exe
2009-06-03 00:41:47 ----A---- C:\WINDOWS\1z493spambo52e2.exe
2009-06-03 00:41:46 ----A---- C:\WINDOWS\system32\9c3dba5kdoor1658z.dll
2009-06-03 00:41:46 ----A---- C:\WINDOWS\system32\5521zhre9t7503.exe
2009-06-03 00:41:46 ----A---- C:\WINDOWS\system32\2cefzownlo5der3139.exe
2009-06-03 00:41:46 ----A---- C:\WINDOWS\f72downl5aze92319.exe
2009-06-03 00:41:46 ----A---- C:\WINDOWS\4529spambo5317z.dll
2009-06-03 00:41:46 ----A---- C:\WINDOWS\22c0backdooz54169.dll
2009-06-03 00:41:46 ----A---- C:\WINDOWS\18705sza9bot155.dll
2009-06-03 00:41:45 ----A---- C:\WINDOWS\65f4v9r21z4.exe
2009-06-03 00:41:44 ----A---- C:\WINDOWS\system32\57c6s9ywarez748.dll
2009-06-03 00:41:44 ----A---- C:\WINDOWS\system32\3994worz159.dll
2009-06-03 00:41:43 ----A---- C:\WINDOWS\z73059irus385.dll
2009-06-03 00:41:43 ----A---- C:\WINDOWS\system32\5z4thie51979.exe
2009-06-03 00:41:42 ----A---- C:\WINDOWS\516spywar9z140.exe
2009-06-03 00:41:42 ----A---- C:\WINDOWS\23595troj4f9z.exe
2009-06-03 00:41:40 ----A---- C:\WINDOWS\system32\4ec1thrzat92695.exe
2009-06-03 00:41:40 ----A---- C:\WINDOWS\system32\1z15ir31039.exe
2009-06-03 00:41:40 ----A---- C:\WINDOWS\ef7a95ware126z.exe
2009-06-03 00:41:39 ----A---- C:\WINDOWS\system32\956back9zor2952.dll
2009-06-03 00:41:39 ----A---- C:\WINDOWS\system32\752ethr9az22454.exe
2009-06-03 00:41:39 ----A---- C:\WINDOWS\system32\31579v5ru94cz.dll
2009-06-03 00:41:39 ----A---- C:\WINDOWS\system32\13z95irus95b.exe
2009-06-03 00:41:39 ----A---- C:\WINDOWS\72faddw9rz5848.exe
2009-06-03 00:41:38 ----A---- C:\WINDOWS\58573zpy49c.exe
2009-06-03 00:41:37 ----A---- C:\WINDOWS\system32\548spazse1962.dll
2009-06-03 00:41:37 ----A---- C:\WINDOWS\77a9s9eal241z5.exe
2009-06-03 00:41:37 ----A---- C:\WINDOWS\52777tr9j1ez.exe
2009-06-03 00:41:36 ----A---- C:\WINDOWS\system32\9385zvirus525.dll
2009-06-03 00:41:35 ----A---- C:\WINDOWS\system32\c45dowzlo5der1964.exe
2009-06-03 00:41:35 ----A---- C:\WINDOWS\system32\5954v9z9565.dll
2009-05-28 22:48:39 ----D---- C:\WINDOWS\Minidump
2009-05-27 18:05:14 ----A---- C:\WINDOWS\system32\z454t9reat7483.exe
2009-05-25 14:09:39 ----A---- C:\WINDOWS\284zvi59556.exe
2009-05-22 16:51:59 ----A---- C:\WINDOWS\system32\1459thzeat31508.exe
2009-05-21 05:07:27 ----A---- C:\WINDOWS\system32\6909down5ozder1492.dll
2009-05-21 02:39:42 ----A---- C:\WINDOWS\system32\14e3zownload9r28785.exe
2009-05-18 21:28:51 ----D---- C:\Documents and Settings\All Users\Application Data\NCH Software
2009-05-18 20:45:17 ----D---- C:\Program Files\NCH Software
2009-05-18 07:06:40 ----A---- C:\WINDOWS\system32\9cczthief55.dll
2009-05-17 22:27:47 ----A---- C:\WINDOWS\56b6zownloader590.exe
2009-05-16 16:05:27 ----A---- C:\WINDOWS\56b9vir1z61.dll

======List of files/folders modified in the last 1 months======

2009-06-12 19:07:10 ----D---- C:\WINDOWS\Prefetch
2009-06-12 11:42:12 ----D---- C:\WINDOWS\system32
2009-06-12 11:42:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-12 10:19:10 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-12 07:13:47 ----D---- C:\WINDOWS\temp
2009-06-12 07:13:44 ----A---- C:\WINDOWS\win.ini
2009-06-12 07:13:36 ----D---- C:\WINDOWS
2009-06-12 03:08:18 ----D---- C:\Program Files\Internet Explorer
2009-06-12 03:07:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-12 03:01:53 ----HD---- C:\WINDOWS\inf
2009-06-12 03:01:52 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-12 03:01:44 ----A---- C:\WINDOWS\imsins.BAK
2009-06-12 03:01:38 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-12 03:01:11 ----D---- C:\WINDOWS\system32\en-US
2009-06-11 17:44:22 ----A---- C:\WINDOWS\NeroDigital.ini
2009-06-11 06:56:45 ----HD---- C:\Config.Msi
2009-06-10 22:05:43 ----SHD---- C:\WINDOWS\Installer
2009-06-10 18:20:50 ----RD---- C:\Program Files
2009-06-10 10:48:26 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-06-09 18:11:33 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-09 17:14:05 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-06-09 16:34:54 ----D---- C:\WINDOWS\network diagnostic
2009-06-09 10:58:41 ----D---- C:\Program Files\Norton Security Scan
2009-06-09 10:57:20 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-09 10:55:38 ----D---- C:\Program Files\iTunes
2009-06-09 10:55:13 ----D---- C:\Program Files\Google
2009-06-09 10:55:13 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-06-09 10:54:57 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-06-09 10:54:57 ----D---- C:\Program Files\NOS
2009-06-09 10:54:57 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-06-09 10:41:06 ----D---- C:\WINDOWS\system32\drivers
2009-06-08 21:47:57 ----SHD---- C:\RECYCLER
2009-06-08 21:29:00 ----D---- C:\Program Files\Common Files
2009-06-08 21:20:07 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-06-08 21:06:02 ----D---- C:\Program Files\Virgin Broadband
2009-06-08 21:05:04 ----D---- C:\Program Files\VideoLAN
2009-06-08 20:55:17 ----D---- C:\Program Files\Common Files\PestPatrol
2009-06-07 19:04:20 ----D---- C:\WINDOWS\security
2009-06-04 14:16:45 ----SD---- C:\WINDOWS\Tasks
2009-06-04 14:04:49 ----D---- C:\Documents and Settings\MUM\Application Data\HPAppData
2009-06-01 17:51:12 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-27 11:49:19 ----D---- C:\Documents and Settings\MUM\Application Data\U3
2009-05-27 09:59:49 ----A---- C:\WINDOWS\msoffice.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-06-08 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-08 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-06-08 108552]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2005-09-07 44288]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2005-09-07 24960]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-06-25 17801]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2002-01-01 8552]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 CSS DVP;CSS DVP; C:\WINDOWS\system32\DRIVERS\css-dvp.sys [2007-04-27 840352]
R2 FreeTdi;Radialpoint Filter (RPS-12798); C:\WINDOWS\System32\Drivers\FreeTdi.sys [2006-01-11 54840]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2001-10-22 9855]
R2 STEC3;STEC3; \??\C:\WINDOWS\System32\STEC3.sys []
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-06-19 752764]
R3 Freedom;Freedom Miniport; C:\WINDOWS\system32\DRIVERS\FREEDOM.SYS [2003-09-24 33408]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2002-02-13 1171584]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2002-02-13 166419]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-04-15 90907]
R3 rtl8139;Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2003-07-11 25434]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2002-02-13 594032]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2004-10-15 15295]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\WINDOWS\System32\Drivers\BrSerIf.sys [2004-09-29 51712]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [2004-01-10 11648]
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 cpuz129;cpuz129; \??\C:\DOCUME~1\MUM\LOCALS~1\Temp\cpuz_x32.sys []
S3 gbalink;GBA Link Driver (gbalink.sys); C:\WINDOWS\System32\Drivers\gbalink.sys [2001-03-08 19677]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-10-30 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-30 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-10-30 21568]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 USB_RNDIS;Linksys Wireless-G USB Network Adapter with SpeedBooster Driver v2; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-08 298776]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 dvpapi;DvpApi; C:\Program Files\Common Files\Command Software\dvpapi.exe [2007-04-27 177688]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 RP_FWS;PCguard Firewall; C:\Program Files\Virgin Broadband\PCguard\fws.exe [2007-01-24 316920]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S2 WUSB54GSv2SVC;WUSB54GSv2SVC; C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [2005-07-04 53307]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\System32\tcpsvcs.exe [2002-08-29 19456]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------
















info.txt logfile of random's system information tool 1.06 2009-06-12 19:49:27

======Uninstall list======

-->C:\PROGRA~1\BLUEYO~1\Uninstall.exe blueyonder
-->MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
-->MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA}
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BigFix-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
BitLord 1.1-->C:\Program Files\BitLord\uninst.exe
blueyonder Instant Support Tool-->C:\WINDOWS\Motive\blueyonder\MCCUninst.exe
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Brother MFL-Pro Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll
Conexant SoftK56 Modem(M)-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_8D8B155D\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F00&SUBSYS_200214F1
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dawn of War - Dark Crusade-->C:\Program Files\InstallShield Installation Information\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}\setup.exe -runfromtemp -l0x0009 -removeonly
HijackThis 2.0.2-->"C:\Documents and Settings\MUM\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Customer Participation Program 10.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3-->C:\Program Files\HP\Digital Imaging\{D77D43B5-ED55-426b-B67B-E21F804F6102}\setup\hpzscr01.exe -datfile hposcr27.dat -onestop
HP Imaging Device Functions 10.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 10.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
iPod for Windows 2006-01-10-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3D047C15-C859-45F7-81CE-F2681778069B} /l1033
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 8-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Linksys Wireless-G USB Network Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}\setup.exe" -l0x9
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money System Pack-->MsiExec.exe /I{02CA7E66-1AD1-4DE9-BA9E-86A0EEB019C7}
Microsoft Money-->MsiExec.exe /I{01A2E33A-8ADA-42D1-9173-8F65149E952F}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Standard-->MsiExec.exe /I{00020409-78E1-11D2-B60F-006097C998E7}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSa22.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 6.0-->MsiExec.exe /I{F8D0829C-9C6F-11D3-8080-00C04FA329AA}
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Multimedia Keyboard Driver Ver1.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF262740-C85A-11D5-BBEC-00D0B740900A}\Setup.exe" -l0x9
Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Napster-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9 -removeonly
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
PaperPort-->MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
PhotoPad Image Editor-->C:\Program Files\NCH Software\PhotoPad\uninst.exe
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Python 2.4.1-->MsiExec.exe /I{4D4F5346-7E4A-40B5-9387-FDB6181357FC}
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Rhapsody Player Engine-->MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Spybot - Search & Destroy 1.3-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TTRU Mod DC-->C:\Program Files\THQ\Dawn of War - Dark Crusade\Uninstall TTRU.exe
Ulead Photo Express 3.0 SE-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\Uninst.isu" -c"C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\IS32Inst.dll"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Viewpoint Media Player (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe -u
Virtual Villagers-->"C:\Program Files\Virgin Media Games\Virtual Villagers\Uninstall.exe" "C:\Program Files\Virgin Media Games\Virtual Villagers\install.log"
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WordWeb-->C:\Program Files\WordWeb\uninst.exe
WWTBAM 2nd Edition-->MsiExec.exe /I{23F20D6B-F211-486F-93DA-DA68AF7FE55F}
Xerox One Touch-->C:\PROGRA~1\XEROXO~1\UNWISE.EXE C:\PROGRA~1\XEROXO~1\INSTALL.LOG
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
Zac Browser English-->C:\WINDOWS\Zac Browser English Uninstaller.exe

=====HijackThis Backups=====

O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\blueyonder-istconfig.exe [2009-06-10]
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe" [2009-06-10]
O20 - AppInit_DLLs: blocker.dll [2009-06-10]
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe [2009-06-10]

======Security center information======

AV: AVG Anti-Virus Free
AV: PCguard Anti-Virus (disabled) (outdated)
FW: PCguard Firewall

======System event log======

Computer Name: GAYNA
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.

Record Number: 7329
Source Name: Service Control Manager
Time Written: 20090521095452.000000+060
Event Type: error
User:

Computer Name: GAYNA
Event Code: 1002
Message: The IP address lease 192.168.1.100 for the Network Card with network address 00402B770968 has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 7327
Source Name: Dhcp
Time Written: 20090521095314.000000+060
Event Type: error
User:

Computer Name: GAYNA
Event Code: 50
Message: {Delayed Write Failed}
Windows was unable to save all the data for the file . The data has been lost.
This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.

Record Number: 7319
Source Name: Fastfat
Time Written: 20090520131403.000000+060
Event Type: warning
User:

Computer Name: GAYNA
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 7318
Source Name: Disk
Time Written: 20090520131342.000000+060
Event Type: warning
User:

Computer Name: GAYNA
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.

Record Number: 7317
Source Name: Disk
Time Written: 20090520131341.000000+060
Event Type: warning
User:

=====Application event log=====

Computer Name: GAYNA
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 178
Source Name: crypt32
Time Written: 20090607161025.000000+060
Event Type: error
User:

Computer Name: GAYNA
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 177
Source Name: crypt32
Time Written: 20090607161025.000000+060
Event Type: error
User:

Computer Name: GAYNA
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server returned an invalid or unrecognized response


Record Number: 176
Source Name: crypt32
Time Written: 20090607161024.000000+060
Event Type: error
User:

Computer Name: GAYNA
Event Code: 11719
Message: Product: PCguard -- Error 1719.The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Record Number: 133
Source Name: MsiInstaller
Time Written: 20090604191226.000000+060
Event Type: error
User: GAYNA\MUM

Computer Name: GAYNA
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 50
Source Name: Userenv
Time Written: 20090604000045.000000+060
Event Type: warning
User: GAYNA\MUM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------
DJGarry
Regular Member
 
Posts: 55
Joined: May 30th, 2008, 11:05 am
Location: UK

Re: Trojan Horse virus help needed please

Unread postby peku006 » June 13th, 2009, 2:54 am

Hi Garry

1 - I'd like you to check (a file/some files) for Viruses.
C:\WINDOWS\1559195rz147.exe
C:\WINDOWS\72faddw9rz5848.exe

  • Copy/Paste file into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Repeat for all files on the list, and post me the details please

2 - Download and Run ComboFix
We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you
Please include the C:\ComboFix.txt in your next reply for further review.

3 - Status Check
Please reply with


1. the ComboFix log(C:\ComboFix.txt)
2. the Jotti/Virustotal results
Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Trojan Horse virus help needed please

Unread postby DJGarry » June 13th, 2009, 4:54 pm

Downloaded Combifix, but the exe file will not run ....

Jotti found no virus in the suspect files.


Jotti's malware scan
This file has been scanned before. The results for this previous scan are listed below.





--------------------------------------------------------------------------------

Filename: 1559195rz147.exe
Status: Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Sat 13 Jun 2009 20:37:20 (CET) Permalink



--------------------------------------------------------------------------------
Additional info
File size: 4968 bytes
Filetype: Unknown
MD5: b3d2daffe561a1ab53246d8ee5dbbb8b
SHA1: 01da80e9cb947104a48f2b6f96fa53dbbb5b8c25







Scanners
2009-06-13 Found nothing 2009-06-13 Found nothing
2009-06-13 Found nothing 2009-06-13 Found nothing
2009-06-13 Found nothing 2009-06-13 Found nothing
2009-06-13 Found nothing 2009-06-12 Found nothing
2009-06-12 Found nothing 2009-06-12 Found nothing
2009-06-13 Found nothing 2009-06-12 Found nothing
2009-06-13 Found nothing 2009-06-12 Found nothing
2009-06-13 Found nothing 2009-06-13 Found nothing
2009-06-13 Found nothing 2009-06-12 Found nothing
2009-06-12 Found nothing 2009-06-13 Found nothing



--------------------------------------------------------------------------------



Jotti's malware scan
This file has been scanned before. The results for this previous scan are listed below.





--------------------------------------------------------------------------------

Filename: 72faddw9rz5848.exe
Status: Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Sat 13 Jun 2009 20:40:44 (CET) Permalink



--------------------------------------------------------------------------------
Additional info
File size: 11404 bytes
Filetype: Unknown
MD5: 4b2a5bac80a15c8f1b366ecb6e096d94
SHA1: 0e5176369e4d6221751a3b59432b7625501c000a







Scanners
2009-06-13 Found nothing 2009-06-13 Found nothing
2009-06-13 Found nothing 2009-06-13 Found nothing
2009-06-13 Found nothing 2009-06-13 Found nothing
2009-06-13 Found nothing 2009-06-12 Found nothing
2009-06-12 Found nothing 2009-06-12 Found nothing
2009-06-13 Found nothing 2009-06-12 Found nothing
2009-06-13 Found nothing 2009-06-12 Found nothing
2009-06-13 Found nothing 2009-06-13 Found nothing
2009-06-13 Found nothing 2009-06-12 Found nothing
2009-06-12 Found nothing 2009-06-13 Found nothing



--------------------------------------------------------------------------------
DJGarry
Regular Member
 
Posts: 55
Joined: May 30th, 2008, 11:05 am
Location: UK

Re: Trojan Horse virus help needed please

Unread postby peku006 » June 14th, 2009, 4:12 am

Hi Garry

If you have previously downloaded ComboFix,please delete that

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Image

Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Trojan Horse virus help needed please

Unread postby DJGarry » June 14th, 2009, 2:25 pm

ComboFix 09-06-13.09 - MUM 14/06/2009 19:09.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.689 [GMT 1:00]
Running from: c:\documents and settings\MUM\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: PCguard Anti-Virus *On-access scanning disabled* (Outdated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: PCguard Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\MUM\Application Data\.#
c:\windows\103725ro9558z.ocx
c:\windows\1043backd5oz9813.cpl
c:\windows\1059backdoor11z7.cpl
c:\windows\10azaddwar97685.bin
c:\windows\1157thie922z05.cpl
c:\windows\1183795y7fz.exe
c:\windows\13651not-azv5rus2b99.ocx
c:\windows\1455zpambot1369.cpl
c:\windows\1490ztroj258.dll
c:\windows\150cdo9nloade55z4.ocx
c:\windows\15252s9y3ez.bin
c:\windows\1557v5zus94f.cpl
c:\windows\15590w5r934z.dll
c:\windows\1559195rz147.exe
c:\windows\15688wormz5d9.bin
c:\windows\15758hacktoo9404z.cpl
c:\windows\1586spa9botz02.bin
c:\windows\15cdzir9588.cpl
c:\windows\163315or9zd8.exe
c:\windows\16z859pambote6.bin
c:\windows\17350not-a-vir9s23z.dll
c:\windows\1759zt9a51912.bin
c:\windows\17690not-a-v5rusz36.bin
c:\windows\18655viz59553.dll
c:\windows\18705sza9bot155.dll
c:\windows\1889spz9se1259.cpl
c:\windows\1891hacktozl35c.bin
c:\windows\189dt5iefz039.exe
c:\windows\189spzrse17965.bin
c:\windows\18f9thr5atz44.bin
c:\windows\19522w5r91zf.ocx
c:\windows\19572no5-a-vzrus392.bin
c:\windows\19895szy193.dll
c:\windows\19dzwnloader1325.bin
c:\windows\19e5sparse63z.cpl
c:\windows\1d45a9zware1717.cpl
c:\windows\1da9spzware2115.ocx
c:\windows\1z238not5a-virus439.exe
c:\windows\1z358wo59370.bin
c:\windows\1z493spambo52e2.exe
c:\windows\1z520virus4209.dll
c:\windows\1z549n9t-a-virus1115.ocx
c:\windows\20010haczt5ol839.exe
c:\windows\20059worm5z7.bin
c:\windows\202549acktool65z.ocx
c:\windows\2043zwo9m7b05.cpl
c:\windows\20782szy7509.dll
c:\windows\20895v9rus5z2.ocx
c:\windows\20958not-a-zir5s908.bin
c:\windows\2099zownloader151.exe
c:\windows\210195ackto9l183z.ocx
c:\windows\21156w9rmz95.cpl
c:\windows\21551virus6z9.dll
c:\windows\21555viru930z.bin
c:\windows\21996vir5s4ze.exe
c:\windows\21z199irus3c35.exe
c:\windows\22217not-5zvirus4e9.ocx
c:\windows\224adzwar532249.ocx
c:\windows\224z8wor96b95.cpl
c:\windows\226625o9mz39.ocx
c:\windows\2269zwor55fd.bin
c:\windows\22948spa9bzt755.ocx
c:\windows\229755izusca.exe
c:\windows\22995hacktooz370.exe
c:\windows\22c0backdooz54169.dll
c:\windows\2314zha5ktool7e9.bin
c:\windows\23595troj4f9z.exe
c:\windows\23992hacktooz3515.dll
c:\windows\239fsteaz20085.exe
c:\windows\23e89aczdoor1795.dll
c:\windows\2419zw5rm199.ocx
c:\windows\24349ackzool5a.exe
c:\windows\24fas59zl1055.ocx
c:\windows\24z6th5ef1997.dll
c:\windows\24zcspy5are3987.cpl
c:\windows\25022zp52759.exe
c:\windows\2508595oj56z.ocx
c:\windows\25352spamzote9.cpl
c:\windows\2544t5ojz4d9.cpl
c:\windows\2549zhackto596ae.bin
c:\windows\255ethiz529849.ocx
c:\windows\256ebackdoo9155z.cpl
c:\windows\2578695zus5b7.cpl
c:\windows\25815tzoj693.dll
c:\windows\25875ot9a-virus7e1z.cpl
c:\windows\25916t5ojz4d.bin
c:\windows\25926ziru5767.exe
c:\windows\25933zacktool9465.dll
c:\windows\26754t9oj415z.exe
c:\windows\27093spambz553d.dll
c:\windows\27169zirus65a.dll
c:\windows\2790sp5ware8z8.dll
c:\windows\27z25spy4b09.cpl
c:\windows\284zvi59556.exe
c:\windows\285dsparse29z7.dll
c:\windows\28922hackt5ol9z0.dll
c:\windows\2901zhacktoo57e0.bin
c:\windows\29605ha5ktozl114.dll
c:\windows\2974259cktooz79f.dll
c:\windows\2975threzt5994.ocx
c:\windows\297z2sp5mbot43e.ocx
c:\windows\2czet9ief5648.bin
c:\windows\2eb6th5e9tz0674.cpl
c:\windows\2eb9sza5se3007.exe
c:\windows\2z487worm59.dll
c:\windows\2z975ha9ktoo5471.dll
c:\windows\2zb9backdoo52039.bin
c:\windows\30551vzru95e75.bin
c:\windows\306cdoznloade92756.cpl
c:\windows\3071z9acktool551.cpl
c:\windows\30739vi5zs98d.dll
c:\windows\3079ba5kdzor17999.ocx
c:\windows\30814no9-a5viruz44d.cpl
c:\windows\309995acktzol15b.ocx
c:\windows\30z9795rus555.cpl
c:\windows\31792worz495.bin
c:\windows\31e3thrzat40095.dll
c:\windows\31z29tr5j406.exe
c:\windows\31z55w5r9297.ocx
c:\windows\3524dow5loader2759z.cpl
c:\windows\35505pzware409.bin
c:\windows\35590sp9mbot47z.ocx
c:\windows\3562zddwa59248.ocx
c:\windows\35699tzoj246.dll
c:\windows\37e2ste5l1940z.bin
c:\windows\385t9reat19z45.bin
c:\windows\3864virz5695.cpl
c:\windows\389zvir2525.dll
c:\windows\39270trzj375.ocx
c:\windows\3933zhief2457.ocx
c:\windows\3949z9r7245.ocx
c:\windows\395dvzr2555.cpl
c:\windows\39a3spyza5e1022.exe
c:\windows\39cbbac9do5r35z.dll
c:\windows\39dthz9f2515.exe
c:\windows\3abfdowzloa5er5099.bin
c:\windows\3b5est9al14z3.dll
c:\windows\3b83vir956z5.dll
c:\windows\3b9cviz5659.dll
c:\windows\3e9e9own5oader24z0.exe
c:\windows\3fc9v5r412z.exe
c:\windows\3z900worm9f5.exe
c:\windows\3z9ethief157.dll
c:\windows\4008baz9door1531.cpl
c:\windows\408e5i925z1.cpl
c:\windows\4095szambo5193.ocx
c:\windows\410b5ackdoo99z6.dll
c:\windows\4112not-a-virus956z.ocx
c:\windows\41299ot-a-vi5zs358.cpl
c:\windows\4159ad5waze2615.dll
c:\windows\4399spy9are2055z.dll
c:\windows\43z9addware57.bin
c:\windows\4522downloz9er1932.cpl
c:\windows\4529spambo5317z.dll
c:\windows\45389parse1311z.bin
c:\windows\4552vir1z97.dll
c:\windows\457dbackd9or69z.bin
c:\windows\45czback59or640.dll
c:\windows\45z8not-a-v9rus154.cpl
c:\windows\4770spaz59548.bin
c:\windows\48209hz5at11464.bin
c:\windows\4889spy955z.ocx
c:\windows\493b5zdware2605.bin
c:\windows\495csp9zse1945.cpl
c:\windows\4a92sp9warz2155.ocx
c:\windows\4b2fdownlozd9r865.cpl
c:\windows\4b7esp9rze1345.exe
c:\windows\4b85spa9se1674z.ocx
c:\windows\4badzwa5e17949.exe
c:\windows\4c3zspyware9252.dll
c:\windows\4c9bspzr5e2568.exe
c:\windows\4fzc5ownloader2199.bin
c:\windows\4z5thief5729.dll
c:\windows\50349orz5b7.exe
c:\windows\5065spywaze1937.cpl
c:\windows\5098not-a-z5rus28.ocx
c:\windows\509cdownlozd5r1461.exe
c:\windows\50zha9ktool26f.bin
c:\windows\516spywar9z140.exe
c:\windows\52519zyware2220.dll
c:\windows\52777tr9j1ez.exe
c:\windows\5292thief751z.cpl
c:\windows\5299vir2z295.cpl
c:\windows\52z2addw9re2145.ocx
c:\windows\53330spa9bot1zc.dll
c:\windows\5378sp9mbot12cz.ocx
c:\windows\5378spywarez966.dll
c:\windows\5452backdoor291z.ocx
c:\windows\5481addwarz28995.cpl
c:\windows\549thizf306.exe
c:\windows\5513zownloader619.dll
c:\windows\55319ir2z46.ocx
c:\windows\5553threat171z9.cpl
c:\windows\5576tzrea912481.dll
c:\windows\557d9hreat4z005.cpl
c:\windows\5609dzwnloader28175.bin
c:\windows\5639hac9zool641.exe
c:\windows\5692zirus490.bin
c:\windows\569ftzief53.cpl
c:\windows\56b6zownloader590.exe
c:\windows\56b9vir1z61.dll
c:\windows\57259pyzare2603.ocx
c:\windows\5731zwor955f.exe
c:\windows\5750worm449z.ocx
c:\windows\5822dow9l5zder1037.ocx
c:\windows\5853thrzat29758.ocx
c:\windows\58573zpy49c.exe
c:\windows\58729zy535.ocx
c:\windows\58d69ackdozr26225.exe
c:\windows\5900dow5loadzr2088.ocx
c:\windows\5948v5rus516z.ocx
c:\windows\5949sparse11z85.ocx
c:\windows\5953sp9rsz2787.dll
c:\windows\595419pambot7ze.cpl
c:\windows\5954vir2z11.dll
c:\windows\5971vz5949.dll
c:\windows\59a7t5reat19z83.cpl
c:\windows\59cc5parsz994.bin
c:\windows\59e0addw5re31z4.cpl
c:\windows\59zfthi5f1713.cpl
c:\windows\59zhacktool59b9.cpl
c:\windows\5a56thzef5479.cpl
c:\windows\5ab7thi9fz46.ocx
c:\windows\5az95ir1944.exe
c:\windows\5b29addware9z.exe
c:\windows\5bb9vzr296.exe
c:\windows\5bc5spazs51994.ocx
c:\windows\5bz3steal1109.bin
c:\windows\5c58b5czdoor3960.ocx
c:\windows\5c9steal52z3.exe
c:\windows\5d9dstzal2189.dll
c:\windows\5dfzir2918.exe
c:\windows\5f5zthr95t20166.cpl
c:\windows\5f91viz699.ocx
c:\windows\5fc6addwaze479.exe
c:\windows\5z89roj2425.bin
c:\windows\5z9dbackdo95530.cpl
c:\windows\60895zr2188.bin
c:\windows\60c9zars572.ocx
c:\windows\60not5a-zir9s40d.ocx
c:\windows\618z9roj125.dll
c:\windows\6225ir9s486z.bin
c:\windows\6268thie95143z.ocx
c:\windows\6377not-a-ziru9350.bin
c:\windows\63c6spz95e2755.bin
c:\windows\63e99d5warz1892.bin
c:\windows\6547s95rse1055z.exe
c:\windows\65a8tzreat8951.cpl
c:\windows\65e5thrzat80139.ocx
c:\windows\65edback9ooz2309.ocx
c:\windows\65f4v9r21z4.exe
c:\windows\667edow9loazer3255.bin
c:\windows\66az59ckdoor851.dll
c:\windows\674c5te9l1z5.bin
c:\windows\678as5arse61z9.bin
c:\windows\6895downloazer22825.bin
c:\windows\69539pzware1440.cpl
c:\windows\69a6th95az23773.ocx
c:\windows\69c0a5dware27z3.exe
c:\windows\69e1spywzre2555.ocx
c:\windows\6cb5s9yware225z5.cpl
c:\windows\6d4f59dwaze999.bin
c:\windows\6e4cbzckd9o52931.dll
c:\windows\7013th9ef15z4.cpl
c:\windows\701hacktzol5579.dll
c:\windows\71389teal8z5.exe
c:\windows\7185stea91z65.ocx
c:\windows\727tzoj75a9.exe
c:\windows\72b5z9dware57.dll
c:\windows\72c9t5r9at25z95.exe
c:\windows\72faddw9rz5848.exe
c:\windows\7325hackzoo932d.dll
c:\windows\7425sp9rse24z4.dll
c:\windows\759esparse9z.exe
c:\windows\75stzal15439.exe
c:\windows\764ft9ief3z51.ocx
c:\windows\7653sp9wa5e2z85.dll
c:\windows\7759zormae5.cpl
c:\windows\77a9s9eal241z5.exe
c:\windows\77b5zparse699.exe
c:\windows\77z8addwa9e1095.bin
c:\windows\77zth9ef951.bin
c:\windows\7979bazkdoor14855.exe
c:\windows\797zthi5f3251.bin
c:\windows\799aaddwa5z109.exe
c:\windows\7a05dzwnloader659.ocx
c:\windows\7a50addwz9e3232.ocx
c:\windows\7b1ctzrea915156.cpl
c:\windows\7c93addw5rz491.bin
c:\windows\7cebackzoor9805.cpl
c:\windows\7d1dba5kzoo91802.cpl
c:\windows\7dbzthr9at297255.exe
c:\windows\7e37ad5waz91424.bin
c:\windows\7ezdsp9rse23515.bin
c:\windows\7f9asparse29z5.ocx
c:\windows\8087ha5kt9ol28dz.dll
c:\windows\826zvirus29b5.ocx
c:\windows\8376spaz9ot795.ocx
c:\windows\8z28spa5bo9109.exe
c:\windows\90d2b5zkdoor1486.exe
c:\windows\910085irusz58.dll
c:\windows\91501w5rm5fz.cpl
c:\windows\9160v5rus79z.cpl
c:\windows\91615vi5uz2e6.exe
c:\windows\91715pyze8.cpl
c:\windows\917zdownloader2576.exe
c:\windows\935zvi5308.dll
c:\windows\93739sp56z6.bin
c:\windows\9391spars52z56.ocx
c:\windows\93z2wor5748.ocx
c:\windows\9414hac5tool7zb.cpl
c:\windows\94zthie51979.cpl
c:\windows\95175orm9f9z.cpl
c:\windows\951cbackdoor2z11.exe
c:\windows\9589hizf2513.dll
c:\windows\95eabazkdoor791.cpl
c:\windows\961565pambotz2c.exe
c:\windows\9635hazktool4635.bin
c:\windows\96584spambot3cz.exe
c:\windows\9739spam5oz79d.exe
c:\windows\97993spy105z.ocx
c:\windows\9914n9t-a-virzs325.bin
c:\windows\9925zpambot3265.exe
c:\windows\99338worz55d.ocx
c:\windows\9998trz57e2.dll
c:\windows\999cadd5are2099z.exe
c:\windows\9ac3t5reatz9065.cpl
c:\windows\9azespywar5735.dll
c:\windows\9dsp9zs53199.exe
c:\windows\9e09threatz5202.exe
c:\windows\9f2cs5eal7z3.cpl
c:\windows\9f2czir29295.bin
c:\windows\9z69troj25c.bin
c:\windows\9z879spa5botd1.dll
c:\windows\c95zownloader3775.cpl
c:\windows\e98thrzat5935.bin
c:\windows\ef7a95ware126z.exe
c:\windows\f72downl5aze92319.exe
c:\windows\fdz5parse3197.dll
c:\windows\regedit.com
c:\windows\system32\10253hackto5z694.bin
c:\windows\system32\10327vi9zs751.dll
c:\windows\system32\106daddwarez955.dll
c:\windows\system32\10713worz9b5.ocx
c:\windows\system32\10974haz5toole1.ocx
c:\windows\system32\113z5spambo5199.exe
c:\windows\system32\1195steal39z.ocx
c:\windows\system32\11dczhreat59899.ocx
c:\windows\system32\125c5ow9loader458z.exe
c:\windows\system32\126419ro51a0z.exe
c:\windows\system32\12925troz1d4.ocx
c:\windows\system32\12956zrojf0.ocx
c:\windows\system32\129zwo5ma4.exe
c:\windows\system32\1309zir5285.cpl
c:\windows\system32\1364595t-a-vizus335.ocx
c:\windows\system32\13z95irus95b.exe
c:\windows\system32\1429worm53z.ocx
c:\windows\system32\143819acktzo518.cpl
c:\windows\system32\14511spz9bot578.exe
c:\windows\system32\14552sp9mbot2a2z.exe
c:\windows\system32\1459thzeat31508.exe
c:\windows\system32\1489zspa95ot585.cpl
c:\windows\system32\14925orm299z.exe
c:\windows\system32\14e3zownload9r28785.exe
c:\windows\system32\14z5v9r2067.ocx
c:\windows\system32\15691zr5j229.exe
c:\windows\system32\158395irus69z.dll
c:\windows\system32\158bdownlo5d9r5z9.dll
c:\windows\system32\15904virzs559.bin
c:\windows\system32\15beb5zkdo9r2106.ocx
c:\windows\system32\160109otz5-virus28e.exe
c:\windows\system32\1626t5ief3z149.dll
c:\windows\system32\16574hac9tzol451.dll
c:\windows\system32\166659wnloader2z49.cpl
c:\windows\system32\16853spaz59t200.dll
c:\windows\system32\16z76worm2395.dll
c:\windows\system32\1731t5iez1595.cpl
c:\windows\system32\17534spazbot3959.bin
c:\windows\system32\1794zpambo5718.ocx
c:\windows\system32\179849pambzt75d.dll
c:\windows\system32\17c7vi53z59.dll
c:\windows\system32\17d1adzw9re785.bin
c:\windows\system32\17z5thief2298.bin
c:\windows\system32\19003spy954z.bin
c:\windows\system32\1917z5roj19e.ocx
c:\windows\system32\19259vzrus6695.cpl
c:\windows\system32\192z4vir5950d.ocx
c:\windows\system32\19315not-5-virus5cz.cpl
c:\windows\system32\195zv5r1217.bin
c:\windows\system32\19705parze24.cpl
c:\windows\system32\19755nzt-a-virus14e.ocx
c:\windows\system32\19904t5o97zb.bin
c:\windows\system32\19910sz5mbot5b4.exe
c:\windows\system32\19992t5oj44z.cpl
c:\windows\system32\19z13hacktool545.exe
c:\windows\system32\19ze95r359.exe
c:\windows\system32\1a9asz95se1950.cpl
c:\windows\system32\1b9ftz5ef68.exe
c:\windows\system32\1c2e9ackdzor3157.ocx
c:\windows\system32\1c9e5parse834z.exe
c:\windows\system32\1c9zst5al2497.bin
c:\windows\system32\1d59downlo59er259z.bin
c:\windows\system32\1d69spyware1516z.cpl
c:\windows\system32\1e2et5iez2995.cpl
c:\windows\system32\1z040no5-a-virus2b9.exe
c:\windows\system32\1z15ir31039.exe
c:\windows\system32\1z33759ycb.cpl
c:\windows\system32\1z398troj959.dll
c:\windows\system32\1z919s5ambot6d5.bin
c:\windows\system32\200v59zs229.bin
c:\windows\system32\20865hazktool96c.bin
c:\windows\system32\20z109ot-a-virus675.ocx
c:\windows\system32\2131thzea95805.ocx
c:\windows\system32\21405ir1z49.cpl
c:\windows\system32\214vi9z6525.dll
c:\windows\system32\215da9zware1635.exe
c:\windows\system32\21785hazkt9ol404.dll
c:\windows\system32\22190zorm235.exe
c:\windows\system32\22555z9oj452.exe
c:\windows\system32\226395py11z.ocx
c:\windows\system32\229azddwa9e550.exe
c:\windows\system32\23014sp9zbot1b95.cpl
c:\windows\system32\234zdownloader5659.dll
c:\windows\system32\23535spam9zt1c.exe
c:\windows\system32\23535zckdoor21689.bin
c:\windows\system32\239895pzmbot65.cpl
c:\windows\system32\23998n5t-z-virus337.dll
c:\windows\system32\24345ro9z0c.bin
c:\windows\system32\2437back5oorz4139.dll
c:\windows\system32\24464trz5798.cpl
c:\windows\system32\24537vir9szff.bin
c:\windows\system32\24550spambzt53a9.cpl
c:\windows\system32\2468s9azs579.dll
c:\windows\system32\247829r5j5dz.dll
c:\windows\system32\24c29z53195.bin
c:\windows\system32\25091spam95z7dc.ocx
c:\windows\system32\25175wor95z4.ocx
c:\windows\system32\251z8s9y142.dll
c:\windows\system32\254379ot-a-vizus7f7.dll
c:\windows\system32\2558zspam9ot5ec.bin
c:\windows\system32\25590zirusa9.bin
c:\windows\system32\25849sz951d5.bin
c:\windows\system32\25895wor54ez9.exe
c:\windows\system32\25953spambot3z1.ocx
c:\windows\system32\25d5addware51z9.ocx
c:\windows\system32\25ez9eal83.ocx
c:\windows\system32\25f6downlo5de92851z.ocx
c:\windows\system32\26369trzj505.exe
c:\windows\system32\26756tz9519f.exe
c:\windows\system32\270789izus7645.bin
c:\windows\system32\273z1n5t-a9virus343.bin
c:\windows\system32\2754thi591587z.cpl
c:\windows\system32\27584szy56b9.ocx
c:\windows\system32\2797a5dwarz836.cpl
c:\windows\system32\27990spa5zot242.ocx
c:\windows\system32\27z55virus902.dll
c:\windows\system32\28159no9-a-virusz93.ocx
c:\windows\system32\283749zcktool455.exe
c:\windows\system32\2839th5ef9685z.dll
c:\windows\system32\28476szambot195.cpl
c:\windows\system32\28516troz795.dll
c:\windows\system32\287z35acktool32f9.dll
c:\windows\system32\2883hacktoo574z9.bin
c:\windows\system32\2901not-a-vizu52eb.exe
c:\windows\system32\2916downzoade53159.dll
c:\windows\system32\2921zddwa5e3199.cpl
c:\windows\system32\29236hackt9zl15.cpl
c:\windows\system32\293525zy75.dll
c:\windows\system32\2944t5zeat198199.cpl
c:\windows\system32\29539tr9jz5.cpl
c:\windows\system32\29705not-a-5ir9z41a.dll
c:\windows\system32\29756hacztool9e1.cpl
c:\windows\system32\29786virusz57.ocx
c:\windows\system32\29958virzsfb9.exe
c:\windows\system32\29974wo5m41z.cpl
c:\windows\system32\29c7addware25z9.dll
c:\windows\system32\29zes9arse1655.dll
c:\windows\system32\2a25te9l2758z.dll
c:\windows\system32\2a71z9ief2858.ocx
c:\windows\system32\2a79threzt2052.bin
c:\windows\system32\2azdvi9511.exe
c:\windows\system32\2cefzownlo5der3139.exe
c:\windows\system32\2dz7vi599.ocx
c:\windows\system32\2fz4bac5door3297.exe
c:\windows\system32\2z015ot-9-virus354.cpl
c:\windows\system32\2z7449pambot5a7.ocx
c:\windows\system32\2ze99hief14575.exe
c:\windows\system32\30001spa59ot33z.ocx
c:\windows\system32\305adownl9ader51z8.ocx
c:\windows\system32\3076d9wnloade593z.cpl
c:\windows\system32\30d95dzware829.exe
c:\windows\system32\310z9tro5a09.dll
c:\windows\system32\3129s5yzd9.ocx
c:\windows\system32\3133bac9door5699z.cpl
c:\windows\system32\31579v5ru94cz.dll
c:\windows\system32\31938sp9mb5tz01.bin
c:\windows\system32\31d3vir5977z.bin
c:\windows\system32\34z4spar9e1575.dll
c:\windows\system32\3526thief2z19.dll
c:\windows\system32\355zworm39.bin
c:\windows\system32\365dv9z5171.dll
c:\windows\system32\3705zrm7d9.cpl
c:\windows\system32\37z8ste9l5548.bin
c:\windows\system32\39233h5cztool67f.exe
c:\windows\system32\3955threat20467z.ocx
c:\windows\system32\3994worz159.dll
c:\windows\system32\39a9sparz59495.exe
c:\windows\system32\39z0vir1650.exe
c:\windows\system32\3bd9downloader9521z.bin
c:\windows\system32\3c3a5ddware2990z.ocx
c:\windows\system32\3dc4addw5re1899z.ocx
c:\windows\system32\3e5zspywa592278.bin
c:\windows\system32\3f9zv9r2531.bin
c:\windows\system32\3z561worm2d9.bin
c:\windows\system32\3z973worm590.exe
c:\windows\system32\4021hacktoz519c9.ocx
c:\windows\system32\4199st5zl164.ocx
c:\windows\system32\44005zr16639.exe
c:\windows\system32\4405zpyware2999.cpl
c:\windows\system32\442ed9wnlozder1579.ocx
c:\windows\system32\4467s5arse3z49.cpl
c:\windows\system32\4481threat955z.bin
c:\windows\system32\4504ba95zoor1415.ocx
c:\windows\system32\450e5teal297z.cpl
c:\windows\system32\45759irus5a4z.ocx
c:\windows\system32\45z29hief136.bin
c:\windows\system32\46395h9ef150z.dll
c:\windows\system32\46e45zdware1279.dll
c:\windows\system32\4705szarse1915.cpl
c:\windows\system32\47fv5r2295z.ocx
c:\windows\system32\495bbaczdoor276.ocx
c:\windows\system32\496espar5e2z379.bin
c:\windows\system32\4989s5yz0a.exe
c:\windows\system32\4994zorm45c.ocx
c:\windows\system32\4a7csz5war92312.exe
c:\windows\system32\4b02th5ef319z.exe
c:\windows\system32\4b59th5ef29z2.dll
c:\windows\system32\4b7fad9w5re3z7.bin
c:\windows\system32\4e79threaz15319.cpl
c:\windows\system32\4ec1thrzat92695.exe
c:\windows\system32\4ed1spy59re2042z.dll
c:\windows\system32\502cspywarz1249.ocx
c:\windows\system32\50899hreatz3065.bin
c:\windows\system32\508bthiez9054.exe
c:\windows\system32\5097spy5arez095.dll
c:\windows\system32\509es9arsz775.dll
c:\windows\system32\50c4bac9door251z5.bin
c:\windows\system32\50e2thr9atz4905.exe
c:\windows\system32\50zasp9rse5082.bin
c:\windows\system32\51495ackzool6329.cpl
c:\windows\system32\5151v9r20z2.bin
c:\windows\system32\529sz5599.ocx
c:\windows\system32\537639orz242.exe
c:\windows\system32\537z9orm458.bin
c:\windows\system32\53898spy17ez.exe
c:\windows\system32\53zbspywar91357.dll
c:\windows\system32\548spazse1962.dll
c:\windows\system32\5492ztroj148.cpl
c:\windows\system32\5500spzrse1789.dll
c:\windows\system32\5521zhre9t7503.exe
c:\windows\system32\554429ot-a-viruz76c.dll
c:\windows\system32\5556wozm598.bin
c:\windows\system32\55c9stzal151.dll
c:\windows\system32\55cbsp5rze9625.dll
c:\windows\system32\5658zi9us274.cpl
c:\windows\system32\56ed9teal102z.cpl
c:\windows\system32\5743v59uz44d.bin
c:\windows\system32\57529orm7za.bin
c:\windows\system32\5794spambo552z.exe
c:\windows\system32\57c6s9ywarez748.dll
c:\windows\system32\57z5threat171195.ocx
c:\windows\system32\57z9backdoor2735.ocx
c:\windows\system32\584zsp5mbo91fb.dll
c:\windows\system32\585azi92561.exe
c:\windows\system32\5939addware1053z.cpl
c:\windows\system32\5954v9z9565.dll
c:\windows\system32\5979thiez1695.ocx
c:\windows\system32\5997spywa5e15z.cpl
c:\windows\system32\59f9d5wzre337.exe
c:\windows\system32\59z3s5arse283.ocx
c:\windows\system32\59zcthief5874.ocx
c:\windows\system32\5a1cdowzloader24209.exe
c:\windows\system32\5a54sp5rsez349.ocx
c:\windows\system32\5ad59hreatz1153.exe
c:\windows\system32\5b549ddwaze340.bin
c:\windows\system32\5bc99hrzat20453.exe
c:\windows\system32\5c795pywaze162.exe
c:\windows\system32\5cf2thrz5t95598.exe
c:\windows\system32\5d2thr9atz03415.exe
c:\windows\system32\5da2thre5t94800z.exe
c:\windows\system32\5dbzparse9350.bin
c:\windows\system32\5e65z9ief1052.cpl
c:\windows\system32\5e7zthief992.dll
c:\windows\system32\5ea8tzief559.dll
c:\windows\system32\5ee95pyware2z38.dll
c:\windows\system32\5fezthief6859.ocx
c:\windows\system32\5fz6t9ief2821.cpl
c:\windows\system32\5z317worm297.bin
c:\windows\system32\5z4thie51979.exe
c:\windows\system32\5zdt9reat1895.cpl
c:\windows\system32\5zf9t5reat1260.ocx
c:\windows\system32\60zethr5at7098.ocx
c:\windows\system32\624zdo5nl9ader67.ocx
c:\windows\system32\62b1downlo9zer5590.exe
c:\windows\system32\62zav9r5587.ocx
c:\windows\system32\632dd5znload9r517.exe
c:\windows\system32\63915zrm4b5.dll
c:\windows\system32\6494spzrse5554.exe
c:\windows\system32\649cadd5aze2272.exe
c:\windows\system32\649dviz895.exe
c:\windows\system32\64c1bzckdoor50179.ocx
c:\windows\system32\6503threaz17697.ocx
c:\windows\system32\6543thie9z577.cpl
c:\windows\system32\65a0szarse10199.exe
c:\windows\system32\669spzmbot35.ocx
c:\windows\system32\6737stea5z1799.ocx
c:\windows\system32\6759spywzr59536.bin
c:\windows\system32\677esp9r5ez444.bin
c:\windows\system32\6790thzea5320459.cpl
c:\windows\system32\67ad9zar5e2195.exe
c:\windows\system32\688virzs59f5.bin
c:\windows\system32\6890nzt-a-vi5us254.ocx
c:\windows\system32\6907not9a5virzsb0.exe
c:\windows\system32\6909down5ozder1492.dll
c:\windows\system32\6a5zthreat973.dll
c:\windows\system32\6d46s9arse2z58.bin
c:\windows\system32\6dz95teal1112.cpl
c:\windows\system32\6f53sparse925z.cpl
c:\windows\system32\6fb9bzckdoor285.bin
c:\windows\system32\70559parsez546.ocx
c:\windows\system32\7055ste9lz11.bin
c:\windows\system32\7097downlo5dez9367.bin
c:\windows\system32\7132not-a-vi9us50z.cpl
c:\windows\system32\7172zot-9-virus5c0.dll
c:\windows\system32\7359stzal425.ocx
c:\windows\system32\73675zwnloader799.exe
c:\windows\system32\7430backd9or2z45.dll
c:\windows\system32\752ethr9az22454.exe
c:\windows\system32\75f5zddware289.exe
c:\windows\system32\75z6s9ea52207.ocx
c:\windows\system32\7851hzc9too54f3.exe
c:\windows\system32\791zthie52525.ocx
c:\windows\system32\7948spy9zre5959.dll
c:\windows\system32\7948w5rmz0.bin
c:\windows\system32\79cethief5z8.cpl
c:\windows\system32\79dste5l2656z.dll
c:\windows\system32\79e5bzckdoo51677.bin
c:\windows\system32\79fbstea51z65.cpl
c:\windows\system32\7ade5i99z9.dll
c:\windows\system32\7aezaddw9re1565.bin
c:\windows\system32\7bafdozn95ader3126.exe
c:\windows\system32\7ca9spywar5z354.exe
c:\windows\system32\7d4bszar591433.ocx
c:\windows\system32\7dzthreat3569.ocx
c:\windows\system32\7eb4doznloade91605.bin
c:\windows\system32\7z97not-5-virus249.bin
c:\windows\system32\82bst5a9140z.dll
c:\windows\system32\8479woz526.exe
c:\windows\system32\89ftzi5f107.exe
c:\windows\system32\8z24wo5m965.exe
c:\windows\system32\9034t9o53az.cpl
c:\windows\system32\9109szambot955.dll
c:\windows\system32\91377hz5ktool313.ocx
c:\windows\system32\91528spambotzb3.dll
c:\windows\system32\91eda5dwaze1310.exe
c:\windows\system32\92598wzrm6da.bin
c:\windows\system32\9385zvirus525.dll
c:\windows\system32\94565hacztool56.cpl
c:\windows\system32\952szeal1154.cpl
c:\windows\system32\955zteal2084.ocx
c:\windows\system32\956back9zor2952.dll
c:\windows\system32\95z4hackt9o568f.bin
c:\windows\system32\96585zr3031.ocx
c:\windows\system32\965ad5wa9e1z49.ocx
c:\windows\system32\974spaz5e1325.bin
c:\windows\system32\97956spambot55z.cpl
c:\windows\system32\9797spyzb5.dll
c:\windows\system32\987zo5-a9virus637.exe
c:\windows\system32\990tro54zc.dll
c:\windows\system32\993fbackdozr1825.exe
c:\windows\system32\9995trzj47d.exe
c:\windows\system32\99970zpambot576.exe
c:\windows\system32\99a2sp5rse20z6.cpl
c:\windows\system32\99cbthreaz15272.exe
c:\windows\system32\9a31st5al1826z.cpl
c:\windows\system32\9b5thrzat267325.exe
c:\windows\system32\9c3dba5kdoor1658z.dll
c:\windows\system32\9d5spyware105z.dll
c:\windows\system32\9z8backd5or505.dll
c:\windows\system32\9zd5spyware1151.dll
c:\windows\system32\a3dt5zef1579.cpl
c:\windows\system32\b41do5n9oadez1156.bin
c:\windows\system32\c45dowzlo5der1964.exe
c:\windows\system32\d55d9wnlozder141.bin
c:\windows\system32\d9fthie9z859.dll
c:\windows\system32\drivers\gxvxcliqlaswthboruyxuwqgrfthrsnsgpruj.sys
c:\windows\system32\drivers\gxvxcxdompjwmrfldkmrgwuyfultfaqjbabew.sys
c:\windows\system32\drivers\gxvxcxeoobiufrfhlwxwuxmwwykridqoewcsy.sys
c:\windows\system32\f0fvi5981z.cpl
c:\windows\system32\f14s9ywar5z023.exe
c:\windows\system32\f39sparsz2715.ocx
c:\windows\system32\f74s5arse3z99.dll
c:\windows\system32\fcd9zywa5e1327.dll
c:\windows\system32\gxvxccount
c:\windows\system32\gxvxcobyurcylxrquyysridfcyvwhsvqyhkmu.dll
c:\windows\system32\gxvxcqnlrvdcjnsswtxtlwgoewxuiyqoeynut.dll
c:\windows\system32\z0f1vi525579.bin
c:\windows\system32\z454t9reat7483.exe
c:\windows\system32\z5019ir253.bin
c:\windows\system32\z540spar9e3195.ocx
c:\windows\system32\z584spy595.exe
c:\windows\system32\z70935pambot1df.dll
c:\windows\system32\z9545not-a-virus7a0.bin
c:\windows\system32\z97ath5ef1080.ocx
c:\windows\system32\z9f3vi51712.cpl
c:\windows\system32\za89thr5at29809.cpl
c:\windows\system32\zccfspar9e2586.bin
c:\windows\system32\zddcdo5nloader639.bin
c:\windows\system32\zf69a9dwar53008.cpl
c:\windows\z0949tro519b.bin
c:\windows\z206spa5bot985.exe
c:\windows\z2580sp9m5ot685.bin
c:\windows\z453wo9m55b.cpl
c:\windows\z46d59yware3161.bin
c:\windows\z492add5are960.bin
c:\windows\z5030hacktool55d9.cpl
c:\windows\z51sp9ware6.bin
c:\windows\z562spyware596.bin
c:\windows\z56spam9ot294.bin
c:\windows\z6565irus29b.exe
c:\windows\z6949v5rus1c3.dll
c:\windows\z73059irus385.dll
c:\windows\z7834wor93be5.ocx
c:\windows\z9c5vir4385.bin
c:\windows\zc47addware1895.exe
c:\windows\zcddthief5893.bin
c:\windows\zdebbackdo5r1791.ocx
c:\windows\zf199ir1565.ocx
c:\windows\zf57steal619.cpl

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-05-14 to 2009-06-14 )))))))))))))))))))))))))))))))
.

2009-06-12 18:48 . 2009-06-12 18:49 -------- d-----w- C:\rsit
2009-06-12 13:18 . 2009-06-12 13:21 -------- d-----w- c:\documents and settings\MUM\DoctorWeb
2009-06-10 17:20 . 2009-06-10 17:21 -------- d-----w- c:\program files\QuickTime
2009-06-09 08:54 . 2009-06-09 08:54 -------- d-----w- c:\documents and settings\MUM\Application Data\Malwarebytes
2009-06-09 06:16 . 2009-05-26 12:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-09 06:16 . 2009-06-09 09:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-09 06:16 . 2009-06-09 06:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-09 06:16 . 2009-05-26 12:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-08 20:13 . 2009-06-08 20:13 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-08 20:13 . 2009-06-08 20:13 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-08 20:13 . 2009-06-08 20:13 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-08 20:13 . 2009-06-08 20:13 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-08 20:13 . 2009-06-14 07:55 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-08 20:13 . 2009-06-08 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-08 20:13 . 2009-06-08 20:13 -------- d-----w- c:\program files\AVG
2009-06-08 19:45 . 2009-06-09 19:14 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-04 18:22 . 2009-06-04 18:22 -------- d-----w- c:\program files\Windows Live Safety Center
2009-06-03 22:46 . 2009-06-06 16:46 -------- d-----w- c:\windows\Application Data
2009-06-03 22:06 . 2009-06-03 22:06 1506712 ----a-w- c:\documents and settings\MUM\Application Data\Virgin Broadband\advisor\downloads\advisor.41.exe.dir\advisor.exe
2009-05-18 20:28 . 2009-05-18 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2009-05-18 19:45 . 2009-05-18 19:45 -------- d-----w- c:\program files\NCH Software
2009-05-18 06:06 . 2009-05-18 06:06 7591 ----a-w- c:\windows\system32\9cczthief55.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 09:48 . 2005-05-16 15:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-09 16:14 . 2004-02-01 19:42 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-09 09:58 . 2009-04-03 14:12 -------- d-----w- c:\program files\Norton Security Scan
2009-06-09 09:57 . 2002-01-01 22:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-09 09:55 . 2009-01-10 13:30 -------- d-----w- c:\program files\iTunes
2009-06-09 09:55 . 2006-02-25 09:41 -------- d-----w- c:\program files\Google
2009-06-09 09:54 . 2009-01-13 12:21 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-06-09 09:54 . 2009-01-13 12:21 -------- d-----w- c:\program files\NOS
2009-06-08 20:20 . 2007-03-23 00:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-08 20:06 . 2007-03-22 23:32 -------- d-----w- c:\program files\Virgin Broadband
2009-06-08 20:05 . 2004-07-12 12:51 -------- d-----w- c:\program files\VideoLAN
2009-06-08 19:55 . 2007-03-22 23:39 -------- d-----w- c:\program files\Common Files\PestPatrol
2009-06-04 13:04 . 2009-02-23 13:34 -------- d-----w- c:\documents and settings\MUM\Application Data\HPAppData
2009-05-27 10:49 . 2009-04-22 10:30 -------- d-----w- c:\documents and settings\MUM\Application Data\U3
2009-05-07 15:32 . 2002-01-02 04:53 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 17:16 . 2009-05-05 17:16 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-05 17:16 . 2006-04-24 14:48 -------- d-----w- c:\program files\iPod
2009-05-05 17:16 . 2007-10-02 14:03 -------- d-----w- c:\program files\Common Files\Apple
2009-05-05 17:13 . 2009-05-05 17:13 -------- d-----w- c:\program files\Bonjour
2009-05-05 17:03 . 2009-05-05 17:03 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-29 04:56 . 2004-02-06 17:05 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2002-01-02 04:53 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-04-14 01:09 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-03 10:55 . 2007-05-20 16:18 52240 ----a-w- c:\documents and settings\OLIVER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-19 15:32 . 2009-03-19 15:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 15:32 . 2008-01-29 11:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-07-13 28739]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"OneTouch Monitor"="c:\program files\Xerox One Touch\OneTouchMon.exe" [2003-06-12 86016]
"SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]
"Motive SmartBridge"="c:\progra~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe" [2005-09-22 438359]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-08 1947928]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]

c:\documents and settings\MUM\Start Menu\Programs\Startup\
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2006-8-15 19968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2002-1-1 1742384]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-08 20:13 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\WinMX\\WinMX.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\ttru_DarkCrusade.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [08/06/2009 21:13 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [08/06/2009 21:13 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [08/06/2009 21:13 298776]
R2 WUSB54GSv2SVC;WUSB54GSv2SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [25/06/2008 17:12 53307]
S3 cpuz129;cpuz129;\??\c:\docume~1\MUM\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\MUM\LOCALS~1\Temp\cpuz_x32.sys [?]
S3 gbalink;GBA Link Driver (gbalink.sys);c:\windows\system32\drivers\gbalink.sys [27/02/2005 18:45 19677]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-05-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SpySweeper - c:\program files\PC Healthcheck\SpySweeper\SpySweeper.exe
HKLM-Run-PP8 Reminder - c:\program files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe
HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe
HKU-Default-Run-Symantec Network Driver Update Warning - c:\progra~1\Symantec\LIVEUP~1\SNDWarn.EXE


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.medway-magic.org/
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-14 19:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-06-14 19:20
ComboFix-quarantined-files.txt 2009-06-14 18:20

Pre-Run: 3,307,659,264 bytes free
Post-Run: 3,616,624,640 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

917 --- E O F --- 2009-06-12 02:01
DJGarry
Regular Member
 
Posts: 55
Joined: May 30th, 2008, 11:05 am
Location: UK

Re: Trojan Horse virus help needed please

Unread postby peku006 » June 14th, 2009, 2:49 pm

Hi Garry

looks better..... :D

1 - Run CFScript

Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
File::
c:\windows\system32\9cczthief55.dll

Driver::
cpuz129



Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

2 - Run Malwarebytes' Anti-Malware

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Make sure the "Perform Full Scan" option is selected.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

3 - Status Check
Please reply with

1.the the ComboFix log
2. the Malwarebytes' Anti-Malware Log
description of any problems you are having with your PC

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Trojan Horse virus help needed please

Unread postby DJGarry » June 15th, 2009, 12:19 pm

Hi.

Still getting the odd redirect when clicking web links.


The last Combofix run produced some strange results midway thru .....
Gave me some file (very long names) to write down ... siad we may need then later ... but didn't request anything else on them so maybe fixed them it'self.
All of the, were in system32 folder and started with gxvx and either ended with .dll or .sys .... Rootkit, I am lead to believe ... if that's any help ....

Logs below :-)



Cheers, Garry









ComboFix 09-06-13.09 - MUM 14/06/2009 21:45.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.595 [GMT 1:00]
Running from: c:\documents and settings\MUM\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\MUM\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: PCguard Anti-Virus *On-access scanning disabled* (Outdated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: PCguard Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
* Created a new restore point

FILE ::
"c:\windows\system32\9cczthief55.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\9cczthief55.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CPUZ129
-------\Service_cpuz129


((((((((((((((((((((((((( Files Created from 2009-05-14 to 2009-06-14 )))))))))))))))))))))))))))))))
.

2009-06-12 18:48 . 2009-06-12 18:49 -------- d-----w- C:\rsit
2009-06-12 13:18 . 2009-06-12 13:21 -------- d-----w- c:\documents and settings\MUM\DoctorWeb
2009-06-10 17:20 . 2009-06-10 17:21 -------- d-----w- c:\program files\QuickTime
2009-06-09 08:54 . 2009-06-09 08:54 -------- d-----w- c:\documents and settings\MUM\Application Data\Malwarebytes
2009-06-09 06:16 . 2009-05-26 12:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-09 06:16 . 2009-06-09 09:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-09 06:16 . 2009-06-09 06:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-09 06:16 . 2009-05-26 12:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-08 20:13 . 2009-06-08 20:13 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-08 20:13 . 2009-06-08 20:13 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-08 20:13 . 2009-06-08 20:13 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-08 20:13 . 2009-06-08 20:13 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-08 20:13 . 2009-06-14 07:55 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-08 20:13 . 2009-06-08 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-08 20:13 . 2009-06-08 20:13 -------- d-----w- c:\program files\AVG
2009-06-08 19:45 . 2009-06-09 19:14 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-04 18:22 . 2009-06-04 18:22 -------- d-----w- c:\program files\Windows Live Safety Center
2009-06-03 22:46 . 2009-06-06 16:46 -------- d-----w- c:\windows\Application Data
2009-06-03 22:06 . 2009-06-03 22:06 1506712 ----a-w- c:\documents and settings\MUM\Application Data\Virgin Broadband\advisor\downloads\advisor.41.exe.dir\advisor.exe
2009-05-18 20:28 . 2009-05-18 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2009-05-18 19:45 . 2009-05-18 19:45 -------- d-----w- c:\program files\NCH Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 09:48 . 2005-05-16 15:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-09 16:14 . 2004-02-01 19:42 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-09 09:58 . 2009-04-03 14:12 -------- d-----w- c:\program files\Norton Security Scan
2009-06-09 09:57 . 2002-01-01 22:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-09 09:55 . 2009-01-10 13:30 -------- d-----w- c:\program files\iTunes
2009-06-09 09:55 . 2006-02-25 09:41 -------- d-----w- c:\program files\Google
2009-06-09 09:54 . 2009-01-13 12:21 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-06-09 09:54 . 2009-01-13 12:21 -------- d-----w- c:\program files\NOS
2009-06-08 20:20 . 2007-03-23 00:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-08 20:06 . 2007-03-22 23:32 -------- d-----w- c:\program files\Virgin Broadband
2009-06-08 20:05 . 2004-07-12 12:51 -------- d-----w- c:\program files\VideoLAN
2009-06-08 19:55 . 2007-03-22 23:39 -------- d-----w- c:\program files\Common Files\PestPatrol
2009-06-04 13:04 . 2009-02-23 13:34 -------- d-----w- c:\documents and settings\MUM\Application Data\HPAppData
2009-05-27 10:49 . 2009-04-22 10:30 -------- d-----w- c:\documents and settings\MUM\Application Data\U3
2009-05-07 15:32 . 2002-01-02 04:53 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 17:16 . 2009-05-05 17:16 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-05 17:16 . 2006-04-24 14:48 -------- d-----w- c:\program files\iPod
2009-05-05 17:16 . 2007-10-02 14:03 -------- d-----w- c:\program files\Common Files\Apple
2009-05-05 17:13 . 2009-05-05 17:13 -------- d-----w- c:\program files\Bonjour
2009-05-05 17:03 . 2009-05-05 17:03 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-29 04:56 . 2004-02-06 17:05 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2002-01-02 04:53 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-04-14 01:09 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-03 10:55 . 2007-05-20 16:18 52240 ----a-w- c:\documents and settings\OLIVER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-19 15:32 . 2009-03-19 15:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 15:32 . 2008-01-29 11:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-07-13 28739]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"OneTouch Monitor"="c:\program files\Xerox One Touch\OneTouchMon.exe" [2003-06-12 86016]
"SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]
"Motive SmartBridge"="c:\progra~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe" [2005-09-22 438359]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-08 1947928]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]

c:\documents and settings\MUM\Start Menu\Programs\Startup\
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2006-8-15 19968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2002-1-1 1742384]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-08 20:13 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\WinMX\\WinMX.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\ttru_DarkCrusade.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [08/06/2009 21:13 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [08/06/2009 21:13 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [08/06/2009 21:13 298776]
R2 WUSB54GSv2SVC;WUSB54GSv2SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [25/06/2008 17:12 53307]
S3 gbalink;GBA Link Driver (gbalink.sys);c:\windows\system32\drivers\gbalink.sys [27/02/2005 18:45 19677]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-05-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.medway-magic.org/
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-14 21:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4036)
c:\progra~1\BLUEYO~1\SMARTB~1\SBHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\WinRAR\rarext.dll
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Virgin Broadband\PCguard\fws.exe
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Command Software\dvpapi.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2009-06-14 21:57 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-14 20:57
ComboFix2.txt 2009-06-14 18:20

Pre-Run: 3,597,815,808 bytes free
Post-Run: 3,510,292,480 bytes free

200 --- E O F --- 2009-06-12 02:01



















Malwarebytes' Anti-Malware 1.37
Database version: 2279
Windows 5.1.2600 Service Pack 3

15/06/2009 11:09:17
mbam-log-2009-06-15 (11-09-17).txt

Scan type: Full Scan (C:\|)
Objects scanned: 210751
Time elapsed: 1 hour(s), 18 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{1b3bd5e1-fd53-4ae5-be34-b5cd3b722be0}\RP990\A0121849.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
DJGarry
Regular Member
 
Posts: 55
Joined: May 30th, 2008, 11:05 am
Location: UK

Re: Trojan Horse virus help needed please

Unread postby peku006 » June 15th, 2009, 1:40 pm

Hi Garry

1 - Download and Run Gmer

Please download Gmer by Gmer and save it to your desktop.

  • Right click on gmer.zip and select Extract All....
  • Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  • Click on the Browse button. Click on Desktop. Then click OK.
  • Click Next. It will start extracting.
  • Once done, check (tick) the Show extracted files box and click Finish.
  • Double click on gmer.exe to run it.
  • Select the Rootkit tab.
  • On the right hand side, check all the items to be scanned, but leave Show All box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click on the Scan button.
  • When the scan is finished, click Copy to save the scan log to the Windows clipboard.
  • Open Notepad or a similar text editor.
  • Paste the clipboard contents into the text editor.
  • Save the Gmer scan log and post it in your next reply.
  • Close Gmer.

Note: Do not run any programs while Gmer is running.

2 - Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :reg
    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
    
     

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt

3 - Status Check
Please reply with

the Gmer log
the SystemLook.txt

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Trojan Horse virus help needed please

Unread postby DJGarry » June 16th, 2009, 7:30 am

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-16 12:27:27
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code 86AE1B58 ZwCreateSection
Code 86AE17C8 ZwDuplicateObject
Code 86AE1A28 ZwSetInformationFile
Code 8695F478 ZwSetSystemInformation
Code 86AE1C88 ZwWriteFile
Code \??\C:\DOCUME~1\MUM\LOCALS~1\Temp\catchme.sys pIofCallDriver
Code 86AE1B57 NtCreateSection
Code 86AE17C7 NtDuplicateObject
Code 86AE1A27 NtSetInformationFile
Code 86AE1C87 NtWriteFile

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!NtCreateSection 805652B3 7 Bytes JMP 86AE1B5C
PAGE ntoskrnl.exe!ZwQueryPerformanceCounter + 590 805678D8 7 Bytes JMP 86AE1DBC
PAGE ntoskrnl.exe!FsRtlCurrentBatchOplock + 28D 8056CC66 7 Bytes JMP 86AE1EEC
PAGE ntoskrnl.exe!NtDuplicateObject 805715E0 7 Bytes JMP 86AE17CC
PAGE ntoskrnl.exe!NtSetInformationFile 8057494A 5 Bytes JMP 86AE1A2C
PAGE ntoskrnl.exe!NtWriteFile 80574BF5 7 Bytes JMP 86AE1C8C
PAGE ntoskrnl.exe!ZwSetSystemInformation 805A7BED 5 Bytes JMP 8695F47C
? Combo-Fix.sys The system cannot find the file specified. !
PAGE Fastfat.SYS EDB3B9C8 7 Bytes JMP 86AE18FC
? C:\DOCUME~1\MUM\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3432] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3432] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 40A5178F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3432] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 40A51710 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3432] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 40A51754 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3432] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 40A5169C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3432] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 40A516D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3432] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 40A517CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3432] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \FatCdrom Code 86AE18F8

AttachedDevice \Driver\Tcpip \Device\Ip FreeTdi.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp FreeTdi.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp FreeTdi.sys (Radialpoint Filter/Radialpoint Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp FreeTdi.sys (Radialpoint Filter/Radialpoint Inc.)

Device \FileSystem\Fastfat \Fat Code 86AE18F8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158316be76
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0019860001f9
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\050c26292050
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\450c26296068
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00158316be76
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0019860001f9
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\050c26292050
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\450c26296068

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\MUM\My Documents\Desktop Bits\Ryans Documents and Settings\Patrick ryan\Application Data\Macromedia\Flash Player\#SharedObjects\6346EFWA\www.skyvegas.com\games\CaribbeanNights20E4aProgMRoul5Sym\CaribbeanNights20E4aProgMRoul5SymGame.swf\CARIBB~1.SOL 121 bytes

---- EOF - GMER 1.0.15 ----
















SystemLook v1.0 by jpshortstuff (22.05.09)
Log created at 12:29 on 16/06/2009 by MUM (Administrator - Elevation successful)

========== reg ==========

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi"="wdmaud.drv"
"midimapper"="midimap.dll"
"mixer"="wdmaud.drv"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.l3acm"="C:\WINDOWS\System32\l3codeca.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msaudio1"="msaud32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msg723"="msg723.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.siren"="sirenacm.dll"
"msacm.sl_anet"="sl_anet.acm"
"msacm.trspch"="tssoft32.acm"
"vidc.cvid"="iccvid.dll"
"vidc.I420"="msh263.drv"
"vidc.iv31"="ir32_32.dll"
"vidc.iv32"="ir32_32.dll"
"vidc.iyuv"="iyuv_32.dll"
"vidc.M261"="msh261.drv"
"vidc.M263"="msh263.drv"
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"vidc.uyvy"="msyuv.dll"
"VIDC.WMV3"="wmv9vcm.dll"
"vidc.yuy2"="msyuv.dll"
"vidc.yvu9"="tsbyuv.dll"
"vidc.yvyu"="msyuv.dll"
"wave"="wdmaud.drv"
"wavemapper"="msacm32.drv"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server]


-=End Of File=-
DJGarry
Regular Member
 
Posts: 55
Joined: May 30th, 2008, 11:05 am
Location: UK

Re: Trojan Horse virus help needed please

Unread postby peku006 » June 16th, 2009, 1:19 pm

Hi Garry

Download and run OTS

  • Download OTS by Oldtimer to your Desktop and double-click on it to extract the files.

      NOTE: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • Click the Scan All Users checkbox on the toolbar.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Close Notepad (saving the change if necessry).

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Trojan Horse virus help needed please

Unread postby DJGarry » June 16th, 2009, 5:52 pm

Code: Select all
OTS logfile created on: 16/06/2009 22:08:20 - Run 1
OTS by OldTimer - Version 3.0.5.3     Folder = C:\Documents and Settings\MUM\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1021.98 Mb Total Physical Memory | 623.34 Mb Available Physical Memory | 60.99% Memory free
1.28 Gb Paging File | 0.99 Gb Available in Paging File | 77.18% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 3.09 Gb Free Space | 4.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: GAYNA
Current User Name: MUM
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.)
avgnsx.exe -> C:\Program Files\AVG\AVG8\avgnsx.exe -> [2009/06/08 21:13:25 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrsx.exe -> C:\Program Files\AVG\AVG8\avgrsx.exe -> [2009/06/08 21:13:25 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgtray.exe -> C:\Program Files\AVG\AVG8\avgtray.exe -> [2009/06/08 21:13:23 | 01,947,928 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009/06/08 21:13:22 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.)
blueyonder-istnotifier.exe -> C:\Program Files\blueyonder IST\SmartBridge\blueyonder-istnotifier.exe -> [2005/09/22 09:05:40 | 00,438,359 | ---- | M] (Motive Communications, Inc.)
brss01a.exe -> C:\WINDOWS\System32\brss01a.exe -> [2001/12/13 00:01:00 | 00,045,056 | ---- | M] (brother Industries Ltd)
brsvc01a.exe -> C:\WINDOWS\System32\brsvc01a.exe -> [2002/04/12 00:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd)
dvpapi.exe -> C:\Program Files\Common Files\Command Software\dvpapi.exe -> [2007/04/27 19:07:52 | 00,177,688 | R--- | M] (Authentium, Inc.)
explorer.exe -> C:\WINDOWS\Explorer.EXE -> [2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
fws.exe -> C:\Program Files\Virgin Broadband\PCguard\fws.exe -> [2007/01/24 19:53:22 | 00,316,920 | ---- | M] (Radialpoint Inc.)
hpqbam08.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe -> [2007/10/19 21:46:08 | 00,610,304 | ---- | M] (Hewlett-Packard Co.)
hpqgpc01.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe -> [2007/11/02 21:12:50 | 00,262,144 | ---- | M] (Hewlett-Packard)
hpqste08.exe -> C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe -> [2007/10/19 21:46:08 | 00,184,320 | ---- | M] (Hewlett-Packard Co.)
hpwuschd2.exe -> C:\Program Files\HP\HP Software Update\HPWuSchd2.exe -> [2007/10/14 22:17:32 | 00,049,152 | ---- | M] (Hewlett-Packard)
ipodservice.exe -> C:\Program Files\iPod\bin\iPodService.exe -> [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.)
ituneshelper.exe -> C:\Program Files\iTunes\iTunesHelper.exe -> [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.)
jusched.exe -> C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe -> [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
mdnsresponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
ots.exe -> C:\Documents and Settings\MUM\Desktop\OTS.exe -> [2009/06/16 22:06:31 | 00,507,392 | ---- | M] (OldTimer Tools)
wlservice.exe -> C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe -> [2005/07/04 16:46:04 | 00,053,307 | ---- | M] (GEMTEKS)
wusb54gsv2.exe -> C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe -> [2006/02/23 07:59:18 | 05,203,968 | ---- | M] (Linksys)
 
[Win32 Services - Safe List]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation)
(avg8wd) AVG Free8 WatchDog [Win32_Own | Auto | Running] -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009/06/08 21:13:22 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> C:\Program Files\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
(Brother XP spl Service) BrSplService [Win32_Own | Auto | Running] -> C:\WINDOWS\System32\brsvc01a.exe -> [2002/04/12 00:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation)
(dvpapi) dvpapi [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Command Software\dvpapi.exe -> [2007/04/27 19:07:52 | 00,177,688 | R--- | M] (Authentium, Inc.)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -> [2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -> [2008/04/14 01:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(hpqcxs08) hpqcxs08 [Win32_Shared | On_Demand | Running] -> C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -> [2007/11/06 22:16:54 | 00,217,088 | ---- | M] (Hewlett-Packard Co.)
(hpqddsvc) HP CUE DeviceDiscovery Service [Win32_Shared | Auto | Running] -> C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -> [2007/11/06 22:16:54 | 00,139,264 | ---- | M] (Hewlett-Packard Co.)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> C:\Program Files\iPod\bin\iPodService.exe -> [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.)
(LPDSVC) TCP/IP Print Server [Win32_Shared | On_Demand | Stopped] -> C:\WINDOWS\System32\tcpsvcs.exe -> [2002/08/29 13:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation)
(Net Driver HPZ12) Net Driver HPZ12 [Win32_Own | Auto | Running] -> C:\WINDOWS\System32\HPZinw12.dll -> [2008/07/18 13:13:20 | 00,044,032 | ---- | M] (Hewlett-Packard)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation)
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> C:\WINDOWS\System32\HPZipm12.dll -> [2008/07/18 13:13:20 | 00,053,760 | ---- | M] (Hewlett-Packard)
(RP_FWS) PCguard Firewall [Win32_Own | Auto | Running] -> C:\Program Files\Virgin Broadband\PCguard\fws.exe -> [2007/01/24 19:53:22 | 00,316,920 | ---- | M] (Radialpoint Inc.)
(usnjsvc) Messenger Sharing Folders USN Journal Reader service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\MSN Messenger\usnsvc.exe -> [2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Media Player\WMPNetwk.exe -> [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
(WUSB54GSv2SVC) WUSB54GSv2SVC [Win32_Own | Auto | Running] ->  -> File not found
 
[Driver Services - Safe List]
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.2.0.3 [Kernel | Auto | Running] -> C:\WINDOWS\System32\DRIVERS\AegisP.sys -> [2008/06/25 17:12:10 | 00,017,801 | ---- | M] (Meetinghouse Data Communications)
(ALCXWDM) Service for Realtek AC97 Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\ALCXWDM.SYS -> [2003/06/19 08:30:18 | 00,752,764 | ---- | M] (Realtek Semiconductor Corp.)
(ASCTRM) ASCTRM [Kernel | Auto | Running] -> C:\WINDOWS\System32\drivers\asctrm.sys -> [2002/01/01 23:27:55 | 00,008,552 | ---- | M] (Windows (R) 2000 DDK provider)
(Aspi32) Aspi32 [Kernel | Auto | Running] -> C:\WINDOWS\System32\drivers\ASPI32.sys -> [1999/09/10 12:06:00 | 00,025,244 | R--- | M] (Adaptec)
(AvgLdx86) AVG Free AVI Loader Driver x86 [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\avgldx86.sys -> [2009/06/08 21:13:45 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgMfx86) AVG Free On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> C:\WINDOWS\System32\Drivers\avgmfx86.sys -> [2009/06/08 21:13:43 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgTdiX) AVG Free8 Network Redirector [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\avgtdix.sys -> [2009/06/08 21:13:47 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.)
(BrScnUsb) Brother USB Still Image driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\Drivers\BrScnUsb.sys -> [2004/10/15 12:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.)
(BrSerIf) Brother MFC Serial Port Interface WDM Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\Drivers\BrSerIf.sys -> [2004/09/29 03:24:38 | 00,051,712 | ---- | M] (Brother Industries Ltd.)
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\Drivers\BrUsbSer.sys -> [2004/01/10 04:28:18 | 00,011,648 | ---- | M] (Brother Industries Ltd.)
(Cdr4_xp) Cdr4_xp [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\cdr4_xp.sys -> [2005/09/07 13:29:44 | 00,044,288 | ---- | M] (Sonic Solutions)
(Cdralw2k) Cdralw2k [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\cdralw2k.sys -> [2005/09/07 13:32:58 | 00,024,960 | ---- | M] (Sonic Solutions)
(CSS DVP) CSS DVP [Kernel | Auto | Running] -> C:\WINDOWS\System32\DRIVERS\css-dvp.sys -> [2007/04/27 18:49:12 | 00,840,352 | R--- | M] (Authentium, Inc.)
(Freedom) Freedom Miniport [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\FREEDOM.SYS -> [2003/09/24 09:23:56 | 00,033,408 | ---- | M] (Zero-Knowledge Systems Inc.)
(FreeTdi) Radialpoint Filter (RPS-12798) [Kernel | Auto | Running] -> C:\WINDOWS\System32\Drivers\FreeTdi.sys -> [2006/01/11 14:58:38 | 00,054,840 | ---- | M] (Radialpoint Inc.)
(gbalink) GBA Link Driver (gbalink.sys) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\Drivers\gbalink.sys -> [2001/03/08 11:15:10 | 00,019,677 | R--- | M] (Thesycon GmbH, Germany)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -> [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.)
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\HPZid412.sys -> [2007/10/30 03:25:53 | 00,049,920 | R--- | M] (HP)
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -> [2007/10/30 03:25:54 | 00,016,496 | R--- | M] (HP)
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\HPZius12.sys -> [2007/10/30 03:25:55 | 00,021,568 | R--- | M] (HP)
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys -> [2002/02/13 19:27:30 | 00,166,419 | ---- | M] (Conexant Systems)
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\HSF_DP.sys -> [2002/02/13 19:26:54 | 01,171,584 | ---- | M] (Conexant Systems)
(ialm) ialm [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -> [2003/04/15 03:39:46 | 00,090,907 | ---- | M] (Intel Corporation)
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys -> [2001/10/22 22:46:42 | 00,009,855 | ---- | M] (Conexant)
(MRENDIS5) MRENDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Program Files\Common Files\Motive\MRENDIS5.sys -> [2004/11/22 17:36:40 | 00,018,003 | ---- | M] (Motive, Inc.)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\ptilink.sys -> [2002/08/29 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\PxHelp20.sys -> [2003/10/28 11:02:00 | 00,020,016 | ---- | M] (Sonic Solutions)
(rtl8139) Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -> [2003/07/11 03:37:00 | 00,025,434 | ---- | M] (Realtek Semiconductor Corporation                                                )
(Secdrv) Secdrv [Kernel | Auto | Running] -> C:\WINDOWS\System32\DRIVERS\secdrv.sys -> [2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(STEC3) STEC3 [Kernel | Auto | Running] -> C:\WINDOWS\System32\STEC3.sys -> [2004/06/24 13:10:16 | 00,002,368 | ---- | M] (AntiCracking)
(USB_RNDIS) Linksys Wireless-G USB Network Adapter with SpeedBooster Driver v2 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\usb8023.sys -> [2008/04/13 19:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation)
(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys -> [2002/02/13 19:20:46 | 00,594,032 | ---- | M] (Conexant Systems)
({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS) Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\ialmsbw.sys -> [2003/04/15 03:40:54 | 00,113,504 | ---- | M] (Intel Corporation)
({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH) Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\drivers\ialmkchw.sys -> [2003/04/15 03:40:46 | 00,078,752 | ---- | M] (Intel Corporation)
(GTNDIS5) GTNDIS5 NDIS Protocol Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\System32\GTNDIS5.SYS -> [2003/09/26 13:15:32 | 00,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
HKEY_USERS\S-1-5-19\: Main\\"Start Page" -> http://www.freeserve.co.uk -> 
HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
HKEY_USERS\S-1-5-20\: Main\\"Start Page" -> http://www.freeserve.co.uk -> 
HKEY_USERS\S-1-5-20\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-2891841606-1732997126-3898492533-1005\] > -> -> 
HKEY_USERS\S-1-5-21-2891841606-1732997126-3898492533-1005\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_USERS\S-1-5-21-2891841606-1732997126-3898492533-1005\: Main\\"Page_Transitions" -> 1 -> 
HKEY_USERS\S-1-5-21-2891841606-1732997126-3898492533-1005\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_USERS\S-1-5-21-2891841606-1732997126-3898492533-1005\: Main\\"SearchMigratedDefaultName" -> Google -> 
HKEY_USERS\S-1-5-21-2891841606-1732997126-3898492533-1005\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 -> 
HKEY_USERS\S-1-5-21-2891841606-1732997126-3898492533-1005\: Main\\"Start Page" -> http://www.medway-magic.org/ -> 
HKEY_USERS\S-1-5-21-2891841606-1732997126-3898492533-1005\: SearchURL\\"" -> http://home.microsoft.com/access/autosearch.asp?p=%s -> 
HKEY_USERS\S-1-5-21-2891841606-1732997126-3898492533-1005\: "ProxyEnable" -> 0 -> 
HKEY_USERS\S-1-5-21-2891841606-1732997126-3898492533-1005\: "ProxyOverride" -> 127.0.0.1;localhost;*.local -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
< FireFox Extensions [User Folders] > -> 
< HOSTS File > (27 bytes and 1 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{0347C33E-8762-4905-BF09-768834316C61} [HKLM] -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [HP Print Enhancer] -> [2007/11/06 02:50:44 | 00,322,880 | ---- | M] (Hewlett-Packard Co.)
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2008/06/11 23:33:16 | 00,075,128 | ---- | M] (Adobe Systems Incorporated)
{243B17DE-77C7-46BF-B94B-0B5F309A0E64} [HKLM] -> C:\Program Files\Microsoft Money\System\mnyside.dll [Reg Error: Value error.] -> [2002/07/17 12:00:00 | 00,163,906 | ---- | M] (Microsoft Corporation)
{3C060EA2-E6A9-4E49-A530-D4657B8C449A} [HKLM] -> C:\Program Files\Virgin Broadband\PCguard\pkR.dll [PopKill Class] -> [2007/01/24 19:51:24 | 00,049,152 | ---- | M] (Radialpoint Inc.)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files\AVG\AVG8\avgssie.dll [AVG Safe Search] -> [2009/06/08 21:13:27 | 01,107,224 | ---- | M] (AVG Technologies CZ, s.r.o.)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [] -> [2004/05/12 01:03:00 | 00,744,960 | ---- | M] (Safer Networking Limited)
{56071E0D-C61B-11D3-B41C-00E02927A304} [HKLM] -> C:\Program Files\Virgin Broadband\PCguard\FBHR.dll [ZKBho Class] -> [2007/01/24 19:51:24 | 00,135,168 | ---- | M] (Radialpoint Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> [2008/06/10 04:27:02 | 00,509,328 | ---- | M] (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2006/08/31 20:33:06 | 00,322,368 | ---- | M] (Microsoft Corporation)
{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} [HKLM] -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [HP Smart BHO Class] -> [2007/11/06 02:50:44 | 00,542,016 | ---- | M] (Hewlett-Packard Co.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"SITEguard" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2891841606-1732997126-3898492533-1005\] > -> HKEY_USERS\S-1-5-21-2891841606-1732997126-3898492533-1005\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"] -> [2008/06/12 03:38:00 | 00,034,672 | ---- | M] (Adobe Systems Incorporated)
"AppleSyncNotifier" -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> [2008/09/03 20:12:50 | 00,111,936 | ---- | M] (Apple Inc.)
"AVG8_TRAY" -> C:\Program Files\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> [2009/06/08 21:13:23 | 01,947,928 | ---- | M] (AVG Technologies CZ, s.r.o.)
"BluetoothAuthenticationAgent" -> C:\WINDOWS\System32\bthprops.cpl [rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent] -> [2008/04/14 02:12:42 | 00,110,592 | ---- | M] (Microsoft Corporation)
"ControlCenter2.0" -> C:\Program Files\Brother\ControlCenter2\brctrcen.exe [C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun] -> [2005/05/17 17:42:32 | 00,933,888 | ---- | M] (Brother Industries, Ltd.)
"HP Software Update" -> C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> [2007/10/14 22:17:32 | 00,049,152 | ---- | M] (Hewlett-Packard)
"hpqSRMon" -> C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe] -> [2007/08/22 17:31:16 | 00,080,896 | ---- | M] (Hewlett-Packard)
"IndexSearch" -> C:\Program Files\Scansoft\PaperPort\IndexSearch.exe [C:\Program Files\Scansoft\PaperPort\IndexSearch.exe] -> [2005/03/17 14:45:52 | 00,040,960 | ---- | M] (ScanSoft, Inc.)
"iTunesHelper" -> C:\Program Files\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.)
"Motive SmartBridge" -> C:\Program Files\blueyonder IST\SmartBridge\blueyonder-istnotifier.exe [C:\PROGRA~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe] -> [2005/09/22 09:05:40 | 00,438,359 | ---- | M] (Motive Communications, Inc.)
"NeroFilterCheck" -> C:\WINDOWS\System32\NeroCheck.exe [C:\WINDOWS\system32\NeroCheck.exe] -> [2001/07/09 12:50:42 | 00,155,648 | ---- | M] (Ahead Software Gmbh)
"OneTouch Monitor" -> C:\Program Files\Xerox One Touch\OneTouchMon.exe ["C:\Program Files\Xerox One Touch\OneTouchMon.exe"] -> [2003/06/12 16:14:00 | 00,086,016 | ---- | M] (Visioneer Inc)
"QuickTime Task" -> C:\Program Files\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2009/05/26 17:18:30 | 00,413,696 | ---- | M] (Apple Inc.)
"SetDefPrt" -> C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe [C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe] -> [2005/01/26 18:02:22 | 00,049,152 | ---- | M] (Brother Industories, Ltd.)
"SSBkgdUpdate" -> C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe ["C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot] -> [2003/10/14 10:22:30 | 00,155,648 | R--- | M] (Scansoft, Inc.)
"SunJavaUpdateSched" -> C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Symantec NetDriver Warning" -> C:\Program Files\SymNetDrv\SNDWarn.exe [C:\PROGRA~1\SYMNET~1\SNDWarn.exe] -> [2004/10/29 09:52:14 | 00,218,232 | ---- | M] (Symantec Corporation)
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Symantec NetDriver Warning" -> C:\Program Files\SymNetDrv\SNDWarn.exe [C:\PROGRA~1\SYMNET~1\SNDWarn.exe] -> [2004/10/29 09:52:14 | 00,218,232 | ---- | M] (Symantec Corporation)
< Run [HKEY_USERS\S-1-5-21-2891841606-1732997126-3898492533-1005\] > -> HKEY_USERS\S-1-5-21-2891841606-1732997126-3898492533-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Microsoft Works Update Detection" -> c:\Program Files\Microsoft Works\WkDetect.exe [c:\Program Files\Microsoft Works\WkDetect.exe] -> [2000/07/13 21:00:00 | 00,028,739 | ---- | M] (Microsoft® Corporation)
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk -> C:\Program Files\BigFix\BigFix.exe -> [2002/07/31 11:22:26 | 01,742,384 | ---- | M] (BigFix Inc.)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe -> [2007/10/14 21:38:52 | 00,214,360 | ---- | M] (Hewlett-Packard Co.)
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< HEIDI Startup Folder > -> C:\Documents and Settings\HEIDI\Start Menu\Programs\Startup -> 
< MUM Startup Folder > -> C:\Documents and Settings\MUM\Start Menu\Programs\Startup -> 
C:\Documents and Settings\MUM\Start Menu\Programs\Startup\WordWeb.lnk -> C:\Program Files\WordWeb\wweb32.exe -> [2005/08/29 16:10:34 | 00,019,968 | ---- | M] (Antony Lewis)
< OLIVER Startup Folder > -> C:\Documents and Settings\OLIVER\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_USERS\S-1-5-21-2891841606-1732997126-3898492533-1005] > -> HKEY_USERS\S-1-5-21-2891841606-1732997126-3898492533-1005\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
\\"DisableRegistryTools" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"CDRAutoRun" ->  [0] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"CDRAutoRun" ->  [0] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2891841606-1732997126-3898492533-1005] > -> HKEY_USERS\S-1-5-21-2891841606-1732997126-3898492533-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-2891841606-1732997126-3898492533-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2891841606-1732997126-3898492533-1005] > -> HKEY_USERS\S-1-5-21-2891841606-1732997126-3898492533-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll [Menu: Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{DDE87865-83C5-48c4-8357-2F5B1AA84522}:{DDE87865-83C5-48c4-8357-2F5B1AA84522} [HKLM] -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [Button: HP Smart Select] -> [2007/11/06 02:50:44 | 00,542,016 | ---- | M] (Hewlett-Packard Co.)
{E023F504-0C5A-4750-A1E7-A9046DEA8A21}:{DD6687B5-CB43-4211-BFC9-2942CCBDCB3E} [HKLM] -> C:\Program Files\Microsoft Money\System\mnyside.dll [Button: Money Viewer] -> [2002/07/17 12:00:00 | 00,163,906 | ---- | M] (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{E023F504-0C5A-4750-A1E7-A9046DEA8A21}" [HKLM] -> C:\Program Files\Microsoft Money\System\mnyside.dll [Money Viewer] -> [2002/07/17 12:00:00 | 00,163,906 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{E023F504-0C5A-4750-A1E7-A9046DEA8A21}" [HKLM] -> C:\Program Files\Microsoft Money\System\mnyside.dll [Money Viewer] -> [2002/07/17 12:00:00 | 00,163,906 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-2891841606-1732997126-3898492533-1005\] > -> HKEY_USERS\S-1-5-21-2891841606-1732997126-3898492533-1005\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> C:\WINDOWS\System32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 19:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{E023F504-0C5A-4750-A1E7-A9046DEA8A21}" [HKLM] -> C:\Program Files\Microsoft Money\System\mnyside.dll [Money Viewer] -> [2002/07/17 12:00:00 | 00,163,906 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> C:\Program Files\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-2891841606-1732997126-3898492533-1005\] > -> HKEY_USERS\S-1-5-21-2891841606-1732997126-3898492533-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-2891841606-1732997126-3898492533-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2891841606-1732997126-3898492533-1005\] > -> HKEY_USERS\S-1-5-21-2891841606-1732997126-3898492533-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-2891841606-1732997126-3898492533-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{00B71CFB-6864-4346-A978-C0A14556272C} [HKLM] -> http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab [Checkers Class] -> 
{02BCC737-B171-4746-94C9-0D8A0B2C0089} [HKLM] -> http://office.microsoft.com/templates/ieawsdc.cab [Microsoft Office Template and Media Control] -> 
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> http://www.apple.com/qtactivex/qtplugin.cab [QuickTime Object] -> 
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [HKLM] -> http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab [Office Genuine Advantage Validation Tool] -> 
{0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] -> http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab [Facebook Photo Uploader 5 Control] -> 
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] -> 
{233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] -> 
{2917297F-F02B-4B9D-81DF-494B6333150B} [HKLM] -> http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab [Minesweeper Flags Class] -> 
{33564D57-0000-0010-8000-00AA00389B71} [HKLM] -> http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB [Reg Error: Key error.] -> 
{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} [HKLM] -> http://upload.facebook.com/controls/FacebookPhotoUploader3.cab [Facebook Photo Uploader 4 Control] -> 
{5ED80217-570B-4DA9-BF44-BE107C0EC166} [HKLM] -> http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab [Windows Live Safety Center Base Module] -> 
{5F8469B4-B055-49DD-83F7-62B522420ECC} [HKLM] -> http://upload.facebook.com/controls/FacebookPhotoUploader.cab [Facebook Photo Uploader Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} [HKLM] -> http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab [MessengerStatsClient Class] -> 
{A90A5822-F108-45AD-8482-9BC8B12DD539} [HKLM] -> http://www.crucial.com/controls/cpcScanner.cab [Crucial cpcScan] -> 
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab [Java Plug-in 1.5.0_08] -> 
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab [Java Plug-in 1.5.0_09] -> 
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab [Java Plug-in 1.5.0_10] -> 
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab [Java Plug-in 1.6.0_01] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab [Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
DirectAnimation Java Classes [HKLM] -> file://C:\WINDOWS\Java\classes\dajava.cab [Reg Error: Key error.] -> 
Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 194.168.4.100 194.168.8.100 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{845944D2-9F76-450A-8A8C-A82A9C3EDE87}\\DhcpNameServer -> 194.168.4.100 194.168.8.100   (Realtek RTL8139/810X Family PCI Fast Ethernet NIC) -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
avgrsstarter -> C:\WINDOWS\System32\avgrsstx.dll -> [2009/06/08 21:13:48 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.)
igfxcui -> C:\WINDOWS\System32\igfxsrvc.dll -> [2003/04/06 17:06:48 | 00,315,392 | ---- | M] (Intel Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 01:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> [2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> [2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\System32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/14 01:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgnsx.exe" -> C:\Program Files\AVG\AVG8\avgnsx.exe [C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe] -> [2009/06/08 21:13:25 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" -> C:\Program Files\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> [2009/06/08 21:13:23 | 01,085,208 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\BitLord\BitLord.exe" -> C:\Program Files\BitLord\BitLord.exe [C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord] -> [2005/05/07 01:47:08 | 02,224,128 | ---- | M] (www.BitLord.com)
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe [C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe] -> [2007/11/02 11:58:46 | 01,421,312 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2007/11/30 02:24:18 | 00,107,864 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> [2007/10/31 16:45:22 | 00,147,456 | ---- | M] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> [2007/10/19 21:46:08 | 00,184,320 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> [2007/10/14 21:38:52 | 00,214,360 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2009/04/02 16:10:58 | 13,646,632 | ---- | M] (Apple Inc.)
"C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> [2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> [2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation)
"C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe" -> C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe [C:\Program Files\THQ\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade] -> [2007/03/16 19:37:44 | 03,112,536 | ---- | M] (THQ Canada Inc.)
"C:\Program Files\THQ\Dawn of War - Dark Crusade\ttru_DarkCrusade.exe" -> C:\Program Files\THQ\Dawn of War - Dark Crusade\ttru_DarkCrusade.exe [C:\Program Files\THQ\Dawn of War - Dark Crusade\ttru_DarkCrusade.exe:*:Enabled:ttru_DarkCrusade] -> [2007/11/17 20:03:08 | 03,112,536 | ---- | M] (THQ Canada Inc.)
"C:\Program Files\WinMX\WinMX.exe" -> C:\Program Files\WinMX\WinMX.exe [C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application] -> [2005/05/19 10:19:42 | 00,806,912 | ---- | M] (Frontcode Technologies)
"C:\WINDOWS\system32\rtcshare.exe" -> C:\WINDOWS\System32\rtcshare.exe [C:\WINDOWS\system32\rtcshare.exe:*:Disabled:RTC App Sharing] -> [2008/04/14 01:12:33 | 00,077,312 | ---- | M] (Microsoft Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [System32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2002/01/01 23:13:29 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\{d0d3d86f-bef6-11dd-8cd3-00402b770968}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0d3d86f-bef6-11dd-8cd3-00402b770968}\Shell
\{d0d3d86f-bef6-11dd-8cd3-00402b770968}\Shell\\"" ->  [Autorun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0d3d86f-bef6-11dd-8cd3-00402b770968}\Shell\AutoRun
\{d0d3d86f-bef6-11dd-8cd3-00402b770968}\Shell\AutoRun\\"" ->  [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0d3d86f-bef6-11dd-8cd3-00402b770968}\Shell\Open\command
\{d0d3d86f-bef6-11dd-8cd3-00402b770968}\Shell\Open\command\\"" -> F:\RECYCLER\S-2-0-45-100023858-100000929-100005047-5541.com [F:\RECYCLER\S-2-0-45-100023858-100000929-100005047-5541.com f:\] -> File not found
 
 
[Files/Folders - Created Within 30 Days]
3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
14 C:\Documents and Settings\MUM\Desktop\*.tmp files -> C:\Documents and Settings\MUM\Desktop\*.tmp -> 
OTS.exe -> C:\Documents and Settings\MUM\Desktop\OTS.exe -> [2009/06/16 22:06:25 | 00,507,392 | ---- | C] (OldTimer Tools)
02 Be The One.mp3 -> C:\Documents and Settings\MUM\Desktop\02 Be The One.mp3 -> [2009/06/16 13:57:00 | 06,060,102 | ---- | C] ()
SystemLook.exe -> C:\Documents and Settings\MUM\Desktop\SystemLook.exe -> [2009/06/16 12:28:26 | 00,101,636 | ---- | C] ()
RECYCLER -> C:\RECYCLER -> [2009/06/15 21:45:06 | 00,000,000 | -HSD | C]
gmer.exe -> C:\Documents and Settings\MUM\Desktop\gmer.exe -> [2009/06/15 21:44:26 | 00,286,208 | ---- | C] ()
gmer.zip -> C:\Documents and Settings\MUM\Desktop\gmer.zip -> [2009/06/15 21:43:35 | 00,278,221 | ---- | C] ()
temp -> C:\WINDOWS\temp -> [2009/06/14 21:57:57 | 00,000,000 | ---D | C]
Boot.bak -> C:\Boot.bak -> [2009/06/14 18:47:44 | 00,000,210 | ---- | C] ()
cmldr -> C:\cmldr -> [2009/06/14 18:47:39 | 00,260,272 | ---- | C] ()
cmdcons -> C:\cmdcons -> [2009/06/14 18:47:35 | 00,000,000 | RHSD | C]
SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2009/06/14 17:05:09 | 00,212,480 | ---- | C] (SteelWerX)
SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2009/06/14 17:05:09 | 00,161,792 | ---- | C] (SteelWerX)
PEV.exe -> C:\WINDOWS\PEV.exe -> [2009/06/14 17:05:09 | 00,155,136 | ---- | C] ()
SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2009/06/14 17:05:09 | 00,136,704 | ---- | C] (SteelWerX)
sed.exe -> C:\WINDOWS\sed.exe -> [2009/06/14 17:05:09 | 00,098,816 | ---- | C] ()
grep.exe -> C:\WINDOWS\grep.exe -> [2009/06/14 17:05:09 | 00,080,412 | ---- | C] ()
zip.exe -> C:\WINDOWS\zip.exe -> [2009/06/14 17:05:09 | 00,068,096 | ---- | C] ()
NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2009/06/14 17:05:09 | 00,031,232 | ---- | C] (NirSoft)
ERDNT -> C:\WINDOWS\ERDNT -> [2009/06/14 17:04:59 | 00,000,000 | ---D | C]
Qoobox -> C:\Qoobox -> [2009/06/14 17:04:53 | 00,000,000 | ---D | C]
Combo-Fix.exe -> C:\Documents and Settings\MUM\Desktop\Combo-Fix.exe -> [2009/06/14 10:20:05 | 03,026,828 | R--- | C] ()
MUM.exe -> C:\Documents and Settings\MUM\Desktop\MUM.exe -> [2009/06/12 19:48:45 | 00,396,288 | ---- | C] (Trend Micro Inc.)
rsit -> C:\rsit -> [2009/06/12 19:48:44 | 00,000,000 | ---D | C]
RSIT.exe -> C:\Documents and Settings\MUM\Desktop\RSIT.exe -> [2009/06/12 19:48:20 | 00,781,909 | ---- | C] ()
DoctorWeb -> C:\Documents and Settings\MUM\DoctorWeb -> [2009/06/12 14:18:52 | 00,000,000 | ---D | C]
drweb-cureit.exe -> C:\Documents and Settings\MUM\Desktop\drweb-cureit.exe -> [2009/06/12 10:01:44 | 14,407,624 | ---- | C] (Doctor Web, Ltd.)
QuickTime -> C:\Program Files\QuickTime -> [2009/06/10 18:20:50 | 00,000,000 | ---D | C]
backups -> C:\Documents and Settings\MUM\Desktop\backups -> [2009/06/10 10:36:29 | 00,000,000 | ---D | C]
MalWare Removal • View topic - Trojan Horse virus help needed please.url -> C:\Documents and Settings\MUM\Desktop\MalWare Removal • View topic - Trojan Horse virus help needed please.url -> [2009/06/09 23:17:58 | 00,000,299 | ---- | C] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/06/09 18:41:32 | 10,716,97920 | -HS- | C] ()
Malwarebytes -> C:\Documents and Settings\MUM\Application Data\Malwarebytes -> [2009/06/09 09:54:45 | 00,000,000 | ---D | C]
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/06/09 07:16:47 | 00,000,720 | ---- | C] ()
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/06/09 07:16:45 | 00,040,160 | ---- | C] (Malwarebytes Corporation)
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/06/09 07:16:43 | 00,019,096 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/06/09 07:16:43 | 00,000,000 | ---D | C]
Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2009/06/09 07:16:43 | 00,000,000 | ---D | C]
A stuff -> C:\Documents and Settings\MUM\My Documents\A stuff -> [2009/06/09 07:13:54 | 00,000,000 | ---D | C]
mbam-setup.exe -> C:\Documents and Settings\MUM\Desktop\mbam-setup.exe -> [2009/06/09 07:03:31 | 03,371,384 | ---- | C] (Malwarebytes Corporation                                    )
Bugs 06.09.csv -> C:\Documents and Settings\MUM\Desktop\Bugs 06.09.csv -> [2009/06/09 07:01:11 | 00,059,318 | ---- | C] ()
avgrsstx.dll -> C:\WINDOWS\System32\avgrsstx.dll -> [2009/06/08 21:13:48 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.)
AVG Free 8.5.lnk -> C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk -> [2009/06/08 21:13:48 | 00,001,507 | ---- | C] ()
avgtdix.sys -> C:\WINDOWS\System32\drivers\avgtdix.sys -> [2009/06/08 21:13:47 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.)
avgldx86.sys -> C:\WINDOWS\System32\drivers\avgldx86.sys -> [2009/06/08 21:13:45 | 00,325,896 | ---- | C] (AVG Technologies CZ, s.r.o.)
avgmfx86.sys -> C:\WINDOWS\System32\drivers\avgmfx86.sys -> [2009/06/08 21:13:43 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.)
incavi.avm -> C:\WINDOWS\System32\drivers\Avg\incavi.avm -> [2009/06/08 21:13:37 | 37,139,497 | ---- | C] ()
avi7.avg -> C:\WINDOWS\System32\drivers\Avg\avi7.avg -> [2009/06/08 21:13:37 | 06,061,540 | ---- | C] ()
miniavi.avg -> C:\WINDOWS\System32\drivers\Avg\miniavi.avg -> [2009/06/08 21:13:37 | 00,434,673 | ---- | C] ()
microavi.avg -> C:\WINDOWS\System32\drivers\Avg\microavi.avg -> [2009/06/08 21:13:37 | 00,077,549 | ---- | C] ()
Avg -> C:\WINDOWS\System32\drivers\Avg -> [2009/06/08 21:13:37 | 00,000,000 | ---D | C]
avg8 -> C:\Documents and Settings\All Users\Application Data\avg8 -> [2009/06/08 21:13:22 | 00,000,000 | ---D | C]
AVG -> C:\Program Files\AVG -> [2009/06/08 21:13:22 | 00,000,000 | ---D | C]
Ÿ9Ÿ9 -> C:\Documents and Settings\MUM\Ÿ9Ÿ9 -> [2009/06/08 20:54:06 | 00,000,000 | ---- | C] ()
$AVG8.VAULT$ -> C:\$AVG8.VAULT$ -> [2009/06/08 20:45:39 | 00,000,000 | -H-D | C]
Windows Live Safety Center -> C:\Program Files\Windows Live Safety Center -> [2009/06/04 19:22:37 | 00,000,000 | ---D | C]
Shortcut to regedit.exe.lnk -> C:\Documents and Settings\MUM\Desktop\Shortcut to regedit.exe.lnk -> [2009/06/04 13:21:29 | 00,001,029 | ---- | C] ()
Shortcut to taskmgr.exe.lnk -> C:\Documents and Settings\MUM\Desktop\Shortcut to taskmgr.exe.lnk -> [2009/06/04 13:20:37 | 00,000,972 | ---- | C] ()
Application Data -> C:\WINDOWS\Application Data -> [2009/06/03 23:46:18 | 00,000,000 | ---D | C]
MalWare Removal.url -> C:\Documents and Settings\MUM\Desktop\MalWare Removal.url -> [2009/06/03 09:59:39 | 00,000,299 | ---- | C] ()
HighjackThis.exe -> C:\Documents and Settings\MUM\Desktop\HighjackThis.exe -> [2009/06/03 09:49:07 | 00,396,288 | ---- | C] (Trend Micro Inc.)
Desktop Bits -> C:\Documents and Settings\MUM\My Documents\Desktop Bits -> [2009/06/03 07:05:24 | 00,000,000 | ---D | C]
Minidump -> C:\WINDOWS\Minidump -> [2009/05/28 22:48:39 | 00,000,000 | ---D | C]
NCH Software -> C:\Documents and Settings\All Users\Application Data\NCH Software -> [2009/05/18 21:28:51 | 00,000,000 | ---D | C]
NCH Software -> C:\Program Files\NCH Software -> [2009/05/18 20:45:17 | 00,000,000 | ---D | C]
ppadsetup.exe -> C:\Documents and Settings\MUM\My Documents\ppadsetup.exe -> [2009/05/18 20:39:08 | 00,242,352 | ---- | C] (NCH Software)
52289vzrus9.dll -> C:\WINDOWS\52289vzrus9.dll -> [2009/01/01 04:47:37 | 00,012,176 | ---- | C] ()
xlive.dll.cat -> C:\WINDOWS\System32\xlive.dll.cat -> [2008/10/28 18:40:48 | 00,173,552 | ---- | C] ()
55991spambotz.dll -> C:\WINDOWS\System32\55991spambotz.dll -> [2008/08/02 01:08:48 | 00,014,084 | ---- | C] ()
GTW32N50.dll -> C:\WINDOWS\System32\GTW32N50.dll -> [2008/06/25 17:12:09 | 00,094,208 | ---- | C] ()
libeay32.dll -> C:\WINDOWS\System32\libeay32.dll -> [2008/06/25 17:12:05 | 00,651,264 | ---- | C] ()
ssleay32.dll -> C:\WINDOWS\System32\ssleay32.dll -> [2008/06/25 17:12:05 | 00,147,456 | ---- | C] ()
WLAN.INI -> C:\WINDOWS\System32\WLAN.INI -> [2008/06/25 17:11:49 | 00,002,898 | ---- | C] ()
msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2008/01/01 22:31:43 | 00,000,004 | ---- | C] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2007/05/16 14:35:16 | 00,000,116 | ---- | C] ()
OGACheckControl.DLL -> C:\WINDOWS\System32\OGACheckControl.DLL -> [2007/03/05 13:34:28 | 00,676,224 | ---- | C] ()
gc.dll -> C:\WINDOWS\System32\gc.dll -> [2006/10/19 20:46:55 | 00,185,856 | ---- | C] ()
257DBC60.ini -> C:\WINDOWS\257DBC60.ini -> [2006/10/16 23:47:48 | 00,000,070 | ---- | C] ()
Brpfx04a.ini -> C:\WINDOWS\Brpfx04a.ini -> [2006/04/14 17:05:03 | 00,000,829 | ---- | C] ()
brpcfx.ini -> C:\WINDOWS\brpcfx.ini -> [2006/04/14 17:05:03 | 00,000,153 | ---- | C] ()
BrMuSNMP.dll -> C:\WINDOWS\System32\BrMuSNMP.dll -> [2006/04/14 17:04:00 | 00,106,496 | ---- | C] ()
maxlink.ini -> C:\WINDOWS\maxlink.ini -> [2006/04/14 17:00:36 | 00,027,015 | ---- | C] ()
brss01a.ini -> C:\WINDOWS\System32\brss01a.ini -> [2006/04/14 16:10:07 | 00,000,030 | ---- | C] ()
BRWMARK.INI -> C:\WINDOWS\BRWMARK.INI -> [2006/04/14 16:10:06 | 00,000,463 | ---- | C] ()
BRPP2KA.INI -> C:\WINDOWS\BRPP2KA.INI -> [2006/04/14 16:10:06 | 00,000,027 | ---- | C] ()
HEALTHCHECK 3.INI -> C:\WINDOWS\HEALTHCHECK 3.INI -> [2005/05/16 18:07:18 | 00,005,870 | ---- | C] ()
Disktool.INI -> C:\WINDOWS\Disktool.INI -> [2005/05/03 10:37:37 | 00,007,207 | R--- | C] ()
fwupgrade.ini -> C:\WINDOWS\fwupgrade.ini -> [2005/05/03 10:37:37 | 00,006,399 | R--- | C] ()
PlaySnd.INI -> C:\WINDOWS\PlaySnd.INI -> [2005/05/03 10:37:37 | 00,003,677 | R--- | C] ()
Tiny_Run.ini -> C:\WINDOWS\Tiny_Run.ini -> [2005/03/08 17:39:05 | 00,000,200 | ---- | C] ()
winamp.ini -> C:\WINDOWS\winamp.ini -> [2004/11/29 12:08:33 | 00,001,125 | ---- | C] ()
SETUP32.INI -> C:\WINDOWS\SETUP32.INI -> [2004/11/25 18:41:06 | 00,000,000 | ---- | C] ()
AlphaPlayer.INI -> C:\WINDOWS\AlphaPlayer.INI -> [2004/07/03 19:13:02 | 00,000,066 | ---- | C] ()
MSDraw.ini -> C:\WINDOWS\MSDraw.ini -> [2004/06/21 13:05:28 | 00,000,000 | ---- | C] ()
ULEAD32.INI -> C:\WINDOWS\ULEAD32.INI -> [2004/02/01 13:19:06 | 00,000,457 | ---- | C] ()
Fe.INI -> C:\WINDOWS\Fe.INI -> [2004/02/01 13:11:23 | 00,000,663 | ---- | C] ()
lexstat.ini -> C:\WINDOWS\lexstat.ini -> [2004/02/01 13:06:12 | 00,000,370 | ---- | C] ()
ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2003/12/13 08:34:05 | 00,000,482 | ---- | C] ()
Welsof32.dll -> C:\WINDOWS\System32\Welsof32.dll -> [2002/08/09 14:15:16 | 00,101,376 | ---- | C] ()
Jpeg32.dll -> C:\WINDOWS\System32\Jpeg32.dll -> [2002/03/04 10:16:34 | 00,110,592 | R--- | C] ()
oeminfo.ini -> C:\WINDOWS\System32\oeminfo.ini -> [2002/01/02 05:54:16 | 00,001,492 | ---- | C] ()
emver.ini -> C:\WINDOWS\System32\emver.ini -> [2002/01/02 05:54:16 | 00,000,445 | ---- | C] ()
win.ini -> C:\WINDOWS\win.ini -> [2002/01/02 05:53:42 | 00,000,673 | ---- | C] ()
system.ini -> C:\WINDOWS\system.ini -> [2002/01/02 05:53:37 | 00,000,277 | ---- | C] ()
smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2002/01/02 02:21:56 | 00,000,061 | ---- | C] ()
psisdecd.dll -> C:\WINDOWS\System32\psisdecd.dll -> [2002/01/01 23:53:07 | 00,363,520 | ---- | C] ()
HKNTDLL.dll -> C:\WINDOWS\HKNTDLL.dll -> [2002/01/01 23:52:30 | 00,024,576 | ---- | C] ()
 
[Files/Folders - Modified Within 30 Days]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
OTS.exe -> C:\Documents and Settings\MUM\Desktop\OTS.exe -> [2009/06/16 22:06:31 | 00,507,392 | ---- | M] (OldTimer Tools)
02 Be The One.mp3 -> C:\Documents and Settings\MUM\Desktop\02 Be The One.mp3 -> [2009/06/16 13:57:00 | 06,060,102 | ---- | M] ()
PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2009/06/16 13:55:00 | 00,522,530 | ---- | M] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2009/06/16 13:55:00 | 00,442,398 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2009/06/16 13:55:00 | 00,071,764 | ---- | M] ()
win.ini -> C:\WINDOWS\win.ini -> [2009/06/16 13:36:46 | 00,000,673 | ---- | M] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/06/16 13:36:14 | 00,001,158 | ---- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2009/06/16 13:15:11 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/06/16 13:15:03 | 00,002,048 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/06/16 13:15:01 | 10,716,97920 | -HS- | M] ()
NTUSER.DAT -> C:\Documents and Settings\MUM\NTUSER.DAT -> [2009/06/16 13:06:31 | 06,553,600 | ---- | M] ()
ntuser.ini -> C:\Documents and Settings\MUM\ntuser.ini -> [2009/06/16 13:06:31 | 00,000,278 | -HS- | M] ()
SystemLook.exe -> C:\Documents and Settings\MUM\Desktop\SystemLook.exe -> [2009/06/16 12:28:28 | 00,101,636 | ---- | M] ()
incavi.avm -> C:\WINDOWS\System32\drivers\Avg\incavi.avm -> [2009/06/16 04:09:46 | 37,139,497 | ---- | M] ()
microavi.avg -> C:\WINDOWS\System32\drivers\Avg\microavi.avg -> [2009/06/16 04:09:04 | 00,077,549 | ---- | M] ()
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/06/16 03:46:33 | 00,005,513 | ---- | M] ()
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/06/16 03:46:33 | 00,004,232 | ---- | M] ()
gmer.zip -> C:\Documents and Settings\MUM\Desktop\gmer.zip -> [2009/06/15 21:43:36 | 00,278,221 | ---- | M] ()
MalWare Removal • View topic - Trojan Horse virus help needed please.url -> C:\Documents and Settings\MUM\Desktop\MalWare Removal • View topic - Trojan Horse virus help needed please.url -> [2009/06/15 17:03:28 | 00,000,299 | ---- | M] ()
system.ini -> C:\WINDOWS\system.ini -> [2009/06/14 21:52:36 | 00,000,277 | ---- | M] ()
hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2009/06/14 21:51:10 | 00,000,027 | ---- | M] ()
boot.ini -> C:\boot.ini -> [2009/06/14 18:47:44 | 00,000,281 | RHS- | M] ()
Combo-Fix.exe -> C:\Documents and Settings\MUM\Desktop\Combo-Fix.exe -> [2009/06/14 10:20:11 | 03,026,828 | R--- | M] ()
RSIT.exe -> C:\Documents and Settings\MUM\Desktop\RSIT.exe -> [2009/06/12 19:48:28 | 00,781,909 | ---- | M] ()
drweb-cureit.exe -> C:\Documents and Settings\MUM\Desktop\drweb-cureit.exe -> [2009/06/12 10:01:44 | 14,407,624 | ---- | M] (Doctor Web, Ltd.)
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2009/06/12 03:08:19 | 00,215,264 | ---- | M] ()
imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2009/06/12 03:01:44 | 00,001,374 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\MUM\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/06/11 17:48:46 | 00,067,584 | ---- | M] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2009/06/11 17:44:22 | 00,000,116 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/06/11 07:01:47 | 00,000,720 | ---- | M] ()
IconCache.db -> C:\Documents and Settings\MUM\Local Settings\Application Data\IconCache.db -> [2009/06/10 10:38:11 | 04,319,120 | -H-- | M] ()
MalWare Removal.url -> C:\Documents and Settings\MUM\Desktop\MalWare Removal.url -> [2009/06/09 18:44:16 | 00,000,299 | ---- | M] ()
mbam-setup.exe -> C:\Documents and Settings\MUM\Desktop\mbam-setup.exe -> [2009/06/09 07:03:41 | 03,371,384 | ---- | M] (Malwarebytes Corporation                                    )
Bugs 06.09.csv -> C:\Documents and Settings\MUM\Desktop\Bugs 06.09.csv -> [2009/06/09 07:01:12 | 00,059,318 | ---- | M] ()
avi7.avg -> C:\WINDOWS\System32\drivers\Avg\avi7.avg -> [2009/06/08 21:18:26 | 06,061,540 | ---- | M] ()
miniavi.avg -> C:\WINDOWS\System32\drivers\Avg\miniavi.avg -> [2009/06/08 21:18:26 | 00,434,673 | ---- | M] ()
avgrsstx.dll -> C:\WINDOWS\System32\avgrsstx.dll -> [2009/06/08 21:13:48 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.)
AVG Free 8.5.lnk -> C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk -> [2009/06/08 21:13:48 | 00,001,507 | ---- | M] ()
avgtdix.sys -> C:\WINDOWS\System32\drivers\avgtdix.sys -> [2009/06/08 21:13:47 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgldx86.sys -> C:\WINDOWS\System32\drivers\avgldx86.sys -> [2009/06/08 21:13:45 | 00,325,896 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgmfx86.sys -> C:\WINDOWS\System32\drivers\avgmfx86.sys -> [2009/06/08 21:13:43 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.)
Ÿ9Ÿ9 -> C:\Documents and Settings\MUM\Ÿ9Ÿ9 -> [2009/06/08 20:54:06 | 00,000,000 | ---- | M] ()
PEV.exe -> C:\WINDOWS\PEV.exe -> [2009/06/08 08:10:10 | 00,155,136 | ---- | M] ()
Shortcut to regedit.exe.lnk -> C:\Documents and Settings\MUM\Desktop\Shortcut to regedit.exe.lnk -> [2009/06/04 13:21:29 | 00,001,029 | ---- | M] ()
Shortcut to taskmgr.exe.lnk -> C:\Documents and Settings\MUM\Desktop\Shortcut to taskmgr.exe.lnk -> [2009/06/04 13:20:37 | 00,000,972 | ---- | M] ()
MUM.exe -> C:\Documents and Settings\MUM\Desktop\MUM.exe -> [2009/06/03 09:49:12 | 00,396,288 | ---- | M] (Trend Micro Inc.)
HighjackThis.exe -> C:\Documents and Settings\MUM\Desktop\HighjackThis.exe -> [2009/06/03 09:49:12 | 00,396,288 | ---- | M] (Trend Micro Inc.)
MRT.exe -> C:\WINDOWS\System32\MRT.exe -> [2009/06/01 17:51:12 | 23,635,392 | ---- | M] (Microsoft Corporation)
AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2009/05/30 13:11:04 | 00,000,284 | ---- | M] ()
msoffice.ini -> C:\WINDOWS\msoffice.ini -> [2009/05/27 09:59:49 | 00,000,004 | ---- | M] ()
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation)
ppadsetup.exe -> C:\Documents and Settings\MUM\My Documents\ppadsetup.exe -> [2009/05/18 20:45:09 | 00,242,352 | ---- | M] (NCH Software)
wklntsk.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk.dat -> [2009/04/15 22:10:57 | 00,495,748 | ---- | M] ()
wklntnts.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntnts.dat -> [2009/04/15 22:10:57 | 00,495,748 | ---- | M] ()
college.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\11.0\Webcache\college.dat -> [2002/07/17 12:00:00 | 00,314,360 | ---- | M] ()
about.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\11.0\Webcache\about.dat -> [2002/07/17 12:00:00 | 00,002,302 | ---- | M] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D10517E
< End of report >
DJGarry
Regular Member
 
Posts: 55
Joined: May 30th, 2008, 11:05 am
Location: UK

Re: Trojan Horse virus help needed please

Unread postby peku006 » June 17th, 2009, 2:28 am

Hi Garry

1 - Run CFScript

Open notepad and copy/paste the text in the codebox below into it:

Code: Select all
File::
C:\WINDOWS\System32\55991spambotz.dll
C:\WINDOWS\52289vzrus9.dll



Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

2 - Status Check
Please reply with

1.the the ComboFix log

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 308 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware