Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

check my hijackthis logs

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

check my hijackthis logs

Unread postby alucard_t14 » October 12th, 2008, 6:58 am

hi everyone, im new to this software. hm, so would everyone analyze my logs and give some explanations or some sorts like that. i kinda feel that my pc has a lot of malware but stil i dont know how to remove. im a newbie here, nice to meet u all :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:57:48, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgupd.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.zhangduo.com/driverbackup.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.250.254:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 3655 bytes
alucard_t14
Active Member
 
Posts: 3
Joined: October 12th, 2008, 5:43 am
Top
Advertisement
Register to Remove

Re: check my hijackthis logs

Unread postby Bio-Hazard » October 12th, 2008, 8:23 am

Welcome to the MWR forums. My name is Bio-Hazard. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research. Please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear.
  • Absence of symptoms does not mean that everything is clear.
  • I f you don't know or understand something please don't hesitate to ask.
  • It is important that you reply to this thread. Do not start a new topic.

Note: I am still in training here at Malware Removal, however I will be working under the direct supervision of one of our Malware Experts. Any recommendations will first be approved before being given to you. Because of this, there may be a short delay in getting our responses to you, however be assured that we will be working diligently on your problem.


Uninstall list

Make an uninstall list using HijackThis. To access the Uninstall Manager you would do the following:

  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK
Top

Re: check my hijackthis logs

Unread postby Bio-Hazard » October 12th, 2008, 2:04 pm

Hello!

Is this computer used at work place or home?

Disable Windows Defender

From your log i can see this that you are running a Windows Defender. This might interfere with fixes we are about to do so we need to disable it. To disable your Windows Defender Real-time Protection.

  • Open Windows Defender
  • Click Tools
  • Click General Settings
  • Scroll down to Real Time Protection Options
  • Uncheck Turn on Real Time Protection (recommended)
  • Close Windows Defender

Note: Once your log is clean you can re-enable Windows Defender Real Time Protection.


random's system information tool (RSIT)

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:
  • RSIT Logs, log.txt (<<will be maximized) and info.txt
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK
Top

Re: check my hijackthis logs

Unread postby alucard_t14 » October 12th, 2008, 11:56 pm

many thanks! i'll come back with the requirements u needed and post it here asap. thanks again :)
alucard_t14
Active Member
 
Posts: 3
Joined: October 12th, 2008, 5:43 am
Top

Re: check my hijackthis logs

Unread postby alucard_t14 » October 13th, 2008, 5:59 am

Ok, here we go
Unfortunately i use this pc at home lol

These are the uninstall listing

@BIOS
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Reader 9
AVG Free 8.0
CCleaner (remove only)
EasyTune5
Face-wizard
filehippo.com Update Checker
FreeCommander 2008.06c
GOM Player
Guitar Pro 5.2
HijackThis 2.0.2
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
iolo technologies' System Mechanic Professional 6
K-Lite Mega Codec Pack 3.6.5
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.3)
My Lockbox 1.2 for Windows 2000/XP
NVIDIA Drivers
RealPlayer
Realtek AC'97 Audio
Realtek High Definition Audio Driver
Tweak UI
Uniblue RegistryBooster2
Uniblue SpeedUpMyPC 3
Unlocker 1.8.3
VLC media player 0.9.2
Winamp
Windows Defender
Windows Media Format 11 runtime
Windows Media Player 11
WinZip 11.2
WordWeb
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Toolbar

This is the log.txt

Logfile of random's system information tool 1.04 (written by random/random)
Run by alucard_t14 at 2008-10-13 16:55:16
Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (8%) free of 20 GB
Total RAM: 1023 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:55:23, on 13/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Documents and Settings\alucard_t14.ALUCARD\Desktop\hijack\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\alucard_t14.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.zhangduo.com/driverbackup.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.250.254:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{181136B4-4468-4ECA-AFE7-615432035717}: NameServer = 203.106.9.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{181136B4-4468-4ECA-AFE7-615432035717}: NameServer = 203.106.9.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{181136B4-4468-4ECA-AFE7-615432035717}: NameServer = 203.106.9.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 4094 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"=C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [2003-03-12 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-18 13574144]
"nwiz"=nwiz.exe /install []
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-10-07 1232152]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-09-18 86016]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-10-07 185896]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-05-17 77824]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-06-11 4670968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-04 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableCAD"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSMHelp"=01000000
"NoActiveDesktop"=01000000
"DisableCAD"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"MemCheckBoxInRunDlg"=
"DisableCAD"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\alucard_t14.ALUCARD\Local Settings\Temp\usmt\migwiz.exe"="C:\Documents and Settings\alucard_t14.ALUCARD\Local Settings\Temp\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{133b1f1f-9749-11dd-8a60-0016e65531df}]
shell\AutoRun\command - 1u0o8bnq.cmd
shell\explore\command - 1u0o8bnq.cmd
shell\open\command - 1u0o8bnq.cmd


======List of files/folders created in the last 1 months======

2008-10-13 16:55:16 ----D---- C:\rsit
2008-10-12 23:23:24 ----SHD---- C:\found.000
2008-10-12 16:28:03 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-10-09 12:25:31 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
2008-10-08 20:23:11 ----D---- C:\Documents and Settings\alucard_t14.ALUCARD\Application Data\Help
2008-10-08 11:37:52 ----D---- C:\Documents and Settings\alucard_t14.ALUCARD\Application Data\Media Player Classic
2008-10-08 11:36:09 ----D---- C:\Documents and Settings\alucard_t14.ALUCARD\Application Data\DivX
2008-10-08 10:50:07 ----D---- C:\WINDOWS\system32\NtmsData
2008-10-08 10:40:15 ----D---- C:\WINDOWS\system32\appmgmt
2008-10-08 10:24:38 ----A---- C:\WINDOWS\UPGRADE.TXT
2008-10-08 10:07:10 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2008-10-08 04:02:32 ----A---- C:\WINDOWS\system32\h323log.txt
2008-10-08 02:11:12 ----ASH---- C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini
2008-10-08 02:09:16 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2008-10-08 01:09:20 ----D---- C:\Documents and Settings\alucard_t14.ALUCARD\Application Data\vlc
2008-10-08 00:53:02 ----A---- C:\WINDOWS\SysMech6.INI
2008-10-08 00:20:42 ----D---- C:\Documents and Settings\alucard_t14.ALUCARD\Application Data\GRETECH
2008-10-07 23:48:16 ----A---- C:\WINDOWS\system32\hidserv.dll
2008-10-07 23:47:33 ----A---- C:\WINDOWS\system32\ksuser.dll
2008-10-07 23:46:13 ----A---- C:\WINDOWS\system32\slrundll.exe
2008-10-07 23:46:13 ----A---- C:\WINDOWS\system32\slextspk.dll
2008-10-07 23:46:12 ----A---- C:\WINDOWS\system32\slserv.exe
2008-10-07 23:46:12 ----A---- C:\WINDOWS\system32\SLGen.dll
2008-10-07 23:46:12 ----A---- C:\WINDOWS\system32\slcoinst.dll
2008-10-07 23:45:18 ----A---- C:\WINDOWS\system32\usbui.dll
2008-10-07 23:43:31 ----D---- C:\Program Files\Common Files\Kaspersky Lab
2008-10-07 23:42:54 ----A---- C:\WINDOWS\system32\smrgdf.exe
2008-10-07 23:42:54 ----A---- C:\WINDOWS\system32\iolobtdfg.exe
2008-10-07 23:42:53 ----A---- C:\WINDOWS\system32\Incinerator.dll
2008-10-07 23:40:21 ----A---- C:\WINDOWS\wweb32.dll
2008-10-07 23:40:02 ----D---- C:\WINDOWS\Minidump
2008-10-07 23:39:39 ----N---- C:\WINDOWS\Setup1.exe
2008-10-07 23:39:37 ----A---- C:\WINDOWS\ST6UNST.EXE
2008-10-07 23:38:50 ----D---- C:\Documents and Settings\alucard_t14.ALUCARD\Application Data\Mozilla
2008-10-07 23:36:44 ----D---- C:\Program Files\ReflexiveArcade
2008-10-07 23:36:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-07 23:36:33 ----A---- C:\WINDOWS\ODBCINST.INI
2008-10-07 23:36:26 ----A---- C:\WINDOWS\system32\uniime.dll
2008-10-07 23:36:17 ----A---- C:\WINDOWS\system32\c_g18030.dll
2008-10-07 23:36:16 ----A---- C:\WINDOWS\system32\kbdlk41j.dll
2008-10-07 23:36:16 ----A---- C:\WINDOWS\system32\kbdlk41a.dll
2008-10-07 23:36:16 ----A---- C:\WINDOWS\system32\kbdibm02.dll
2008-10-07 23:36:16 ----A---- C:\WINDOWS\system32\kbdax2.dll
2008-10-07 23:36:16 ----A---- C:\WINDOWS\system32\kbd106n.dll
2008-10-07 23:36:16 ----A---- C:\WINDOWS\system32\kbd101.dll
2008-10-07 23:36:16 ----A---- C:\WINDOWS\system32\f3ahvoas.dll
2008-10-07 23:36:15 ----A---- C:\WINDOWS\system32\imjp81k.dll
2008-10-07 23:36:10 ----A---- C:\WINDOWS\system32\chsbrkr.dll
2008-10-07 23:36:09 ----A---- C:\WINDOWS\system32\korwbrkr.dll
2008-10-07 23:36:09 ----A---- C:\WINDOWS\system32\chtbrkr.dll
2008-10-07 23:36:08 ----A---- C:\WINDOWS\system32\msir3jp.dll
2008-10-07 23:35:54 ----A---- C:\WINDOWS\system32\kbd101a.dll
2008-10-07 23:35:44 ----A---- C:\WINDOWS\system32\kbdnecNT.dll
2008-10-07 23:35:44 ----A---- C:\WINDOWS\system32\kbdnecAT.dll
2008-10-07 23:35:44 ----A---- C:\WINDOWS\system32\kbdnec95.dll
2008-10-07 23:35:26 ----A---- C:\WINDOWS\system32\c_is2022.dll
2008-10-07 23:35:24 ----A---- C:\WINDOWS\system32\kbdkor.dll
2008-10-07 23:35:24 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2008-10-07 23:35:24 ----A---- C:\WINDOWS\system32\kbd106.dll
2008-10-07 23:35:24 ----A---- C:\WINDOWS\system32\kbd103.dll
2008-10-07 23:35:24 ----A---- C:\WINDOWS\system32\kbd101c.dll
2008-10-07 23:35:23 ----A---- C:\WINDOWS\system32\kbd101b.dll
2008-10-07 23:35:21 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2008-10-07 23:35:21 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2008-10-07 23:35:21 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2008-10-07 23:35:19 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2008-10-07 23:35:19 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2008-10-07 23:35:19 ----RA---- C:\WINDOWS\system32\kbdur.dll
2008-10-07 23:35:19 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2008-10-07 23:35:19 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2008-10-07 23:35:19 ----RA---- C:\WINDOWS\system32\kbdru.dll
2008-10-07 23:35:19 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2008-10-07 23:35:19 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2008-10-07 23:35:19 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2008-10-07 23:35:19 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2008-10-07 23:35:19 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2008-10-07 23:35:19 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2008-10-07 23:35:17 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2008-10-07 23:35:17 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2008-10-07 23:35:17 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2008-10-07 23:35:17 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2008-10-07 23:35:17 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2008-10-07 23:35:17 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2008-10-07 23:35:17 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2008-10-07 23:35:16 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2008-10-07 23:35:16 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2008-10-07 23:35:16 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2008-10-07 23:35:16 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2008-10-07 23:35:16 ----RA---- C:\WINDOWS\system32\kbdest.dll
2008-10-07 23:35:14 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2008-10-07 23:35:14 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2008-10-07 23:35:14 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2008-10-07 23:35:14 ----RA---- C:\WINDOWS\system32\kbdro.dll
2008-10-07 23:35:14 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2008-10-07 23:35:14 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2008-10-07 23:35:14 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2008-10-07 23:35:14 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2008-10-07 23:35:14 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2008-10-07 23:35:14 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2008-10-07 23:35:14 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2008-10-07 23:35:14 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2008-10-07 23:35:14 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2008-10-07 23:35:11 ----A---- C:\WINDOWS\system32\spxcoins.dll
2008-10-07 23:35:11 ----A---- C:\WINDOWS\system32\irclass.dll
2008-10-07 23:35:11 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2008-10-07 23:35:11 ----A---- C:\WINDOWS\system32\dgsetup.dll
2008-10-07 23:35:11 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2008-10-07 23:35:09 ----A---- C:\WINDOWS\TASKMAN.EXE
2008-10-07 23:35:08 ----A---- C:\WINDOWS\system32\batt.dll
2008-10-07 23:35:08 ----A---- C:\WINDOWS\NOTEPAD.EXE
2008-10-07 23:35:05 ----A---- C:\WINDOWS\system32\storprop.dll
2008-10-07 23:35:03 ----D---- C:\Documents and Settings\alucard_t14.ALUCARD\Application Data\Uniblue
2008-10-07 23:33:21 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-07 23:33:21 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-07 23:31:17 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-10-07 23:28:21 ----A---- C:\WINDOWS\avrack.ini
2008-10-07 23:28:16 ----A---- C:\WINDOWS\system32\RTLCPL.EXE
2008-10-07 23:28:08 ----A---- C:\WINDOWS\alcupd.exe
2008-10-07 23:28:08 ----A---- C:\WINDOWS\alcrmv.exe
2008-10-07 23:26:31 ----HD---- C:\WINDOWS\inf
2008-10-07 23:26:31 ----D---- C:\WINDOWS\twain_32
2008-10-07 23:26:31 ----D---- C:\WINDOWS\system32\wins
2008-10-07 23:26:31 ----D---- C:\WINDOWS\system32\wbem
2008-10-07 23:26:31 ----D---- C:\WINDOWS\system32\usmt
2008-10-07 23:26:31 ----D---- C:\WINDOWS\system32\spool
2008-10-07 23:26:31 ----D---- C:\WINDOWS\system32\ShellExt
2008-10-07 23:26:31 ----D---- C:\WINDOWS\system32\Setup
2008-10-07 23:26:31 ----D---- C:\WINDOWS\system32\scripting
2008-10-07 23:26:31 ----D---- C:\WINDOWS\system32\ras
2008-10-07 23:26:31 ----D---- C:\WINDOWS\system32\oobe
2008-10-07 23:26:31 ----D---- C:\WINDOWS\system32\npp
2008-10-07 23:26:31 ----D---- C:\WINDOWS\system32\mui
2008-10-07 23:26:31 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-07 23:26:31 ----D---- C:\WINDOWS\system32\icsxml
2008-10-07 23:26:31 ----D---- C:\WINDOWS\system32\ias
2008-10-07 23:26:31 ----D---- C:\WINDOWS\system32\export
2008-10-07 23:26:31 ----D---- C:\WINDOWS\system32\en
2008-10-07 23:26:31 ----D---- C:\WINDOWS\system32\config
2008-10-07 23:26:31 ----D---- C:\WINDOWS\system32\3com_dmi
2008-10-07 23:26:31 ----D---- C:\WINDOWS\system32\3076
2008-10-07 23:26:31 ----D---- C:\WINDOWS\system32\2052
2008-10-07 23:26:31 ----D---- C:\WINDOWS\system32\1054
2008-10-07 23:26:31 ----D---- C:\WINDOWS\system32\1042
2008-10-07 23:26:31 ----D---- C:\WINDOWS\system32\1041
2008-10-07 23:26:31 ----D---- C:\WINDOWS\system32\1037
2008-10-07 23:26:31 ----D---- C:\WINDOWS\system32\1033
2008-10-07 23:26:31 ----D---- C:\WINDOWS\system32\1031
2008-10-07 23:26:31 ----D---- C:\WINDOWS\system32\1028
2008-10-07 23:26:31 ----D---- C:\WINDOWS\system32\1025
2008-10-07 23:26:31 ----D---- C:\WINDOWS\Network Diagnostic
2008-10-07 23:26:31 ----D---- C:\WINDOWS\mui
2008-10-07 23:26:31 ----D---- C:\WINDOWS\msapps
2008-10-07 23:26:31 ----D---- C:\WINDOWS\L2Schemas
2008-10-07 23:26:31 ----D---- C:\WINDOWS\ehome
2008-10-07 23:26:31 ----D---- C:\WINDOWS\Connection Wizard
2008-10-07 23:26:31 ----D---- C:\WINDOWS\Config
2008-10-07 23:26:31 ----D---- C:\WINDOWS\addins
2008-10-07 22:38:42 ----A---- C:\WINDOWS\system32\msonpmon.dll
2008-10-07 22:30:46 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-10-07 22:28:53 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-10-07 22:26:44 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2008-10-07 22:25:57 ----D---- C:\WINDOWS\system32\LogFiles
2008-10-07 22:25:35 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2008-10-07 22:24:10 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
2008-10-07 22:23:31 ----N---- C:\WINDOWS\system32\vxblock.dll
2008-10-07 22:23:31 ----N---- C:\WINDOWS\system32\pxwave.dll
2008-10-07 22:23:31 ----N---- C:\WINDOWS\system32\pxsfs.dll
2008-10-07 22:23:31 ----N---- C:\WINDOWS\system32\pxmas.dll
2008-10-07 22:23:31 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-10-07 22:23:31 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-10-07 22:23:31 ----N---- C:\WINDOWS\system32\pxdrv.dll
2008-10-07 22:23:31 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-10-07 22:23:31 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-10-07 22:23:31 ----N---- C:\WINDOWS\system32\px.dll
2008-10-07 22:23:22 ----D---- C:\Documents and Settings\alucard_t14.ALUCARD\Application Data\Winamp
2008-10-07 22:22:20 ----A---- C:\WINDOWS\cdplayer.ini
2008-10-07 22:21:12 ----A---- C:\WINDOWS\system32\msvcp71.dll
2008-10-07 22:14:59 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-10-07 22:14:55 ----D---- C:\Documents and Settings\alucard_t14.ALUCARD\Application Data\Macromedia
2008-10-07 22:09:28 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-10-07 22:09:17 ----D---- C:\Documents and Settings\alucard_t14.ALUCARD\Application Data\AVGTOOLBAR
2008-10-07 22:09:07 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-10-07 22:01:34 ----D---- C:\Documents and Settings\alucard_t14.ALUCARD\Application Data\AD ON Multimedia
2008-10-07 21:53:34 ----D---- C:\Documents and Settings\alucard_t14.ALUCARD\Application Data\Adobe
2008-10-07 21:52:14 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-10-07 21:52:03 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-10-07 21:49:49 ----D---- C:\Program Files\Unlocker
2008-10-07 21:49:08 ----A---- C:\WINDOWS\system32\TweakUI.exe
2008-10-07 21:48:22 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-10-07 21:48:22 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-10-07 21:48:22 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-10-07 21:48:22 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-10-07 21:48:21 ----A---- C:\WINDOWS\system32\unrar.dll
2008-10-07 21:48:18 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2008-10-07 21:48:18 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2008-10-07 21:48:18 ----A---- C:\WINDOWS\system32\xvidcore.dll
2008-10-07 21:48:17 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-10-07 21:48:17 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-10-07 21:48:17 ----A---- C:\WINDOWS\system32\divx.dll
2008-10-07 21:48:16 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-10-07 21:48:16 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2008-10-07 21:48:14 ----A---- C:\WINDOWS\system32\msvcr71.dll
2008-10-07 21:48:13 ----D---- C:\Documents and Settings\alucard_t14.ALUCARD\Application Data\Real
2008-10-07 21:48:13 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Real
2008-10-07 21:47:19 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2008-10-07 21:39:16 ----A---- C:\WINDOWS\IsUninst.exe
2008-10-07 21:15:36 ----R---- C:\WINDOWS\alcwzrd.exe
2008-10-07 21:15:36 ----R---- C:\WINDOWS\Alcmtr.exe
2008-10-07 21:15:34 ----R---- C:\WINDOWS\RtlUpd.exe
2008-10-07 21:15:34 ----R---- C:\WINDOWS\RTLCPL.exe
2008-10-07 21:15:34 ----R---- C:\WINDOWS\RTHDCPL.exe
2008-10-07 21:15:34 ----R---- C:\WINDOWS\MicCal.exe
2008-10-07 21:15:34 ----D---- C:\WINDOWS\system32\RTCOM
2008-10-07 21:15:34 ----A---- C:\WINDOWS\system32\RTLCPAPI.dll
2008-10-07 21:15:34 ----A---- C:\WINDOWS\system32\ChCfg.exe
2008-10-07 21:15:34 ----A---- C:\WINDOWS\SOUNDMAN.EXE
2008-10-07 21:06:19 ----A---- C:\WINDOWS\system32\e100bmsg.dll
2008-10-07 21:06:18 ----A---- C:\WINDOWS\system32\IntelNic.dll
2008-10-07 21:06:16 ----A---- C:\WINDOWS\system32\Prounstl.exe
2008-10-07 21:06:01 ----R---- C:\WINDOWS\RtlExUpd.dll
2008-10-07 21:03:40 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-07 20:30:01 ----D---- C:\Documents and Settings\alucard_t14.ALUCARD\Application Data\Identities
2008-10-07 20:29:37 ----SD---- C:\Documents and Settings\alucard_t14.ALUCARD\Application Data\Microsoft
2008-10-07 20:29:37 ----ASH---- C:\Documents and Settings\alucard_t14.ALUCARD\Application Data\desktop.ini
2008-10-07 20:26:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-07 20:11:08 ----D---- C:\WINDOWS\system32\xircom
2008-10-07 20:10:40 ----A---- C:\WINDOWS\control.ini
2008-10-07 20:10:11 ----A---- C:\WINDOWS\system32\mapi32.dll
2008-10-07 20:08:45 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2008-10-07 20:08:33 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-10-07 20:07:51 ----A---- C:\WINDOWS\system32\atrace.dll
2008-10-07 20:07:48 ----A---- C:\WINDOWS\system32\desktop.ini
2008-10-07 20:07:48 ----A---- C:\WINDOWS\desktop.ini
2008-10-07 20:07:39 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2008-10-07 20:07:39 ----A---- C:\WINDOWS\system32\acctres.dll
2008-10-07 20:07:38 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2008-10-07 20:07:33 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-07 20:07:32 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-07 20:07:32 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-07 20:07:32 ----A---- C:\WINDOWS\system32\wuauserv.dll
2008-10-07 20:07:32 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2008-10-07 20:07:32 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-07 20:07:31 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2008-10-07 20:07:31 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-07 20:07:31 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-07 20:07:31 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2008-10-07 20:07:31 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-10-07 20:07:31 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2008-10-07 20:07:31 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2008-10-07 20:07:31 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2008-10-07 20:07:08 ----A---- C:\WINDOWS\system32\safrslv.dll
2008-10-07 20:07:08 ----A---- C:\WINDOWS\system32\safrdm.dll
2008-10-07 20:07:08 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2008-10-07 20:07:08 ----A---- C:\WINDOWS\system32\racpldlg.dll
2008-10-07 20:07:04 ----A---- C:\WINDOWS\system32\fltMc.exe
2008-10-07 20:07:04 ----A---- C:\WINDOWS\system32\fltlib.dll
2008-10-07 20:07:03 ----D---- C:\WINDOWS\system32\Restore
2008-10-07 20:07:03 ----A---- C:\WINDOWS\system32\srsvc.dll
2008-10-07 20:07:03 ----A---- C:\WINDOWS\system32\srrstr.dll
2008-10-07 20:07:03 ----A---- C:\WINDOWS\system32\srclient.dll
2008-10-07 20:07:02 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2008-10-07 20:07:02 ----A---- C:\WINDOWS\system32\msoert2.dll
2008-10-07 20:07:02 ----A---- C:\WINDOWS\system32\msconf.dll
2008-10-07 20:07:02 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2008-10-07 20:07:02 ----A---- C:\WINDOWS\system32\mnmdd.dll
2008-10-07 20:07:02 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2008-10-07 20:07:02 ----A---- C:\WINDOWS\system32\ils.dll
2008-10-07 20:07:01 ----A---- C:\WINDOWS\system32\msoeacct.dll
2008-10-07 20:07:01 ----A---- C:\WINDOWS\system32\inetres.dll
2008-10-07 20:07:01 ----A---- C:\WINDOWS\system32\inetcomm.dll
2008-10-07 20:07:00 ----A---- C:\WINDOWS\system32\schedsvc.dll
2008-10-07 20:07:00 ----A---- C:\WINDOWS\system32\mstinit.exe
2008-10-07 20:07:00 ----A---- C:\WINDOWS\system32\mstask.dll
2008-10-07 20:06:59 ----A---- C:\WINDOWS\system32\isign32.dll
2008-10-07 20:06:59 ----A---- C:\WINDOWS\system32\inetcfg.dll
2008-10-07 20:06:59 ----A---- C:\WINDOWS\system32\icwphbk.dll
2008-10-07 20:06:59 ----A---- C:\WINDOWS\system32\icwdial.dll
2008-10-07 20:05:51 ----A---- C:\WINDOWS\vbaddin.ini
2008-10-07 20:05:51 ----A---- C:\WINDOWS\vb.ini
2008-10-07 20:05:19 ----A---- C:\WINDOWS\system32\write.exe
2008-10-07 20:05:11 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-10-07 20:05:11 ----A---- C:\WINDOWS\system32\hticons.dll
2008-10-07 20:05:11 ----A---- C:\WINDOWS\system32\avwav.dll
2008-10-07 20:05:11 ----A---- C:\WINDOWS\system32\avtapi.dll
2008-10-07 20:05:11 ----A---- C:\WINDOWS\system32\avmeter.dll
2008-10-07 20:05:10 ----A---- C:\WINDOWS\system32\winchat.exe
2008-10-07 20:05:01 ----A---- C:\WINDOWS\system32\getuname.dll
2008-10-07 20:05:01 ----A---- C:\WINDOWS\system32\charmap.exe
2008-10-07 20:05:00 ----A---- C:\WINDOWS\system32\winmine.exe
2008-10-07 20:05:00 ----A---- C:\WINDOWS\system32\sol.exe
2008-10-07 20:05:00 ----A---- C:\WINDOWS\system32\calc.exe
2008-10-07 20:04:59 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2008-10-07 20:04:59 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2008-10-07 20:04:59 ----A---- C:\WINDOWS\system32\tslabels.ini
2008-10-07 20:04:59 ----A---- C:\WINDOWS\system32\tskill.exe
2008-10-07 20:04:59 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2008-10-07 20:04:59 ----A---- C:\WINDOWS\system32\tscon.exe
2008-10-07 20:04:59 ----A---- C:\WINDOWS\system32\reset.exe
2008-10-07 20:04:59 ----A---- C:\WINDOWS\system32\mshearts.exe
2008-10-07 20:04:59 ----A---- C:\WINDOWS\system32\freecell.exe
2008-10-07 20:04:58 ----A---- C:\WINDOWS\system32\shadow.exe
2008-10-07 20:04:58 ----A---- C:\WINDOWS\system32\rwinsta.exe
2008-10-07 20:04:58 ----A---- C:\WINDOWS\system32\regini.exe
2008-10-07 20:04:58 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2008-10-07 20:04:58 ----A---- C:\WINDOWS\system32\qwinsta.exe
2008-10-07 20:04:58 ----A---- C:\WINDOWS\system32\qappsrv.exe
2008-10-07 20:04:58 ----A---- C:\WINDOWS\system32\msg.exe
2008-10-07 20:04:58 ----A---- C:\WINDOWS\system32\logoff.exe
2008-10-07 20:04:57 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2008-10-07 20:04:57 ----A---- C:\WINDOWS\system32\cdmodem.dll
2008-10-07 20:04:49 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2008-10-07 20:04:49 ----A---- C:\WINDOWS\system32\sndrec32.exe
2008-10-07 20:04:49 ----A---- C:\WINDOWS\system32\mplay32.exe
2008-10-07 20:04:49 ----A---- C:\WINDOWS\system32\accwiz.exe
2008-10-07 20:04:48 ----A---- C:\WINDOWS\system32\mspaint.exe
2008-10-07 20:04:48 ----A---- C:\WINDOWS\system32\hypertrm.dll
2008-10-07 20:04:48 ----A---- C:\WINDOWS\system32\clipbrd.exe
2008-10-07 20:04:47 ----D---- C:\WINDOWS\system32\en-US
2008-10-07 20:04:47 ----A---- C:\WINDOWS\system32\spider.exe
2008-10-07 20:04:46 ----A---- C:\WINDOWS\system32\tsgqec.dll
2008-10-07 20:04:46 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2008-10-07 20:04:46 ----A---- C:\WINDOWS\system32\rhttpaa.dll
2008-10-07 20:04:46 ----A---- C:\WINDOWS\system32\aaclient.dll
2008-10-07 20:04:45 ----A---- C:\WINDOWS\system32\remotepg.dll
2008-10-07 20:04:45 ----A---- C:\WINDOWS\system32\rdshost.exe
2008-10-07 20:04:45 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2008-10-07 20:04:45 ----A---- C:\WINDOWS\system32\mstscax.dll
2008-10-07 20:04:45 ----A---- C:\WINDOWS\system32\mstsc.exe
2008-10-07 20:04:44 ----A---- C:\WINDOWS\system32\termsrv.dll
2008-10-07 20:04:44 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-10-07 20:04:44 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2008-10-07 20:04:44 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2008-10-07 20:04:44 ----A---- C:\WINDOWS\system32\rdpclip.exe
2008-10-07 20:04:44 ----A---- C:\WINDOWS\system32\rdchost.dll
2008-10-07 20:04:44 ----A---- C:\WINDOWS\system32\qprocess.exe
2008-10-07 20:04:43 ----D---- C:\WINDOWS\system32\MsDtc
2008-10-07 20:04:43 ----A---- C:\WINDOWS\system32\mtxoci.dll
2008-10-07 20:04:43 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2008-10-07 20:04:43 ----A---- C:\WINDOWS\system32\icaapi.dll
2008-10-07 20:04:43 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2008-10-07 20:04:42 ----A---- C:\WINDOWS\system32\xolehlp.dll
2008-10-07 20:04:42 ----A---- C:\WINDOWS\system32\msdtctm.dll
2008-10-07 20:04:42 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2008-10-07 20:04:42 ----A---- C:\WINDOWS\system32\msdtclog.dll
2008-10-07 20:04:42 ----A---- C:\WINDOWS\system32\msdtc.exe
2008-10-07 20:04:40 ----D---- C:\WINDOWS\system32\Com
2008-10-07 20:04:40 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2008-10-07 20:04:40 ----A---- C:\WINDOWS\system32\mtxex.dll
2008-10-07 20:04:40 ----A---- C:\WINDOWS\system32\mtxdm.dll
2008-10-07 20:04:40 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2008-10-07 20:04:40 ----A---- C:\WINDOWS\system32\comrepl.dll
2008-10-07 20:04:40 ----A---- C:\WINDOWS\system32\comaddin.dll
2008-10-07 20:04:40 ----A---- C:\WINDOWS\system32\colbact.dll
2008-10-07 20:04:39 ----A---- C:\WINDOWS\system32\stclient.dll
2008-10-07 20:04:39 ----A---- C:\WINDOWS\system32\clbcatex.dll
2008-10-07 20:04:39 ----A---- C:\WINDOWS\system32\catsrvut.dll
2008-10-07 20:04:39 ----A---- C:\WINDOWS\system32\catsrvps.dll
2008-10-07 20:04:39 ----A---- C:\WINDOWS\system32\catsrv.dll
2008-10-07 20:04:38 ----A---- C:\WINDOWS\system32\comuid.dll
2008-10-07 20:04:38 ----A---- C:\WINDOWS\system32\comsvcs.dll
2008-10-07 20:04:38 ----A---- C:\WINDOWS\system32\comsnap.dll
2008-10-07 20:04:37 ----A---- C:\WINDOWS\system32\clbcatq.dll
2008-10-07 20:04:30 ----A---- C:\WINDOWS\system32\servdeps.dll
2008-10-07 20:04:30 ----A---- C:\WINDOWS\system32\mmfutil.dll
2008-10-07 20:04:30 ----A---- C:\WINDOWS\system32\licwmi.dll
2008-10-07 20:04:30 ----A---- C:\WINDOWS\system32\cmprops.dll
2008-10-07 12:32:02 ----D---- C:\Program Files\iolo
2008-10-07 11:55:19 ----D---- C:\Program Files\WordWeb
2008-10-07 03:32:45 ----D---- C:\Program Files\Windows Defender
2008-09-26 05:20:41 ----HD---- C:\$AVG8.VAULT$
2008-09-26 04:41:51 ----D---- C:\Program Files\AVG
2008-09-26 04:32:47 ----D---- C:\Program Files\FreeCommander
2008-09-26 04:22:28 ----D---- C:\Program Files\WinZip
2008-09-26 03:49:04 ----D---- C:\Program Files\Trend Micro
2008-09-21 08:04:11 ----D---- C:\Program Files\Guitar Pro 5

======List of files/folders modified in the last 1 months======

2008-10-13 16:55:23 ----D---- C:\WINDOWS\Temp
2008-10-13 16:55:21 ----D---- C:\WINDOWS\Prefetch
2008-10-13 16:51:02 ----SHD---- C:\WINDOWS\Installer
2008-10-13 07:08:26 ----SD---- C:\WINDOWS\Tasks
2008-10-12 23:24:49 ----D---- C:\WINDOWS
2008-10-12 21:06:26 ----D---- C:\Program Files\Mozilla Firefox
2008-10-12 17:05:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-12 17:05:02 ----D---- C:\WINDOWS\system32
2008-10-12 16:28:34 ----D---- C:\WINDOWS\SoftwareDistribution
2008-10-12 16:28:34 ----D---- C:\WINDOWS\Help
2008-10-08 20:16:02 ----RD---- C:\Program Files
2008-10-08 20:16:02 ----D---- C:\Program Files\Microsoft Office
2008-10-08 10:48:26 ----D---- C:\Program Files\Adobe
2008-10-08 10:43:28 ----D---- C:\WINDOWS\security
2008-10-08 05:19:16 ----D---- C:\Program Files\Internet Explorer
2008-10-08 02:11:51 ----A---- C:\WINDOWS\system.ini
2008-10-08 00:49:26 ----RD---- C:\WINDOWS\Offline Web Pages
2008-10-08 00:49:21 ----D---- C:\WINDOWS.0
2008-10-07 23:59:16 ----D---- C:\WINDOWS\Debug
2008-10-07 23:57:28 ----D---- C:\WINDOWS\system32\drivers
2008-10-07 23:43:31 ----D---- C:\Program Files\Common Files
2008-10-07 23:43:30 ----D---- C:\Program Files\Kaspersky Lab
2008-10-07 23:38:01 ----RSD---- C:\WINDOWS\Fonts
2008-10-07 23:35:10 ----D---- C:\WINDOWS\system
2008-10-07 23:34:55 ----D---- C:\Program Files\Uniblue
2008-10-07 23:31:08 ----D---- C:\WINDOWS\AppPatch
2008-10-07 23:31:00 ----D---- C:\WINDOWS\ime
2008-10-07 23:30:58 ----D---- C:\WINDOWS\Media
2008-10-07 23:30:42 ----D---- C:\WINDOWS\PeerNet
2008-10-07 23:30:16 ----D---- C:\WINDOWS\msagent
2008-10-07 23:28:23 ----D---- C:\Program Files\AvRack
2008-10-07 23:26:21 ----RSD---- C:\WINDOWS\assembly
2008-10-07 23:15:24 ----D---- C:\WINDOWS\nview
2008-10-07 23:13:29 ----D---- C:\Program Files\Common Files\DESIGNER
2008-10-07 22:30:09 ----HD---- C:\WINDOWS\ShellNew
2008-10-07 22:29:56 ----A---- C:\WINDOWS\win.ini
2008-10-07 22:29:26 ----D---- C:\Program Files\Windows Media Player
2008-10-07 22:26:28 ----A---- C:\YServer.txt
2008-10-07 22:24:00 ----D---- C:\Program Files\Winamp
2008-10-07 22:21:28 ----D---- C:\Program Files\Common Files\Real
2008-10-07 22:17:55 ----D---- C:\Program Files\My Lockbox
2008-10-07 22:13:53 ----D---- C:\WINDOWS\WinSxS
2008-10-07 22:13:26 ----D---- C:\Program Files\Common Files\Adobe
2008-10-07 21:48:31 ----D---- C:\Program Files\K-Lite Codec Pack
2008-10-07 21:41:33 ----SHD---- C:\RECYCLER
2008-10-07 21:03:31 ----D---- C:\Documents and Settings
2008-10-07 20:26:58 ----SHD---- C:\System Volume Information
2008-10-07 20:11:07 ----D---- C:\WINDOWS\repair
2008-10-07 20:10:03 ----D---- C:\WINDOWS\Registration
2008-10-07 20:08:50 ----RD---- C:\WINDOWS\Web
2008-10-07 20:08:45 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-07 20:08:06 ----D---- C:\WINDOWS\srchasst
2008-10-07 20:05:21 ----D---- C:\Program Files\Messenger
2008-10-07 20:05:18 ----D---- C:\WINDOWS\Cursors
2008-10-07 20:03:08 ----SH---- C:\boot.ini
2008-10-07 12:46:05 ----D---- C:\Program Files\Hard Drive Inspector
2008-10-07 12:46:04 ----D---- C:\Program Files\SpeedItUpExtreme
2008-10-07 12:46:02 ----D---- C:\Program Files\WinAce
2008-09-26 05:20:42 ----D---- C:\Program Files\SRS Labs
2008-09-26 03:51:33 ----D---- C:\Program Files\Google
2008-09-18 00:55:00 ----A---- C:\WINDOWS\system32\nwiz.exe
2008-09-18 00:55:00 ----A---- C:\WINDOWS\system32\nvwss.dll
2008-09-18 00:55:00 ----A---- C:\WINDOWS\system32\nvwimg.dll
2008-09-18 00:55:00 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll
2008-09-18 00:55:00 ----A---- C:\WINDOWS\system32\nvwddi.dll
2008-09-18 00:55:00 ----A---- C:\WINDOWS\system32\nvvitvs.dll
2008-09-18 00:55:00 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2008-09-18 00:55:00 ----A---- C:\WINDOWS\system32\nvshell.dll
2008-09-18 00:55:00 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2008-09-18 00:55:00 ----A---- C:\WINDOWS\system32\nvnt4cpl.dll
2008-09-18 00:55:00 ----A---- C:\WINDOWS\system32\nvmobls.dll
2008-09-18 00:55:00 ----A---- C:\WINDOWS\system32\nvmctray.dll
2008-09-18 00:55:00 ----A---- C:\WINDOWS\system32\nvmccss.dll
2008-09-18 00:55:00 ----A---- C:\WINDOWS\system32\nvmccsrs.dll
2008-09-18 00:55:00 ----A---- C:\WINDOWS\system32\nvmccs.dll
2008-09-18 00:55:00 ----A---- C:\WINDOWS\system32\nview.dll
2008-09-18 00:55:00 ----A---- C:\WINDOWS\system32\nvgames.dll
2008-09-18 00:55:00 ----A---- C:\WINDOWS\system32\nvdspsch.exe
2008-09-18 00:55:00 ----A---- C:\WINDOWS\system32\nvdisps.dll
2008-09-18 00:55:00 ----A---- C:\WINDOWS\system32\nvcuda.dll
2008-09-18 00:55:00 ----A---- C:\WINDOWS\system32\nvcplui.exe
2008-09-18 00:55:00 ----A---- C:\WINDOWS\system32\nvcpl.dll
2008-09-18 00:55:00 ----A---- C:\WINDOWS\system32\nvcolor.exe
2008-09-18 00:55:00 ----A---- C:\WINDOWS\system32\nvcodins.dll
2008-09-18 00:55:00 ----A---- C:\WINDOWS\system32\nvcod.dll
2008-09-18 00:55:00 ----A---- C:\WINDOWS\system32\nvappbar.exe
2008-09-18 00:55:00 ----A---- C:\WINDOWS\system32\nvapi.dll
2008-09-18 00:55:00 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2008-09-18 00:55:00 ----A---- C:\WINDOWS\system32\keystone.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-10-07 96520]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-10-07 26824]
R1 FileDisk;FileDisk; C:\WINDOWS\system32\drivers\FileDisk.sys [2006-01-18 9341]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-10-07 76040]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-05-18 2319680]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2003-03-05 145408]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys [2008-04-14 126686]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-18 6132576]
R3 Slntamr;Smart Link 56K Modem Driver; C:\WINDOWS\system32\DRIVERS\slntamr.sys [2008-04-14 404990]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys [2008-04-14 13240]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 ET5Drv;ET5Drv; \??\C:\WINDOWS\system32\Drivers\ET5Drv.sys []
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys [2008-04-14 1309184]
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys [2008-04-14 180360]
S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\Slnthal.sys [2008-04-14 95424]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-07 873752]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-07 231192]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-18 163908]
R2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2008-04-14 73796]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-04 13592]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-03-04 143360]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

This is the info.txt

info.txt logfile of random's system information tool 1.04 2008-10-13 16:55:26

======Uninstall list======

@BIOS-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\BIOS\Uninst.isu"
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
EasyTune5-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Gigabyte\ET5\Uninst.isu" -c"C:\Program Files\Gigabyte\ET5\uninstdrv.dll"
Face-wizard-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\GIGABYTE\Face-wizard\Uninst.isu"
filehippo.com Update Checker-->"C:\Program Files\filehippo.com\uninstall.exe"
FreeCommander 2008.06c-->"C:\Program Files\FreeCommander\unins000.exe"
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
Intel(R) PROSet-->MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
iolo technologies' System Mechanic Professional 6-->"C:\Program Files\iolo\System Mechanic Professional 6\UninstallSMPro.exe"
K-Lite Mega Codec Pack 3.6.5-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
My Lockbox 1.2 for Windows 2000/XP-->"C:\Program Files\My Lockbox\unins000.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 REMOVE -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9 -removeonly
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Uniblue RegistryBooster2-->"C:\Program Files\Uniblue\RegistryBooster2\unins000.exe"
Uniblue SpeedUpMyPC 3-->"C:\Program Files\Uniblue\SpeedUpMyPC 3\unins000.exe"
Unlocker 1.8.3-->C:\Program Files\Unlocker\uninst.exe
VLC media player 0.9.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
WinZip 11.2-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}
WordWeb-->C:\Program Files\WordWeb\uninst.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

=====HijackThis Backups=====

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;172.16.250.254:8080;<local>
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.250.254:8080
O1 - Hosts: 72.167.163.234 www.google-analytics.com
O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O1 - Hosts: 72.167.163.234 ads1.msn.com
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O1 - Hosts: 208.109.233.197 themis.geocities.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8317692328
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 7410976265
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{58D1D151-593F-4B3B-9176-D2F57C17278F}: NameServer = 203.106.9.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{58D1D151-593F-4B3B-9176-D2F57C17278F}: NameServer = 203.106.9.2
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O23 - Service: HDD Information Service (HDDSvc) - Unknown owner - C:\WINDOWS.0\system32\HDDSvc.exe (file missing)
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 172.16.250.254:8080
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

======Hosts File======

127.0.0.1 mpa.one.microsoft.com

======Security center information======

AV: AVG Anti-Virus Free

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0303
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

p/s: is that enough?
alucard_t14
Active Member
 
Posts: 3
Joined: October 12th, 2008, 5:43 am
Top

Re: check my hijackthis logs

Unread postby Bio-Hazard » October 13th, 2008, 8:43 am

Hello!

Have you used HijackThis to get rid of some entries?

Disable Windows Defender

From your log i can see this that you are running a Windows Defender. This might interfere with fixes we are about to do so we need to disable it. To disable your Windows Defender Real-time Protection.

  • Open Windows Defender
  • Click Tools
  • Click General Settings
  • Scroll down to Real Time Protection Options
  • Uncheck Turn on Real Time Protection (recommended)
  • Close Windows Defender

Note: Once your log is clean you can re-enable Windows Defender Real Time Protection.


Flash Disinfector

  • Please download Flash_Disinfector and save it to your desktop.
  • Double click to run it.
  • You will be prompted to plug in your flash drive. Plug it in.
  • Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
  • When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
  • Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.[/quote]


OTMoveIt3

Download OTMoveIt3 by Old Timer and save it to your Desktop.
  • Double-click OTMoveIt3.exe to run it.
  • Copy the lines in the codebox below.
Code: Select all
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=-
"KernelFaultCheck"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{133b1f1f-9749-11dd-8a60-0016e65531df}]

:files
C:\Program Files\Common Files\Kaspersky Lab
C:\Program Files\Kaspersky Lab

:commands
[EmptyTemp]

  • Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3


Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply along with a fresh HijackThis log.


Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:
  • OTMOveIt3 Log
  • Kaspersky Log
  • A fresh HijackThis Log ( after all the above has been done)
  • How are things running now ?
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK
Top

Re: check my hijackthis logs

Unread postby Bio-Hazard » October 17th, 2008, 7:05 am

Hello!

Do you still need help?
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK
Top

Re: check my hijackthis logs

Unread postby Shaba » October 19th, 2008, 4:53 am

Due to Lack of Response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top
Advertisement
Register to Remove
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 149 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index