Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please help remove malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please help remove malware

Unread postby redders » September 15th, 2009, 10:10 pm

Hi, I believe I have a malware/trojan problem on my computer. My webroot scan identifies mal/Generic-A infection, when i try to clean it it appears to work but when i run another scan the file appears again. I also installed Avast, this finds the file gasfkysmmntuil.dll running in memory, identified as Win32:Alureon-CY. When i try to move it to chest the request is denied because "the file is being used by another process", however it does let me delete the file, but every time i run the scan it has reappeared. If i let avast run scan at boot up, it does not appear to find any infected files. I have downloaded HiJack this, and have the log file below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:35:03 AM, on 9/16/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\acs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvraidservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe
C:\Program Files\TP-LINK\TWCU\TWCU.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NVRaidService] "C:\WINDOWS\System32\nvraidservice.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SoundMan] "C:\WINDOWS\SOUNDMAN.EXE"
O4 - HKLM\..\Run: [CMPDPSRV] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE"
O4 - HKLM\..\Run: [Webroot Desktop Firewall] "C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe"
O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui
O4 - HKLM\..\Run: [MobileConnect] "%programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" /silent
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -RESTART
O4 - HKCU\..\Run: [AdwareAlert] "C:\Program Files\AdwareAlert\AdwareAlert.exe" -boot
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Fac ... der4_5.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8362064D-2C01-44D5-B149-B83236E89EC2}: NameServer = 203.2.193.67 202.135.30.4
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: Webroot Desktop Firewall network service (WDFNet) - Webroot Software Inc (http://www.webroot.com) - C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (http://www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

--
End of file - 7679 bytes



I woud really like to get this virus off my computer, any help would be appreciated.
Thank you
redders
Active Member
 
Posts: 3
Joined: September 15th, 2009, 9:45 pm
Advertisement
Register to Remove

Re: Please help remove malware

Unread postby Bob4 » September 20th, 2009, 11:50 am

_________________________________
Welcome to the Forums.

The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
If any other issues arise let me know.
The process is not instant.
Please continue to review my answers until I tell you your machine is clear.
Absence of symptoms does not mean that everything is clear.
So lets do this to the end!



  • Save and quit any work your doing before beginning the fix.
  • All hijackthis logs I ask for should be done in normal mode ( not safe mode)
  • These logs should be done last after you have followed my instructions in the previous post.
  • DO NOT be installing new programs while we are fixing this machine.
  • Be sure to use the subscribe button to receive notification by Email that you have been replied to.
    If I do not hear from you in 3 days from my last post this topic will be closed. You will need to start another.


Please if you decide to seek help at another forum let us know. There is a shortage of helpers and tying 2 of us up is a waste of time.
If you have any questions about any advice given here please STOP and ask!






_______________________________________
Download and install CCleaner from here


If you use either the Firefox/ Mozilla browsers, the box to uncheck for Cookies (using ccleaner) is on the Applications tab, under Firefox/Mozilla.
Image

  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
  • Reset Temp File Removal for Regular Use.
    Click on the Options block on the left. Select the Advanced button.
    Check "Only delete files in Windows Temp folders older than 48 hours".

    Now run the program by clicking on Run Cleaner

    ( Do not use the Registry function to clean anything with this program. Having anything auto clean your regisrty is risky).





    ______________________________________________
    Please download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please post the contents of that log.

    If you accidently close it you may find it here.
    Start -> All Programs -> Malwarebytes' Anti-Malware -> Logs






    _____________________________________________
    • Download Random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


    This log will also produce a Hijackthis log so NO reason to post one of those.




    _________________________
    In your next reply I would like to see:

    • The report from Malwarebytes
    • The report from RSIT

User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Please help remove malware

Unread postby redders » September 21st, 2009, 5:28 am

Hi, thank you for your reply. I have downloaded and run the programs you have asked and will attach the logs below. I need to mention that malwarebytes woudl not let me use the upgrade function, when i would click it, i received an error box with "error code 732 (0,0)". Not sure if this effected the scan results. I have previously run malwarebytes on this computer and it found alot more infected files, including the one running in memory.

Latest Malwarebytes log:

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2

9/21/2009 6:57:38 PM
mbam-log-2009-09-21 (18-57-38).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 212843
Time elapsed: 27 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\14819214 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)


RSIT Log File:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Redders at 2009-09-21 19:01:38
Microsoft Windows XP Professional Service Pack 2
System drive C: has 220 GB (72%) free of 305 GB
Total RAM: 1535 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:49 PM, on 9/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\acs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvraidservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE
C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe
C:\Program Files\TP-LINK\TWCU\TWCU.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Redders\My Documents\Downloads\RSIT(2).exe
C:\Program Files\Trend Micro\HijackThis\Redders.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NVRaidService] "C:\WINDOWS\System32\nvraidservice.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SoundMan] "C:\WINDOWS\SOUNDMAN.EXE"
O4 - HKLM\..\Run: [CMPDPSRV] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE"
O4 - HKLM\..\Run: [Webroot Desktop Firewall] "C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe"
O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -RESTART
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Fac ... der4_5.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8362064D-2C01-44D5-B149-B83236E89EC2}: NameServer = 203.2.193.67 202.135.30.4
O22 - SharedTaskScheduler: LgklebsiBit - {322BE8A0-3C33-4530-B996-538EB6C00156} - C:\WINDOWS\system32\lgklebsi.dll
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: Webroot Desktop Firewall network service (WDFNet) - Webroot Software Inc (www.webroot.com) - C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

--
End of file - 8289 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\WGASetup.job
C:\WINDOWS\tasks\wrSpySweeperFullSweep.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"=C:\WINDOWS\System32\nvraidservice.exe [2005-08-18 113152]
"NVMixerTray"=C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-10-07 131072]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-08-03 577536]
"CMPDPSRV"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE [2001-10-31 45056]
"Webroot Desktop Firewall"=C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe [2008-07-31 2401672]
"TWCU"=C:\Program Files\TP-LINK\TWCU\TWCU.exe [2006-03-15 348160]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-07-21 61440]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-09-15 198160]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-08-18 81000]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"SpySweeper"=C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2009-05-13 6345840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-09-10 420176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
"DriverMax_RESTART"=C:\Program Files\Innovative Solutions\DriverMax\devices.exe [2009-08-25 7924056]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-24 203928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2007-11-02 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-06-18 271360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2007-12-11 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [1999-03-22 65588]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-07-22 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
LgklebsiBit - {322BE8A0-3C33-4530-B996-538EB6C00156} - C:\WINDOWS\system32\lgklebsi.dll [2001-03-30 372736]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WDFNet]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRConsumerService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\CMpdpsrv.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\CMpdpsrv.exe:*:Enabled:PDP RPC Server"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b8a8a69-9d00-11de-8839-000fea7b1e85}]
shell\AutoRun\command - G:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b8a8a70-9d00-11de-8839-000fea7b1e85}]
shell\AutoRun\command - G:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4b8a8a71-9d00-11de-8839-000fea7b1e85}]
shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80a8607e-9e9c-11de-883b-000fea7b1e85}]
shell\AutoRun\command - G:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80a8607f-9e9c-11de-883b-000fea7b1e85}]
shell\AutoRun\command - F:\setup_vmc_lite.exe /checkApplicationPresence


======List of files/folders created in the last 1 months======

2009-09-21 19:01:38 ----D---- C:\rsit
2009-09-21 18:10:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-18 13:00:28 ----D---- C:\WINDOWS\ie8updates
2009-09-18 12:59:38 ----D---- C:\WINDOWS\WBEM
2009-09-18 12:59:25 ----HDC---- C:\WINDOWS\ie8
2009-09-18 12:59:25 ----D---- C:\WINDOWS\system32\en-US
2009-09-18 01:21:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-09-18 01:20:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-09-18 01:20:40 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-09-18 01:20:25 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-09-18 01:20:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-09-18 01:19:58 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-09-18 01:19:52 ----D---- C:\WINDOWS\system32\KB905474
2009-09-18 01:19:10 ----A---- C:\WINDOWS\system32\MRT.INI
2009-09-18 01:16:54 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-09-18 01:16:35 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-09-18 01:16:21 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-09-18 01:16:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-09-18 01:16:00 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-09-18 01:15:49 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-09-18 01:15:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-09-18 01:15:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-09-18 01:15:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-18 01:14:56 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-09-18 01:14:44 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-09-18 01:14:33 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-18 01:14:24 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-09-18 01:14:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-09-18 01:14:01 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-09-18 01:13:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-09-18 01:13:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-09-18 01:13:24 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-09-18 01:13:12 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-09-18 01:12:40 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-09-18 01:12:29 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-09-18 01:12:13 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-09-18 01:11:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-09-18 01:11:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-09-18 01:11:13 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-09-18 01:10:55 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-09-18 01:10:25 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-09-18 01:09:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-09-18 01:09:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-09-18 01:09:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-09-18 01:08:59 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-09-18 01:08:42 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-09-18 01:08:28 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-09-18 01:08:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-09-18 01:08:03 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-09-18 01:07:49 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2009-09-18 01:07:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-09-18 01:07:25 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-09-18 01:07:13 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-09-18 01:07:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-09-18 01:06:51 ----SHD---- C:\Config.Msi
2009-09-18 01:06:51 ----D---- C:\Program Files\MSXML 4.0
2009-09-18 01:06:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-09-18 01:05:38 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-09-18 01:05:07 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-09-18 01:04:36 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-09-18 01:03:43 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-09-16 14:18:52 ----D---- C:\Documents and Settings\Redders\Application Data\Media Player Classic
2009-09-16 14:15:05 ----D---- C:\Program Files\Essentials Codec Pack
2009-09-16 13:19:31 ----D---- C:\Program Files\SystemRequirementsLab
2009-09-16 13:19:25 ----D---- C:\Documents and Settings\Redders\Application Data\SystemRequirementsLab
2009-09-16 12:43:50 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2009-09-16 12:43:49 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2009-09-16 12:43:49 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2009-09-16 12:43:48 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2009-09-16 12:43:47 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2009-09-16 12:43:47 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2009-09-16 12:43:46 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2009-09-16 12:43:45 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-09-16 12:43:45 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-09-16 12:43:44 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-09-16 12:43:43 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-09-16 12:43:43 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-09-16 12:43:41 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-09-16 12:43:39 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-09-16 12:43:37 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-09-16 12:43:37 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-09-16 12:43:35 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-09-16 12:43:33 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-09-16 12:43:33 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-09-16 12:43:30 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-09-16 12:43:28 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-09-16 12:08:47 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-09-16 11:51:20 ----D---- C:\Documents and Settings\All Users\Application Data\XoftSpySE
2009-09-16 11:34:37 ----D---- C:\Program Files\Trend Micro
2009-09-16 11:27:28 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-09-16 11:04:59 ----A---- C:\WINDOWS\system32\idecoiins.dll
2009-09-15 02:05:38 ----D---- C:\Program Files\CCleaner
2009-09-15 02:03:01 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-09-15 02:02:59 ----D---- C:\Program Files\Alwil Software
2009-09-15 00:14:19 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-09-15 00:14:05 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-09-15 00:14:05 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-09-15 00:14:02 ----D---- C:\Program Files\Common Files\xing shared
2009-09-15 00:13:35 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-09-15 00:10:24 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2009-09-14 23:48:43 ----D---- C:\Documents and Settings\All Users\Application Data\ATI
2009-09-14 21:03:42 ----D---- C:\Documents and Settings\Redders\Application Data\Malwarebytes
2009-09-14 21:03:37 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-14 20:34:01 ----A---- C:\WINDOWS\system32\aticalrt.dll
2009-09-14 20:34:01 ----A---- C:\WINDOWS\system32\aticaldd.dll
2009-09-14 20:34:01 ----A---- C:\WINDOWS\system32\atibrtmon.exe
2009-09-14 20:34:01 ----A---- C:\WINDOWS\system32\amdpcom32.dll
2009-09-14 20:34:00 ----A---- C:\WINDOWS\system32\aticalcl.dll
2009-09-14 20:34:00 ----A---- C:\WINDOWS\system32\atiadlxx.dll
2009-09-14 02:14:51 ----D---- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
2009-09-14 02:14:46 ----D---- C:\Program Files\Innovative Solutions
2009-09-14 02:05:47 ----D---- C:\Program Files\RadarSyncPcupz
2009-09-14 01:52:18 ----D---- C:\Documents and Settings\Redders\Application Data\DriverCure
2009-09-14 01:52:13 ----D---- C:\Documents and Settings\All Users\Application Data\ParetoLogic
2009-09-14 01:52:13 ----D---- C:\Documents and Settings\All Users\Application Data\DriverCure
2009-09-14 01:35:47 ----D---- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2009-09-11 16:41:35 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #3.txt
2009-09-11 02:31:29 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-09-11 02:23:22 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2009-09-11 02:23:06 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-09-11 02:23:04 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-09-11 02:20:39 ----D---- C:\Program Files\Windows Media Connect 2
2009-09-11 02:20:13 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-09-11 02:18:33 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-09-11 02:17:49 ----D---- C:\WINDOWS\system32\LogFiles
2009-09-11 02:17:43 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2009-09-09 23:47:46 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem #2.txt
2009-09-09 15:29:14 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2009-09-09 15:22:24 ----D---- C:\Documents and Settings\Redders\Application Data\Vodafone
2009-09-09 15:22:22 ----D---- C:\Documents and Settings\All Users\Application Data\InstallShield
2009-09-09 15:22:01 ----D---- C:\Documents and Settings\All Users\Application Data\Vodafone
2009-09-09 15:21:52 ----D---- C:\Program Files\Vodafone
2009-09-09 15:14:29 ----D---- C:\WINDOWS\Prefetch
2009-09-09 15:00:05 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
2009-09-09 14:59:49 ----HDC---- C:\WINDOWS\$NtUninstallKB924191$
2009-09-09 14:59:32 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$
2009-09-09 14:59:16 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2009-09-09 14:59:00 ----HDC---- C:\WINDOWS\$NtUninstallKB922819$
2009-09-09 14:58:44 ----HDC---- C:\WINDOWS\$NtUninstallKB922616$
2009-09-09 14:58:28 ----HDC---- C:\WINDOWS\$NtUninstallKB921883$
2009-09-09 14:58:11 ----HDC---- C:\WINDOWS\$NtUninstallKB921398$
2009-09-09 14:57:55 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2009-09-09 14:57:38 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2009-09-09 14:57:23 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2009-09-09 14:57:08 ----HDC---- C:\WINDOWS\$NtUninstallKB919007$
2009-09-09 14:56:52 ----HDC---- C:\WINDOWS\$NtUninstallKB917953$
2009-09-09 14:56:36 ----HDC---- C:\WINDOWS\$NtUninstallKB917422$
2009-09-09 14:56:19 ----HDC---- C:\WINDOWS\$NtUninstallKB917344$
2009-09-09 14:56:03 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2009-09-09 14:55:44 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2009-09-09 14:55:28 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2009-09-09 14:55:11 ----HDC---- C:\WINDOWS\$NtUninstallKB912919$
2009-09-09 14:54:55 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2009-09-09 14:54:38 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2009-09-09 14:54:21 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2009-09-09 14:54:05 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2009-09-09 14:53:49 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2009-09-09 14:53:32 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2009-09-09 14:53:16 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2009-09-09 14:52:58 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2009-09-09 14:52:39 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2009-09-09 14:52:21 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2009-09-09 14:52:05 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2009-09-09 14:51:42 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2009-09-09 14:51:24 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2009-09-09 14:51:07 ----HDC---- C:\WINDOWS\$NtUninstallKB899589$
2009-09-09 14:50:51 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2009-09-09 14:50:33 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2009-09-09 14:50:15 ----HDC---- C:\WINDOWS\$NtUninstallKB896424$
2009-09-09 14:49:58 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2009-09-09 14:49:39 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2009-09-09 14:49:22 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2009-09-09 14:49:05 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2009-09-09 14:48:45 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2009-09-09 14:48:28 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2009-09-09 14:48:11 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2009-09-09 14:47:53 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2009-09-09 14:47:35 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$
2009-09-09 14:47:10 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2009-09-09 14:44:18 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-09-09 14:42:20 ----N---- C:\WINDOWS\system32\comsdupd.exe
2009-09-09 14:41:40 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-09-09 14:41:40 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-09-09 14:41:40 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-09-09 14:41:39 ----N---- C:\WINDOWS\system32\bthci.dll
2009-09-09 14:41:39 ----N---- C:\WINDOWS\system32\blastcln.exe
2009-09-09 14:41:39 ----N---- C:\WINDOWS\system32\auditusr.exe
2009-09-09 14:41:38 ----N---- C:\WINDOWS\system32\cmsetacl.dll
2009-09-09 14:41:38 ----N---- C:\WINDOWS\system32\btpanui.dll
2009-09-09 14:41:38 ----N---- C:\WINDOWS\system32\bthserv.dll
2009-09-09 14:41:37 ----N---- C:\WINDOWS\system32\extmgr.dll
2009-09-09 14:41:36 ----N---- C:\WINDOWS\system32\fwcfg.dll
2009-09-09 14:41:36 ----N---- C:\WINDOWS\system32\fsquirt.exe
2009-09-09 14:41:36 ----N---- C:\WINDOWS\system32\fltmc.exe
2009-09-09 14:41:36 ----N---- C:\WINDOWS\system32\fltlib.dll
2009-09-09 14:41:35 ----N---- C:\WINDOWS\system32\httpapi.dll
2009-09-09 14:41:35 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-09-09 14:41:34 ----N---- C:\WINDOWS\system32\ir50_qc.dll
2009-09-09 14:41:34 ----N---- C:\WINDOWS\system32\ir50_32.dll
2009-09-09 14:41:34 ----N---- C:\WINDOWS\system32\ir41_qcx.dll
2009-09-09 14:41:34 ----N---- C:\WINDOWS\system32\ir41_qc.dll
2009-09-09 14:41:33 ----N---- C:\WINDOWS\system32\kbdinbe1.dll
2009-09-09 14:41:33 ----N---- C:\WINDOWS\system32\kbdfi1.dll
2009-09-09 14:41:33 ----N---- C:\WINDOWS\system32\ir50_qcx.dll
2009-09-09 14:41:32 ----N---- C:\WINDOWS\system32\kbdno1.dll
2009-09-09 14:41:32 ----N---- C:\WINDOWS\system32\kbdmlt48.dll
2009-09-09 14:41:32 ----N---- C:\WINDOWS\system32\kbdmlt47.dll
2009-09-09 14:41:32 ----N---- C:\WINDOWS\system32\kbdmaori.dll
2009-09-09 14:41:32 ----N---- C:\WINDOWS\system32\kbdinmal.dll
2009-09-09 14:41:32 ----N---- C:\WINDOWS\system32\kbdinben.dll
2009-09-09 14:41:31 ----N---- C:\WINDOWS\system32\MP43DMOD.dll
2009-09-09 14:41:31 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2009-09-09 14:41:31 ----N---- C:\WINDOWS\system32\kbdukx.dll
2009-09-09 14:41:31 ----N---- C:\WINDOWS\system32\kbdsmsno.dll
2009-09-09 14:41:31 ----N---- C:\WINDOWS\system32\kbdsmsfi.dll
2009-09-09 14:41:30 ----N---- C:\WINDOWS\system32\msdadiag.dll
2009-09-09 14:41:30 ----N---- C:\WINDOWS\system32\MP4SDMOD.dll
2009-09-09 14:41:29 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2009-09-09 14:41:29 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-09-09 14:41:28 ----N---- C:\WINDOWS\system32\p2pnetsh.dll
2009-09-09 14:41:28 ----N---- C:\WINDOWS\system32\p2pgraph.dll
2009-09-09 14:41:28 ----N---- C:\WINDOWS\system32\p2pgasvc.dll
2009-09-09 14:41:28 ----N---- C:\WINDOWS\system32\p2p.dll
2009-09-09 14:41:27 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-09-09 14:41:27 ----N---- C:\WINDOWS\system32\powercfg.exe
2009-09-09 14:41:27 ----N---- C:\WINDOWS\system32\pnrpnsp.dll
2009-09-09 14:41:27 ----N---- C:\WINDOWS\system32\p2psvc.dll
2009-09-09 14:41:26 ----N---- C:\WINDOWS\system32\slgen.dll
2009-09-09 14:41:26 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-09-09 14:41:26 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-09-09 14:41:26 ----N---- C:\WINDOWS\system32\sdhcinst.dll
2009-09-09 14:41:25 ----N---- C:\WINDOWS\system32\strmfilt.dll
2009-09-09 14:41:25 ----N---- C:\WINDOWS\system32\smbinst.exe
2009-09-09 14:41:25 ----N---- C:\WINDOWS\system32\slserv.exe
2009-09-09 14:41:25 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-09-09 14:41:24 ----N---- C:\WINDOWS\system32\w3ssl.dll
2009-09-09 14:41:24 ----N---- C:\WINDOWS\system32\twext.dll
2009-09-09 14:41:23 ----N---- C:\WINDOWS\system32\wmpdxm.dll
2009-09-09 14:41:23 ----N---- C:\WINDOWS\system32\wmpasf.dll
2009-09-09 14:41:23 ----N---- C:\WINDOWS\system32\wmp.dll
2009-09-09 14:41:23 ----N---- C:\WINDOWS\system32\wmerror.dll
2009-09-09 14:41:23 ----N---- C:\WINDOWS\system32\winshfhc.dll
2009-09-09 14:41:22 ----N---- C:\WINDOWS\system32\wshbth.dll
2009-09-09 14:41:22 ----N---- C:\WINDOWS\system32\wscsvc.dll
2009-09-09 14:41:22 ----N---- C:\WINDOWS\system32\wscntfy.exe
2009-09-09 14:41:21 ----N---- C:\WINDOWS\system32\xmlprovi.dll
2009-09-09 14:41:21 ----N---- C:\WINDOWS\system32\xmlprov.dll
2009-09-09 14:41:20 ----N---- C:\WINDOWS\slrundll.exe
2009-09-09 14:41:12 ----D---- C:\WINDOWS\peernet
2009-09-09 14:41:07 ----D---- C:\WINDOWS\provisioning
2009-09-09 14:30:19 ----D---- C:\WINDOWS\ServicePackFiles
2009-09-09 14:23:42 ----A---- C:\WINDOWS\002549_.tmp
2009-09-09 14:16:57 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-09-09 14:16:49 ----D---- C:\WINDOWS\EHome
2009-09-09 03:01:35 ----A---- C:\WINDOWS\ModemLog_Nokia Nokia 6500 slide USB Modem #2.txt
2009-09-09 03:01:14 ----D---- C:\Scotts
2009-08-28 16:45:39 ----A---- C:\WINDOWS\system32\acs.exe
2009-08-28 16:45:35 ----A---- C:\WINDOWS\system32\wgapi.dll
2009-08-28 16:45:35 ----A---- C:\WINDOWS\system32\wcapi.dll
2009-08-28 16:45:35 ----A---- C:\WINDOWS\system32\athcfg11res.dll
2009-08-28 16:45:35 ----A---- C:\WINDOWS\system32\athcfg11.dll
2009-08-28 16:45:35 ----A---- C:\WINDOWS\system32\AegisI5.exe
2009-08-28 16:45:35 ----A---- C:\WINDOWS\system32\AegisE5.dll
2009-08-28 15:18:32 ----A---- C:\WINDOWS\system32\results.txt
2009-08-28 15:18:17 ----D---- C:\Program Files\TP-LINK
2009-08-28 15:17:14 ----D---- C:\temp

======List of files/folders modified in the last 1 months======

2009-09-21 18:58:56 ----D---- C:\WINDOWS\system32\drivers
2009-09-21 18:41:30 ----D---- C:\WINDOWS\Temp
2009-09-21 18:10:06 ----RD---- C:\Program Files
2009-09-21 17:54:26 ----D---- C:\WINDOWS\Debug
2009-09-21 17:54:26 ----D---- C:\WINDOWS
2009-09-21 17:46:14 ----D---- C:\WINDOWS\system32
2009-09-21 17:45:13 ----D---- C:\Program Files\Mozilla Firefox
2009-09-21 17:41:46 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-21 01:51:12 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-09-18 13:23:01 ----A---- C:\WINDOWS\NeroDigital.ini
2009-09-18 13:13:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-18 13:13:56 ----HD---- C:\WINDOWS\inf
2009-09-18 13:13:56 ----D---- C:\WINDOWS\Help
2009-09-18 13:13:56 ----D---- C:\Program Files\Internet Explorer
2009-09-18 13:00:46 ----HD---- C:\WINDOWS\$hf_mig$
2009-09-18 12:59:52 ----D---- C:\WINDOWS\system32\config
2009-09-18 12:59:35 ----D---- C:\WINDOWS\Media
2009-09-18 12:44:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-18 12:39:57 ----D---- C:\WINDOWS\system32\wbem
2009-09-18 12:39:57 ----D---- C:\WINDOWS\system32\Setup
2009-09-18 12:39:57 ----D---- C:\WINDOWS\AppPatch
2009-09-18 01:20:28 ----D---- C:\Program Files\Messenger
2009-09-18 01:19:52 ----SD---- C:\WINDOWS\Tasks
2009-09-18 01:14:47 ----D---- C:\WINDOWS\WinSxS
2009-09-18 01:11:41 ----D---- C:\Program Files\Outlook Express
2009-09-18 01:06:55 ----SHD---- C:\WINDOWS\Installer
2009-09-16 14:12:05 ----D---- C:\Program Files\DivX
2009-09-16 14:10:26 ----D---- C:\Program Files\Common Files\DivX Shared
2009-09-16 12:43:52 ----D---- C:\WINDOWS\system32\DirectX
2009-09-16 12:35:34 ----D---- C:\Program Files\Common Files
2009-09-16 11:22:21 ----D---- C:\WINDOWS\SoftwareDistribution
2009-09-16 11:07:25 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-09-16 11:04:59 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-09-16 10:59:02 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-16 10:57:48 ----D---- C:\Documents and Settings\Redders\Application Data\My Games
2009-09-16 10:56:36 ----D---- C:\Program Files\Warcraft III
2009-09-16 10:56:29 ----D---- C:\Program Files\Common Files\AVSMedia
2009-09-16 10:56:24 ----D---- C:\Program Files\AVSMedia
2009-09-15 18:54:13 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-09-15 02:09:29 ----D---- C:\WINDOWS\Minidump
2009-09-15 00:16:46 ----A---- C:\WINDOWS\cdplayer.ini
2009-09-15 00:15:46 ----D---- C:\Documents and Settings\Redders\Application Data\Real
2009-09-15 00:14:27 ----D---- C:\Program Files\Common Files\Real
2009-09-14 23:55:00 ----D---- C:\Program Files\Steam
2009-09-14 23:39:43 ----RSD---- C:\WINDOWS\assembly
2009-09-14 23:39:30 ----D---- C:\Program Files\ATI Technologies
2009-09-14 22:09:46 ----D---- C:\WINDOWS\security
2009-09-11 02:21:30 ----A---- C:\WINDOWS\win.ini
2009-09-11 02:20:34 ----D---- C:\Program Files\Windows Media Player
2009-09-10 00:01:09 ----SD---- C:\Documents and Settings\Redders\Application Data\Microsoft
2009-09-09 15:21:52 ----D---- C:\Program Files\Common Files\InstallShield
2009-09-09 15:19:06 ----D---- C:\Program Files\MSN Messenger
2009-09-09 15:17:08 ----D---- C:\WINDOWS\system32\inetsrv
2009-09-09 15:13:43 ----SHD---- C:\System Volume Information
2009-09-09 15:12:35 ----D---- C:\WINDOWS\msagent
2009-09-09 15:12:34 ----RSD---- C:\WINDOWS\Fonts
2009-09-09 15:00:16 ----D---- C:\WINDOWS\system32\CatRoot
2009-09-09 14:52:51 ----D---- C:\WINDOWS\system32\Com
2009-09-09 14:44:36 ----RASH---- C:\boot.ini
2009-09-09 14:43:58 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-09-09 14:42:15 ----D---- C:\WINDOWS\ime
2009-09-09 14:41:20 ----D---- C:\WINDOWS\system32\oobe
2009-09-09 14:41:12 ----D---- C:\Program Files\Movie Maker
2009-09-09 14:29:35 ----D---- C:\WINDOWS\system32\Restore
2009-09-09 14:29:35 ----D---- C:\WINDOWS\system32\npp
2009-09-09 14:29:34 ----D---- C:\WINDOWS\mui
2009-09-09 14:29:31 ----D---- C:\WINDOWS\srchasst
2009-09-09 14:29:25 ----D---- C:\Program Files\NetMeeting
2009-09-09 14:29:15 ----D---- C:\Program Files\Windows NT
2009-09-09 14:29:00 ----D---- C:\Program Files\Common Files\System
2009-09-09 14:27:52 ----D---- C:\WINDOWS\system32\usmt
2009-09-09 14:27:48 ----D---- C:\WINDOWS\system
2009-09-09 14:25:16 ----RD---- C:\WINDOWS\Web
2009-09-09 14:24:37 ----RASH---- C:\NTDETECT.COM
2009-08-29 07:38:20 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-18 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-18 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-18 51376]
R1 pwipf6;pwipf6; C:\WINDOWS\system32\drivers\pwipf6.sys [2008-07-31 103304]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-07 33052]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [2008-06-20 225920]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\System32\DRIVERS\AegisP.sys [2009-08-28 17801]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-18 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-18 94160]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2001-08-23 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2001-08-23 55936]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-08-18 4017536]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-18 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2009-07-22 3565056]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-18 9600]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-12-30 101120]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [2004-08-03 163584]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\System32\DRIVERS\tunmp.sys [2004-08-03 12416]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [2007-12-06 285952]
S3 a08xqj2b;a08xqj2b; C:\WINDOWS\system32\drivers\a08xqj2b.sys []
S3 AR5523;TP-LINK TL-WN620G 11G Wireless Adapter Service; C:\WINDOWS\System32\DRIVERS\ar5523.sys [2006-01-16 360288]
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
S3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-03 32512]
S3 OVT511Plus;Dual Mode USB Camera Plus; C:\WINDOWS\System32\Drivers\omcamvid.sys [2001-09-18 167816]
S3 rtl8139;Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2001-08-23 25434]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter; C:\WINDOWS\System32\Drivers\sskbfd.sys [2008-01-04 23920]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\System32\DRIVERS\TVICHW32.SYS []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 Wdf01000;Wdf01000; C:\WINDOWS\System32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 ACS;TP-LINK Configuration Service; C:\WINDOWS\System32\acs.exe [2005-08-05 36864]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-08-18 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-07-22 602112]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-08-18 138680]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-21 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-29 275968]
R2 VMCService;Vodafone Mobile Connect Service; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2008-11-04 14336]
R2 WDFNet;Webroot Desktop Firewall network service; C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe [2008-07-31 353672]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2009-04-21 4048240]
R2 WRConsumerService;Webroot Client Service; C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe [2009-05-21 1205760]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-08-18 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-08-18 352920]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-07-21 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-03-08 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-11-02 504104]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-03 86016]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-06-15 300544]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []

-----------------EOF-----------------



RSIT Info File:

info.txt logfile of random's system information tool 1.06 2009-09-21 19:01:53

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNMP.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash CS3 Professional-->C:\Program Files\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Reader 8.1.6-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Age of Booty-->"C:\Program Files\Steam\steam.exe" steam://uninstall/21600
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x5c53
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Catalyst Control Center - Branding-->MsiExec.exe /I{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
cladDVD .NET v3.5.6-->MsiExec.exe /I{76BD2E01-DBD1-424C-8CB4-7B55CC4B2452}
Compaq IJ650 Inkjet Printer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88739060-F683-11D3-B761-00105AD153C7}\Setup.exe" UNINSTALL
Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DriverMax 5-->"C:\Program Files\Innovative Solutions\DriverMax\unins000.exe"
DVD Flick-->"C:\Program Files\DVD Flick\unins000.exe"
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
e-tax 2009-->MsiExec.exe /X{919F3D91-8374-410F-932B-A126F2C85426}
FinalBurner Free v1.25.0.118-->"C:\Program Files\FinalBurner\Uninstall.exe" "C:\Program Files\FinalBurner\install.log" -u
Half-Life 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/220
Harvest: Massive Encounter-->"C:\Program Files\Steam\steam.exe" steam://uninstall/15400
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Innovative System Optimizer - version 3-->"C:\Program Files\Innovative Solutions\Innovative System Optimizer - version 3\unins000.exe"
iTunes-->MsiExec.exe /I{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}
Java(TM) 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LgklebsiBit-->MsiExec.exe /I{DB4464A7-0DB0-4292-A7C3-8709F64CB56B}
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Maxell Max-Cam-->C:\WINDOWS\twain_32\ovt\usb\Unwise.exe /U C:\WINDOWS\twain_32\ovt\usb\INSTALL.LOG
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 and SOAP Toolkit 3.0-->MsiExec.exe /I{32343DB6-9A52-40C9-87E4-5E7C79791C87}
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
Nokia Connectivity Cable Driver-->MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_APAC.exe
Nokia PC Suite-->MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}
NVIDIA Drivers-->C:\WINDOWS\System32\NVUNINST.EXE UninstallGUI
NvMixer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\Setup.exe" -uninstall
PC Connectivity Solution-->MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Power DVD Player -->C:\Program Files\Power DVD Player\uninst.exe
Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Security Update for Microsoft .NET Framework 2.0 (KB917283)-->C:\WINDOWS\System32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Microsoft .NET Framework 2.0 (KB922770)-->C:\WINDOWS\System32\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 8 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Sid Meier's Pirates!-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{1632FD86-1BA4-4FC4-8B25-A8C655D63F68} /l1033
Spy Sweeper Core-->MsiExec.exe /I{3F5B6210-0903-4DC6-8034-8F488AA3A782}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Team Fortress 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/440
TP-LINK Wireless Client Utility Installation Program-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -l0x9 -removeonly
Tribes 2-->C:\Dynamix\Tribes2\UNWISE.EXE C:\Dynamix\Tribes2\INSTALL.LOG
Update for Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Virtual Cable Tester-->MsiExec.exe /X{3D654496-9C3D-4565-858C-3E551ECDA4E2}
Vodafone Mobile Connect-->MsiExec.exe /X{8B3776EC-5F0A-4996-A7DF-BB5DA95B240E}
Webroot AntiVirus with AntiSpyware-->"C:\Program Files\Webroot\Spy Sweeper\unins002.exe" /Log="C:\DOCUME~1\Redders\LOCALS~1\Temp\Uninstall.txt"
Webroot Desktop Firewall-->MsiExec.exe /X{7F2EAC76-8BC7-473F-9E2D-3373FD693797}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\System32\DRVSTORE\pccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\System32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\System32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\System32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf
Windows Essentials Media Codec Pack 2.3d-->C:\Program Files\Essentials Codec Pack\uninst.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinPcap 3.1-->C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"

======Security center information======

AV: Webroot AntiVirus with AntiSpyware
AV: avast! antivirus 4.8.1351 [VPS 090914-0] (outdated)
FW: Webroot Desktop Firewall

======System event log======

Computer Name: REDPATH
Event Code: 10010
Message: The server {A0717E52-8AC8-4DD9-8682-0B76775125E6} did not register with DCOM within the required timeout.

Record Number: 26436
Source Name: DCOM
Time Written: 20090904010321.000000+600
Event Type: error
User: REDPATH\Redders

Computer Name: REDPATH
Event Code: 26
Message: Failed to set monitor event rule.

Record Number: 26432
Source Name: SSIDRV
Time Written: 20090904010136.000000+600
Event Type: error
User:

Computer Name: REDPATH
Event Code: 16
Message: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Record Number: 26431
Source Name: Windows Update Agent
Time Written: 20090904005803.000000+600
Event Type: error
User:

Computer Name: REDPATH
Event Code: 5001
Message: TP-LINK TL-WN620G 11G Wireless Adapter : Could not allocate the resources necessary for operation.

Record Number: 26417
Source Name: AR5523
Time Written: 20090904005624.000000+600
Event Type: error
User:

Computer Name: REDPATH
Event Code: 26
Message: Failed to set monitor event rule.

Record Number: 26408
Source Name: SSIDRV
Time Written: 20090903021824.000000+600
Event Type: error
User:

=====Application event log=====

Computer Name: REDPATH
Event Code: 1015
Message: The timeout waiting for the performance data collection function "PerfDisk"
in the "C:\WINDOWS\system32\perfdisk.dll" Library to finish has expired. There may be a problem with
this extensible counter or the service it is collecting data from or the
system may have been very busy when this call was attempted.

Record Number: 31857
Source Name: Perflib
Time Written: 20090810031057.000000+600
Event Type: error
User:

Computer Name: REDPATH
Event Code: 1015
Message: The timeout waiting for the performance data collection function "PerfDisk"
in the "C:\WINDOWS\system32\perfdisk.dll" Library to finish has expired. There may be a problem with
this extensible counter or the service it is collecting data from or the
system may have been very busy when this call was attempted.

Record Number: 31854
Source Name: Perflib
Time Written: 20090810025113.000000+600
Event Type: error
User:

Computer Name: REDPATH
Event Code: 1015
Message: The timeout waiting for the performance data collection function "PerfDisk"
in the "C:\WINDOWS\system32\perfdisk.dll" Library to finish has expired. There may be a problem with
this extensible counter or the service it is collecting data from or the
system may have been very busy when this call was attempted.

Record Number: 31851
Source Name: Perflib
Time Written: 20090810013324.000000+600
Event Type: error
User:

Computer Name: REDPATH
Event Code: 1015
Message: The timeout waiting for the performance data collection function "PerfDisk"
in the "C:\WINDOWS\system32\perfdisk.dll" Library to finish has expired. There may be a problem with
this extensible counter or the service it is collecting data from or the
system may have been very busy when this call was attempted.

Record Number: 31848
Source Name: Perflib
Time Written: 20090810000519.000000+600
Event Type: error
User:

Computer Name: REDPATH
Event Code: 1015
Message: The timeout waiting for the performance data collection function "PerfDisk"
in the "C:\WINDOWS\system32\perfdisk.dll" Library to finish has expired. There may be a problem with
this extensible counter or the service it is collecting data from or the
system may have been very busy when this call was attempted.

Record Number: 31847
Source Name: Perflib
Time Written: 20090810000501.000000+600
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\DivX Shared\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 31 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=1f00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------
redders
Active Member
 
Posts: 3
Joined: September 15th, 2009, 9:45 pm

Re: Please help remove malware

Unread postby Bob4 » September 21st, 2009, 7:57 am

Not alot showing up yet.

_____________________________
Submit a file to Jotti
Please go here : http://virusscan.jotti.org/
On top of the page there is a field to add the filepath, copy and paste this filepath in there.
If theres is more than one file to scan, insert them 1 at a time.


C:\WINDOWS\system32\lgklebsi.dll
C:\WINDOWS\system32\drivers\a08xqj2b.sys

The second one may not be present.



Then hit Submit
The scan will take a while before the result comes up so please be patient.
Then copy the result and post it here in this thread.

You may recieve a message stating "
"The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file"

Just let me know if that is what you saw.

If Jotti's service load is too high, you can use the following scanner instead:
http://www.virustotal.com/xhtml/index_en.html


____________________________________



ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however you may need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!




________________________________________
  • Create a floder on your desktop call gmer.
  • Download gmer.zip by GMER from here and extract it to the folder you just made on your desktop
  • click on gmer.exe to run the program
  • If asked, allow the gmer.sys driver to load
  • If it warns you about rootkit activity and asks if you want to run scan, click OK
  • If you don't get a warning, click the Rootkit/Malware tab and then Scan
    (The scan typically takes around 30 minutes to complete)
  • Once the scan has finished, click copy
    (There is no message displayed when the scan is finished, it will simply stop going through files)
  • A log will now be copied to the clip board
  • Paste this log into your next reply



____________________________________


  • Is spysweeper still finding that file ?
  • Does it find the same file all the time or does the file change names ?
  • Can you show me the log .
  • I would be interested to know where it's finding this infection.
    Or type out exactly what it is reporting.







_________________________
In your next reply I would like to see:
  • Answer those questions
  • The report from GMER
  • The report from Nod32
  • The report from Jotti/virus total
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Please help remove malware

Unread postby NonSuch » September 27th, 2009, 1:51 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 280 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware