Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

kids were allowed to have "fun" with this computer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

kids were allowed to have "fun" with this computer

Unread postby ejames82 » December 28th, 2009, 2:03 pm

Hi,

i have been a malwareremoval member now for over two years. great site.

this computer was used in a recreation center, where kids surfed unsupervised. after the not-for-profit government agency figures it would cost more to fix than the computer is worth, they offer it to my wife. it was badly infected with about 600 objects, and to top it off "antivirus plus" did a "scan" as soon as windows desktop appeared. fortunately i was able to install antimalware programs from usb, then run them in safe mode. it appears that the infections are removed, but there are processes in the startup and services that i don't recognize. as i removed what the scanners found, the computer would steadily get faster, but it's still slow, and during a panda scan the computer rebooted about half way through the scan, twice. i quit trying to use panda. i do disable the residential avg antivirus when i scan with another program. if this operating system is intact it would be worth investing in a ram upgrade.
here is a hijackthis log and uninstall list. thank you.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:04 AM, on 12/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us4.hpwis.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 1366806265
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1366794203
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: kuvimulo.dll c:\windows\system32\migitiho.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7445 bytes


Adobe Acrobat 5.0
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
a-squared Free 4.5
AVG Free 9.0
Easy Internet Sign-up
ERUNT 1.1j
ESET Online Scanner v3
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976098-v2)
ImgBurn
Java(TM) 6 Update 17
KBD
Kerio Personal Firewall 2.1.5
Malwarebytes' Anti-Malware
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.11)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Windows 2000/XP Display Drivers
PS2
Python 1.5 combined Win32 extensions
Python 1.5.2 (final)
Revo Uninstaller 1.83
Revo Uninstaller Pro 2.0.1
S3 Gamma
S3 Savage4 Family Display Switch2 Utility
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB976325)
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Tcl 8.0.5 for Windows
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 8
Windows XP Service Pack 3
WinZip Self-Extractor
ejames82
Regular Member
 
Posts: 54
Joined: December 2nd, 2007, 4:34 pm
Location: syracuse, new york
Advertisement
Register to Remove

Re: kids were allowed to have "fun" with this computer

Unread postby MWR 3 day Mod » December 31st, 2009, 8:51 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: kids were allowed to have "fun" with this computer

Unread postby xixo_12 » January 2nd, 2010, 10:26 am

Hello and Welcome to Malware Removal Forums.
  • My name is xixo_12 and I will guide you to encounter the problem that you have now.
  • We will work together and I need your attention to read all those instruction carefully.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • You may wish to print them off or copy the instruction into Notepad.
  • If you have any question please don't hesitate to ask.
  • The instructions that I will give to you are specific to your current problem and shouldn't be used on other systems.
  • If you are receiving help or have received help on this problem elsewhere, please let us know.
  • Please post your replies to this thread only and keep interact with me until your computer is clean.

Everything I post to you will be review by MRU Teacher. This process will impact my response time to you. Be patient. ;)
Please! If you need more time to do all the instructions, let me know before 72hours is done. Otherwise, your thread will be closed

Please make sure you have done your reading on this topic : How to get help at this forum

I will back to you soon :)
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: kids were allowed to have "fun" with this computer

Unread postby xixo_12 » January 3rd, 2010, 11:24 am

Hi,

First,
Advices.
============

SUPERAntiSpyware.
CAUTION: SuperAntiSpyware comes with a utility called Bootsafe
  • Do not for any reason to use it, if used on an infected computer it could render it UNBOOTABLE.

============

Next,
Msconfig in auto mode.
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

Msconfig in your sytem running in /auto mode which means that you removed some item to startup automatically. This is very dangerous if it's really a malware.
Now :
  • Click on Start > run.
  • Type msconfig > Hit on enter.
  • Windows will popup > Click on startup tab.
  • Put check for each entry.
  • Click OK.
Note: Please Do not restart, if you prompt to do so.

Next,
Multiple Anti-virus Programs
  • Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer.
  • Having two or more anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.
  • Installed antivirus on your system:
    a-squared Free 4.5
    AVG Free 9.0
  • Please remove the others and leave only one antivirus running now.

Next,
Remove programs.
Please Click on Start > Control Panel > Add/Remove Programs
Remove the listed program(s) by clicking Remove
Spybot - Search & Destroy <<You can reinstall it after the system is clean


Next,
Reboot into usual account.

Next,
RSIT by random/random.
Please download from HERE and save to the desktop.
  • Double-click on RSIT.exe to run the tool.
  • Click Continue at the disclaimer screen.
  • Once it finishes, two logs will open.
    • log.txt will be opened maximized
    • info.txt will be opened minimized
  • Please post the contents of both logs in your next post.
***You can find manually the log at C:\rsit

Next,
GMER.
Please download from HERE and save to the desktop.
  • Disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on executable file (random name) to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan,click NO.
  • Click on >>> symbol and choose on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..

Next,
Checklist.
Please post.
  • Content of log.txt and info.txt (Find both in c:\rsit)
  • Content of gmer.txt
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: kids were allowed to have "fun" with this computer

Unread postby ejames82 » January 3rd, 2010, 2:55 pm

xixo_12,

thanks for replying to my post and helping me.
yes, i have unchecked items in both services and startup in msconfig. i have several antimalware programs installed, but the boxes are unchecked (except AVG, the residential AV, all boxes are checked for AVG) so that no processes are allowed to run. i thought that by unchecking the box, the particular service of the particular program was not allowed to run.

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
does this entry from my hijackthis mean ALL programs run automatically, whether the box is checked or not? :shock:
to make things easier for both of us, i will remove all antimalware programs except AVG if you allow me to.

is it ok if i use revouninstaller to uninstall? if no, i will gladly use add/remove. not a problem, just thought i'd ask.

all these items were unchecked in msconfig>startup:

iTunesHelper
mcinfo --(i am not aware of any mcafee on this computer, or i would have used it)
NeroCheck
QTTask
TeaTimer --(spybot, will gladly remove)
SuperAntiSpyware --(will remove)
realsched
VerizonOnlineSup...
EZNet Startup
LimeWire On Startup

i would prefer to remove all of these programs. they were installed by the kids at the community center.

i promise not to be too much of a pain, but i know that i am not supposed to go on to the next step until this one is resolved. thank you for your time and expertise.
ejames82
Regular Member
 
Posts: 54
Joined: December 2nd, 2007, 4:34 pm
Location: syracuse, new york

Re: kids were allowed to have "fun" with this computer

Unread postby xixo_12 » January 4th, 2010, 12:53 am

Hi,

does this entry from my hijackthis mean ALL programs run automatically, whether the box is checked or not? :shock:
to make things easier for both of us, i will remove all antimalware programs except AVG if you allow me to.

Please follow exactly same as per instructions. While I am helping you with your computer, please don't Install, Uninstall, remove or change anything unless I ask. :)

i would prefer to remove all of these programs. they were installed by the kids at the community center.

Some of it appear to be a legit programs and I will take care of it. I will give the set of instruction and advice. Do not worry. :)

Next,
Please provide the logs as below :
Checklist.
Please post.
  • Content of log.txt and info.txt (Find both in c:\rsit)
  • Content of GMER.txt
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: kids were allowed to have "fun" with this computer

Unread postby ejames82 » January 4th, 2010, 9:32 am

xixo_12,

sorry we got off on the wrong foot. my fault.

i did this per your instructions:
1. checked all boxes in msconfig>startup
2. i removed all antimalware programs via add/remove. i did not use revo.
3. ran rsit. logs will be included.
4. ran gmer scan. logs will be included.

gmer scan detected rootkit activity. i have a feeling you're going to say the OS will never be trustworthy. don't worry, what's on this hard drive will never be used to send or receive personal data of any kind. there definitely won't be online purchases or banking, to say the least. i would like to continue to clean as good as possible (if that's ok).

i would still like to politely and respectfully ask about this:
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
when, and if, you are ready, i have my listening ears on.

thank you.


Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2010-01-04 01:13:47
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 19 GB (56%) free of 33 GB
Total RAM: 510 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:14:28 AM, on 1/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://srch-us4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us4.hpwis.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 1366806265
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1366794203
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: kuvimulo.dll c:\windows\system32\migitiho.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7010 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\ (YOUR-W92P4BHLZG-Owner).job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Registration reminder 2.job
C:\WINDOWS\tasks\Registration reminder 3.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2009-12-23 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-25 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"S3TRAY2"=C:\WINDOWS\system32\S3tray2.exe [2001-10-04 69632]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2001-06-15 212992]
"PS2"=C:\WINDOWS\system32\ps2.exe [2001-07-03 81920]
"NvCplDaemon"=NvQTwk,NvCplDaemon initialize []
"KBD"=C:\HP\KBD\KBD.EXE [2001-07-06 61440]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2001-08-07 143360]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2001-08-07 90112]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 169984]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-01-02 2033432]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-25 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msci]
c:\program files\mcafee.com\shared\mcinfo.exe /insfin []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-08-06 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe -atboottime []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-08-02 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AntiVirus Plus.lnk]
C:\Documents and Settings\Owner\Application Data\AntiVirus Plus\AntiVirus Plus.70367223.dll, start 70367223 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
C:\PROGRA~1\VERIZO~1\SUPPOR~1\bin\matcli.exe [2002-08-06 204800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^AntiVirus Plus.lnk]
C:\Documents and Settings\Owner\Application Data\AntiVirus Plus\AntiVirus Plus.70367223.dll, start 70367223 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^EZNet Startup.lnk]
C:\WINDOWS\eznrbt.exe [2000-05-09 61952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\DOCUME~1\Owner\MYDOCU~1\MYMUSI~1\LimeWire\LimeWire.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"a2free"=2
"McTskshd.exe"=2
"McDetect.exe"=2
"Lavasoft Ad-Aware Service"=2
"wuauserv"=2
"wscsvc"=2
"JavaQuickStarterService"=2

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="kuvimulo.dll c:\windows\system32\migitiho.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-12-23 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\SYSTEM32\winlogon.exe"="C:\WINDOWS\SYSTEM32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\SYSTEM32\logonui.exe"="C:\WINDOWS\SYSTEM32\logonui.exe:*:Enabled:logonui"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-01-04 01:13:47 ----D---- C:\rsit
2009-12-30 09:59:18 ----D---- C:\Program Files\CCleaner
2009-12-25 16:13:47 ----D---- C:\Program Files\Panda Security
2009-12-25 11:36:25 ----D---- C:\WINDOWS\McAfee.com
2009-12-25 08:30:32 ----A---- C:\WINDOWS\system32\javaws.exe
2009-12-25 08:30:32 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-12-25 08:30:31 ----A---- C:\WINDOWS\system32\javaw.exe
2009-12-25 08:30:31 ----A---- C:\WINDOWS\system32\java.exe
2009-12-25 08:27:20 ----D---- C:\Program Files\Java
2009-12-24 23:24:26 ----D---- C:\WINDOWS\ERDNT
2009-12-24 23:24:03 ----D---- C:\Program Files\ERUNT
2009-12-24 23:05:34 ----D---- C:\Program Files\Trend Micro
2009-12-23 23:24:19 ----HD---- C:\$AVG
2009-12-23 23:23:52 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-12-23 23:22:12 ----D---- C:\Program Files\AVG
2009-12-23 23:22:07 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2009-12-23 23:05:16 ----D---- C:\Program Files\Kerio
2009-12-23 17:52:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-23 17:51:48 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2009-12-23 17:51:28 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-23 17:51:09 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-23 17:50:55 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-23 17:50:36 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-23 17:50:17 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2009-12-23 17:50:00 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-12-23 17:49:34 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-12-23 17:49:18 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-12-23 17:49:02 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-12-23 17:48:48 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-12-23 17:48:33 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-12-23 17:48:18 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-12-23 17:48:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-12-23 17:48:02 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-12-23 17:47:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-12-23 17:45:58 ----D---- C:\WINDOWS\ie8updates
2009-12-23 17:44:33 ----D---- C:\WINDOWS\WBEM
2009-12-23 17:43:09 ----HDC---- C:\WINDOWS\ie8
2009-12-23 17:39:58 ----A---- C:\WINDOWS\system32\MRT.exe
2009-12-23 15:24:57 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-12-23 15:24:43 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-12-23 15:24:25 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-12-23 15:24:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-12-23 15:23:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-12-23 15:23:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-12-23 15:23:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-12-23 15:22:51 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-12-23 15:22:35 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-12-23 15:22:24 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-12-23 15:21:59 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-12-23 15:21:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-12-23 15:08:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-12-23 15:06:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-12-23 15:05:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-12-23 15:02:43 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-12-23 15:01:24 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-12-23 14:57:59 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-12-23 14:53:48 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-12-23 14:52:11 ----N---- C:\WINDOWS\system32\ieencode.dll
2009-12-21 08:18:19 ----D---- C:\Documents and Settings\Owner\Application Data\ImgBurn
2009-12-21 08:15:47 ----D---- C:\Program Files\ImgBurn
2009-12-21 00:23:13 ----D---- C:\WINDOWS\Prefetch
2009-12-21 00:03:34 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-12-21 00:03:07 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-12-21 00:02:44 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-12-21 00:02:11 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-12-21 00:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
2009-12-21 00:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-12-21 00:01:03 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-12-21 00:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-12-21 00:00:30 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-12-21 00:00:08 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-12-20 23:59:51 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-12-20 23:59:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-12-20 23:59:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-12-20 23:59:05 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-12-20 23:58:40 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-12-20 23:58:22 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-12-20 23:58:07 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-12-20 23:57:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-12-20 23:57:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-12-20 23:57:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-12-20 23:56:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-12-20 23:56:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2009-12-20 23:55:42 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-12-20 23:55:26 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-12-20 23:55:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-12-20 23:54:29 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2009-12-20 23:54:05 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-12-20 23:53:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-12-20 23:53:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-12-20 23:53:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-12-20 23:52:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-12-20 23:52:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-12-20 23:52:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-12-20 23:52:08 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-12-20 23:51:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-12-20 23:51:41 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-12-20 23:51:32 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-12-20 23:50:58 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-12-20 23:37:57 ----D---- C:\WINDOWS\system32\en-us
2009-12-20 23:37:54 ----D---- C:\WINDOWS\system32\scripting
2009-12-20 23:37:51 ----D---- C:\WINDOWS\l2schemas
2009-12-20 23:37:49 ----D---- C:\WINDOWS\system32\en
2009-12-20 23:28:16 ----D---- C:\WINDOWS\network diagnostic
2009-12-20 22:40:46 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-12-20 22:07:59 ----D---- C:\XPSETUP
2009-12-20 08:27:11 ----D---- C:\WINDOWS\BDOSCAN8
2009-12-19 10:35:04 ----D---- C:\Program Files\VS Revo Group
2009-12-19 00:28:43 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-12-18 21:09:33 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2009-12-18 19:59:08 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-18 13:54:35 ----D---- C:\Program Files\SUPERAntiSpyware
2009-12-18 13:54:35 ----D---- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2009-12-18 06:50:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-18 06:50:58 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-12-17 20:58:55 ----D---- C:\Program Files\a-squared Free

======List of files/folders modified in the last 1 months======

2010-01-04 01:07:02 ----D---- C:\WINDOWS\Temp
2010-01-04 01:07:02 ----AD---- C:\WINDOWS
2010-01-04 01:06:49 ----A---- C:\WINDOWS\ModemLog_Lucent Win Modem.txt
2010-01-04 01:05:11 ----RD---- C:\Program Files
2010-01-04 01:05:11 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-01-04 01:04:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-04 01:02:13 ----D---- C:\Config.Msi
2010-01-04 01:02:08 ----SHD---- C:\WINDOWS\Installer
2010-01-04 01:01:00 ----D---- C:\WINDOWS\system32\drivers
2010-01-04 00:55:47 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-30 09:59:43 ----D---- C:\WINDOWS\Debug
2009-12-30 09:59:39 ----D---- C:\WINDOWS\Minidump
2009-12-28 08:04:34 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-26 14:17:06 ----D---- C:\WINDOWS\INF
2009-12-26 14:06:27 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-26 13:58:12 ----RASH---- C:\BOOT.INI
2009-12-26 13:58:12 ----A---- C:\WINDOWS\win.ini
2009-12-26 13:58:12 ----A---- C:\WINDOWS\System.ini
2009-12-25 10:02:07 ----SD---- C:\WINDOWS\Tasks
2009-12-25 10:02:07 ----AD---- C:\WINDOWS\SYSTEM32
2009-12-25 08:18:39 ----D---- C:\Program Files\Lavasoft
2009-12-25 00:04:54 ----D---- C:\WINDOWS\pss
2009-12-24 23:14:14 ----D---- C:\Program Files\Mozilla Firefox
2009-12-23 23:46:36 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-12-23 23:45:08 ----D---- C:\WINDOWS\$hf_mig$
2009-12-23 23:21:39 ----D---- C:\WINDOWS\WinSxS
2009-12-23 23:05:15 ----HD---- C:\Program Files\InstallShield Installation Information
2009-12-23 18:44:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-23 18:40:37 ----D---- C:\WINDOWS\AppPatch
2009-12-23 18:40:34 ----D---- C:\WINDOWS\HELP
2009-12-23 18:40:34 ----D---- C:\Program Files\Internet Explorer
2009-12-23 17:50:59 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-23 17:44:42 ----D---- C:\WINDOWS\system32\config
2009-12-23 17:44:23 ----D---- C:\WINDOWS\MEDIA
2009-12-23 15:24:00 ----D---- C:\Program Files\Outlook Express
2009-12-21 00:22:06 ----D---- C:\WINDOWS\system32\Setup
2009-12-21 00:22:05 ----D---- C:\WINDOWS\system32\wbem
2009-12-21 00:22:02 ----D---- C:\WINDOWS\FONTS
2009-12-21 00:20:48 ----D---- C:\WINDOWS\security
2009-12-20 23:51:45 ----D---- C:\Program Files\Messenger
2009-12-20 23:38:54 ----D---- C:\WINDOWS\ServicePackFiles
2009-12-20 23:38:52 ----D---- C:\Program Files\Windows Media Player
2009-12-20 23:38:28 ----D---- C:\WINDOWS\ime
2009-12-20 23:37:57 ----D---- C:\WINDOWS\system32\usmt
2009-12-20 23:37:49 ----D---- C:\Program Files\MSN
2009-12-20 23:37:48 ----D---- C:\WINDOWS\system32\bits
2009-12-20 23:37:48 ----D---- C:\WINDOWS\peernet
2009-12-20 23:37:47 ----D---- C:\Program Files\Movie Maker
2009-12-20 23:32:25 ----D---- C:\WINDOWS\system32\Restore
2009-12-20 23:32:25 ----D---- C:\WINDOWS\system32\npp
2009-12-20 23:32:22 ----D---- C:\WINDOWS\msagent
2009-12-20 23:32:19 ----D---- C:\WINDOWS\srchasst
2009-12-20 23:32:18 ----D---- C:\Program Files\NetMeeting
2009-12-20 23:32:15 ----D---- C:\WINDOWS\system32\Com
2009-12-20 23:32:11 ----D---- C:\Program Files\Windows NT
2009-12-20 23:32:06 ----D---- C:\Program Files\Common Files\System
2009-12-20 23:31:25 ----D---- C:\WINDOWS\system32\oobe
2009-12-20 23:31:22 ----D---- C:\WINDOWS\SYSTEM
2009-12-20 23:24:02 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-20 23:23:36 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-12-20 23:15:49 ----D---- C:\WINDOWS\ehome
2009-12-20 22:41:41 ----D---- C:\WINDOWS\SoftwareDistribution
2009-12-20 08:20:10 ----D---- C:\Program Files\HP
2009-12-20 08:17:56 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-19 13:47:38 ----D---- C:\Program Files\ArcSoft
2009-12-19 13:46:00 ----A---- C:\WINDOWS\fantasy2.ini
2009-12-19 13:45:59 ----A---- C:\WINDOWS\pstudio.ini
2009-12-19 13:45:59 ----A---- C:\WINDOWS\album.ini
2009-12-19 13:10:23 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-12-19 13:05:26 ----D---- C:\Program Files\Microsoft Office
2009-12-19 12:10:41 ----D---- C:\Program Files\Microsoft ActiveSync
2009-12-19 11:54:48 ----D---- C:\hp
2009-12-19 11:31:09 ----D---- C:\Program Files\Hewlett-Packard
2009-12-19 11:23:57 ----D---- C:\WINDOWS\twain_32
2009-12-19 10:45:36 ----D---- C:\Program Files\Common Files
2009-12-19 00:17:30 ----D---- C:\WINDOWS\Cursors
2009-12-18 22:33:13 ----D---- C:\WINDOWS\provisioning
2009-12-18 06:44:54 ----D---- C:\Program Files\HPSelect
2009-12-18 06:44:53 ----D---- C:\Program Files\Kazaa

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-12-23 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-12-23 28424]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-12-23 360584]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2005-05-10 32256]
R1 fwdrv;Kerio Personal Firewall Driver; C:\WINDOWS\system32\Drivers\fwdrv.sys [2002-04-15 102912]
R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-17 12032]
R3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2001-08-08 158140]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-03-31 625537]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2001-09-16 13716]
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2001-06-04 14112]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2001-09-24 463848]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 usscavqmgexrgp;usscavqmgexrgp; \??\C:\WINDOWS\system32\drivers\aiasjkmatnl.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\System32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 Freedom;FREEDOM Miniport; C:\WINDOWS\System32\DRIVERS\FREEDOM.SYS []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-27 21568]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2001-08-08 12479]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2001-08-08 12031]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2001-08-08 11679]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2001-08-08 11999]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2001-08-08 19359]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2001-08-08 29215]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2001-08-08 19199]
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2001-08-08 33503]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2001-08-08 23519]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2001-09-27 702777]
S3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648]
S3 S3SavageNB;S3SavageNB; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2001-10-12 114816]
S3 sermouse;Serial Mouse Driver; C:\WINDOWS\System32\DRIVERS\sermouse.sys [2001-08-17 17664]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2009-12-23 906520]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-12-23 285392]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2001-09-27 57344]
R2 PersFw;Kerio Personal Firewall; C:\Program Files\Kerio\Personal Firewall\persfw.exe [2003-04-30 389120]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-03-14 69632]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-25 153376]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe []
S4 McDetect.exe;McAfee WSC Integration; c:\program files\mcafee.com\agent\mcdetect.exe []
S4 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe []

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2010-01-04 01:14:34

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Easy Internet Sign-up-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B5DDB2C-0807-47FD-9C11-80EA761902C0}\Setup.exe" -l0x9
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
KBD-->C:\HP\KBD\KBD.EXE uninstalled
Kerio Personal Firewall 2.1.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51C8741C-4A91-42A6-B6A2-CB891F7398A1}\Setup.exe" -removeall
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 1.5 combined Win32 extensions-->C:\PROGRA~1\Python\UNWISE~1.EXE C:\PROGRA~1\Python\W32INST.LOG
Python 1.5.2 (final)-->C:\PROGRA~1\Python\UNWISE.EXE C:\PROGRA~1\Python\INSTALL.LOG
Revo Uninstaller 1.83-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
S3 Gamma-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3 Gamma'
S3 Savage4 Family Display Switch2 Utility-->S3Uninst.exe -reg 5 HKLM\SOFTWARE\S3\S3Uninst\S3Switch2
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
Tcl 8.0.5 for Windows-->C:\PROGRA~1\Tcl\UNWISE.EXE C:\PROGRA~1\Tcl\INSTALL.LOG
Update for Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip Self-Extractor-->"C:\Program Files\WinZip Self-Extractor\setup.exe" /uninstall

=====HijackThis Backups=====

O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart [2009-12-24]
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background [2009-12-24]
O4 - HKUS\.DEFAULT\..\Run: [AntiVirus Plus] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Owner\Application Data\AntiVirus Plus\AntiVirus Plus.70367223.dll", start 70367223 (User 'Default user') [2009-12-24]
O4 - HKUS\S-1-5-18\..\Run: [AntiVirus Plus] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Owner\Application Data\AntiVirus Plus\AntiVirus Plus.70367223.dll", start 70367223 (User 'SYSTEM') [2009-12-24]
O21 - SSODL: kawokozub - {f6e35b9e-702d-433a-bd54-cc2120e2a118} - c:\windows\system32\yuzepijo.dll (file missing) [2009-12-24]
O21 - SSODL: pivatezeh - {a2731c41-3ba2-4821-8d9f-fc8351fb8ef9} - c:\windows\system32\yuzepijo.dll (file missing) [2009-12-24]
O22 - SharedTaskScheduler: tokatiluy - {f6e35b9e-702d-433a-bd54-cc2120e2a118} - c:\windows\system32\yuzepijo.dll (file missing) [2009-12-24]
O21 - SSODL: kisugevek - {7efb1e66-a1a2-4a30-bc02-0127ee6295e9} - c:\windows\system32\yuzepijo.dll (file missing) [2009-12-24]
O22 - SharedTaskScheduler: gahurihor - {7efb1e66-a1a2-4a30-bc02-0127ee6295e9} - c:\windows\system32\yuzepijo.dll (file missing) [2009-12-24]
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing) [2009-12-24]
O22 - SharedTaskScheduler: gahurihor - {a2731c41-3ba2-4821-8d9f-fc8351fb8ef9} - c:\windows\system32\yuzepijo.dll (file missing) [2009-12-24]

======Hosts File======

127.0.0.1 http://www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 http://www.008k.com
127.0.0.1 008k.com
127.0.0.1 http://www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 http://www.032439.com
127.0.0.1 032439.com

======System event log======

Computer Name: YOUR-W92P4BHLZG
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 70063
Source Name: Service Control Manager
Time Written: 20091220212656.000000-300
Event Type: error
User:

Computer Name: YOUR-W92P4BHLZG
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 70060
Source Name: Service Control Manager
Time Written: 20091220212656.000000-300
Event Type: error
User:

Computer Name: YOUR-W92P4BHLZG
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 70057
Source Name: Service Control Manager
Time Written: 20091220212656.000000-300
Event Type: error
User:

Computer Name: YOUR-W92P4BHLZG
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 70054
Source Name: Service Control Manager
Time Written: 20091220212655.000000-300
Event Type: error
User:

Computer Name: YOUR-W92P4BHLZG
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 70051
Source Name: Service Control Manager
Time Written: 20091220212655.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: YOUR-W92P4BHLZG
Event Code: 1000
Message: Faulting application svchost.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Record Number: 6305
Source Name: Application Error
Time Written: 20091119104403.000000-300
Event Type: error
User:

Computer Name: YOUR-W92P4BHLZG
Event Code: 1004
Message: Faulting application svchost.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Record Number: 6303
Source Name: Application Error
Time Written: 20091119104321.000000-300
Event Type: error
User:

Computer Name: YOUR-W92P4BHLZG
Event Code: 1000
Message: Faulting application svchost.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Record Number: 6302
Source Name: Application Error
Time Written: 20091119104005.000000-300
Event Type: error
User:

Computer Name: YOUR-W92P4BHLZG
Event Code: 1004
Message: Faulting application svchost.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Record Number: 6301
Source Name: Application Error
Time Written: 20091119103955.000000-300
Event Type: error
User:

Computer Name: YOUR-W92P4BHLZG
Event Code: 1000
Message: Faulting application svchost.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Record Number: 6299
Source Name: Application Error
Time Written: 20091119103609.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program files\PC-Doctor for Windows XP\WINDSAPI
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 11 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0b01
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-04 07:19:58
Windows 5.1.2600 Service Pack 3
Running: 0bpxryu4.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kweyrpoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\Drivers\fwdrv.sys ZwClose [0xF404CD1E] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\Drivers\fwdrv.sys ZwCreateFile [0xF404C62B] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\Drivers\fwdrv.sys ZwCreateProcess [0xF404CC92] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\Drivers\fwdrv.sys ZwCreateProcessEx [0xF404CC17] <-- ROOTKIT !!!
SSDT \SystemRoot\system32\Drivers\fwdrv.sys ZwCreateSection [0xF404C713] <-- ROOTKIT !!!

---- Kernel code sections - GMER 1.0.15 ----

PAGENDSM NDIS.sys!NdisMIndicateStatus F85B89EF 6 Bytes JMP F404A6D8 \SystemRoot\system32\Drivers\fwdrv.sys

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F404A520] \SystemRoot\system32\Drivers\fwdrv.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F404A53B] \SystemRoot\system32\Drivers\fwdrv.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F404A5CB] \SystemRoot\system32\Drivers\fwdrv.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F404A5EE] \SystemRoot\system32\Drivers\fwdrv.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F404A5CB] \SystemRoot\system32\Drivers\fwdrv.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F404A53B] \SystemRoot\system32\Drivers\fwdrv.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F404A520] \SystemRoot\system32\Drivers\fwdrv.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F404A5CB] \SystemRoot\system32\Drivers\fwdrv.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F404A5EE] \SystemRoot\system32\Drivers\fwdrv.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F404A520] \SystemRoot\system32\Drivers\fwdrv.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F404A53B] \SystemRoot\system32\Drivers\fwdrv.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (NT Kernel & System/Microsoft Corporation)

Device \FileSystem\Fastfat \Fat F2DA7D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service system32\drivers\hjgruihqoejwfo.sys (*** hidden *** ) [DISABLED] hjgruixilrdibf <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruixilrdibf@start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruixilrdibf@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruixilrdibf@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruixilrdibf@imagepath \systemroot\system32\drivers\hjgruihqoejwfo.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruixilrdibf\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruixilrdibf\main@aid 10234
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruixilrdibf\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruixilrdibf\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruixilrdibf\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruixilrdibf\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruixilrdibf\main\injector@* hjgruiwsp8.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruixilrdibf\main\injector@svchost.exe
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruixilrdibf\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruixilrdibf\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruixilrdibf\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruihqoejwfo.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruixilrdibf\modules@hjgruicmd.dll \systemroot\system32\hjgruiawwqibab.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruixilrdibf\modules@hjgruilog.dat \systemroot\system32\hjgruiwulkrjcf.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruixilrdibf\modules@hjgruiwsp.dll \systemroot\system32\hjgruiuxoqylpv.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruixilrdibf\modules@hjgrui.dat \systemroot\system32\hjgruixsmbitus.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruixilrdibf\modules@hjgruiwsp8.dll \systemroot\system32\hjgruirprracxi.dll
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruixilrdibf@start 4
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruixilrdibf@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruixilrdibf@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruixilrdibf@imagepath \systemroot\system32\drivers\hjgruihqoejwfo.sys
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruixilrdibf\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruixilrdibf\main@aid 10234
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruixilrdibf\main@sid 0
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruixilrdibf\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruixilrdibf\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruixilrdibf\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruixilrdibf\main\injector@* hjgruiwsp8.dll
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruixilrdibf\main\injector@svchost.exe
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruixilrdibf\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruixilrdibf\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruixilrdibf\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruihqoejwfo.sys
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruixilrdibf\modules@hjgruicmd.dll \systemroot\system32\hjgruiawwqibab.dll
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruixilrdibf\modules@hjgruilog.dat \systemroot\system32\hjgruiwulkrjcf.dat
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruixilrdibf\modules@hjgruiwsp.dll \systemroot\system32\hjgruiuxoqylpv.dll
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruixilrdibf\modules@hjgrui.dat \systemroot\system32\hjgruixsmbitus.dat
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruixilrdibf\modules@hjgruiwsp8.dll \systemroot\system32\hjgruirprracxi.dll
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruixilrdibf@start 4
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruixilrdibf@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruixilrdibf@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruixilrdibf@imagepath \systemroot\system32\drivers\hjgruihqoejwfo.sys
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruixilrdibf\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruixilrdibf\main@aid 10234
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruixilrdibf\main@sid 0
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruixilrdibf\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruixilrdibf\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruixilrdibf\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruixilrdibf\main\injector@* hjgruiwsp8.dll
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruixilrdibf\main\injector@svchost.exe
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruixilrdibf\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruixilrdibf\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruixilrdibf\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruihqoejwfo.sys
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruixilrdibf\modules@hjgruicmd.dll \systemroot\system32\hjgruiawwqibab.dll
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruixilrdibf\modules@hjgruilog.dat \systemroot\system32\hjgruiwulkrjcf.dat
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruixilrdibf\modules@hjgruiwsp.dll \systemroot\system32\hjgruiuxoqylpv.dll
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruixilrdibf\modules@hjgrui.dat \systemroot\system32\hjgruixsmbitus.dat
Reg HKLM\SYSTEM\ControlSet003\Services\hjgruixilrdibf\modules@hjgruiwsp8.dll \systemroot\system32\hjgruirprracxi.dll

---- EOF - GMER 1.0.15 ----
ejames82
Regular Member
 
Posts: 54
Joined: December 2nd, 2007, 4:34 pm
Location: syracuse, new york

Re: kids were allowed to have "fun" with this computer

Unread postby xixo_12 » January 5th, 2010, 8:43 am

Hi

First,
Remove programs.
Please Click on Start > Control Panel > Add/Remove Programs
Remove the listed program(s) by clicking Remove
Kerio Personal Firewall 2.1.5 <<You can reinstall after the system is clean

If some programs listed above are not in present, please do not panic and proceed to the next step.

Next,
ComboFix
Download ComboFix from below link. (DO NOT download ComboFix from anywhere else but with the link provided)
Save as Combo-Fix.exe <<Please have a look on file name. You have to change.
Link

**IMPORTANT !!! Save Combo-Fix.exe to your Desktop**

  • Disable your AntiVirus/AntiSpyware/Firewall applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
  • Double click on Combo-Fix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Next,
Checklist.
Please post.
  • Content of ComboFix.txt
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: kids were allowed to have "fun" with this computer

Unread postby ejames82 » January 5th, 2010, 12:03 pm

xixo_12,

i did this:
1. uninstalled kerio 2.1.5 personal firewall
2. disabled avg resident shield
3. ran combofix

thank you.

ComboFix 10-01-04.01 - Owner 01/05/2010 10:22:17.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.131 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1270689400-247674877-3292285946-1003
c:\recycler\S-1-5-21-1409082233-2111687655-1801674531-1003
c:\recycler\S-1-5-21-1426590395-101265881-3091382528-1003
c:\recycler\S-1-5-21-1426590395-101265881-3091382528-500
c:\windows\Readme.txt
c:\windows\system\oeminfo.ini
c:\windows\system32\hjgruiwulkrjcf.dat
c:\windows\system32\hjgruixsmbitus.dat
c:\windows\system32\ps2.bat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_hjgruixilrdibf
-------\Service_hjgruixilrdibf


((((((((((((((((((((((((( Files Created from 2009-12-05 to 2010-01-05 )))))))))))))))))))))))))))))))
.

2010-01-04 06:13 . 2010-01-04 06:14 -------- d-----w- C:\rsit
2009-12-30 14:59 . 2009-12-30 14:59 -------- d-----w- c:\program files\CCleaner
2009-12-25 21:13 . 2009-12-28 13:04 -------- d-----w- c:\program files\Panda Security
2009-12-25 16:36 . 2009-12-25 16:36 -------- d-----w- c:\windows\McAfee.com
2009-12-25 13:30 . 2009-12-25 13:28 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-25 13:27 . 2009-12-25 13:27 -------- d-----w- c:\program files\Java
2009-12-25 04:24 . 2009-12-25 04:24 -------- d-----w- c:\program files\ERUNT
2009-12-25 04:18 . 2009-12-25 04:18 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2009-12-25 04:05 . 2009-12-25 04:05 -------- d-----w- c:\program files\Trend Micro
2009-12-24 05:06 . 2009-12-24 05:06 -------- d-sh--w- c:\documents and settings\Administrator.YOUR-W92P4BHLZG\IETldCache
2009-12-24 04:24 . 2009-12-24 04:24 -------- d-----w- C:\$AVG
2009-12-24 04:23 . 2009-12-24 04:23 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-24 04:23 . 2009-12-24 04:23 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-24 04:23 . 2009-12-24 04:23 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-24 04:23 . 2009-12-24 04:23 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-24 04:23 . 2010-01-05 14:53 -------- d-----w- c:\windows\system32\drivers\Avg
2009-12-24 04:22 . 2009-12-24 04:22 -------- d-----w- c:\program files\AVG
2009-12-24 04:22 . 2009-12-24 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-24 04:10 . 2009-12-24 04:10 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-12-24 04:05 . 2009-12-24 04:05 -------- d-----w- c:\program files\Kerio
2009-12-23 23:42 . 2009-12-23 23:42 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-12-23 22:46 . 2009-10-29 07:45 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-12-23 22:46 . 2009-10-29 07:45 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-23 22:46 . 2009-10-29 07:45 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-23 22:46 . 2009-10-29 07:45 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-23 22:46 . 2009-10-29 07:45 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-12-23 22:46 . 2009-10-29 07:45 11069952 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-12-23 22:45 . 2009-12-23 22:46 -------- d-----w- c:\windows\ie8updates
2009-12-23 22:45 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-12-23 22:43 . 2009-12-23 22:45 -------- dc-h--w- c:\windows\ie8
2009-12-23 20:17 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2009-12-23 19:53 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-12-23 19:52 . 2009-09-25 05:37 81920 ------w- c:\windows\system32\ieencode.dll
2009-12-23 19:52 . 2009-09-25 05:37 81920 ------w- c:\windows\system32\dllcache\ieencode.dll
2009-12-23 19:51 . 2009-06-10 14:13 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2009-12-23 19:51 . 2009-06-12 12:31 76288 ------w- c:\windows\system32\dllcache\telnet.exe
2009-12-23 19:50 . 2009-10-13 10:30 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2009-12-23 19:50 . 2009-06-10 06:14 132096 ------w- c:\windows\system32\dllcache\wkssvc.dll
2009-12-23 19:50 . 2009-09-04 21:03 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-12-23 19:49 . 2009-07-17 19:01 58880 ------w- c:\windows\system32\dllcache\atl.dll
2009-12-23 19:49 . 2009-07-17 16:22 1435648 ------w- c:\windows\system32\dllcache\query.dll
2009-12-23 19:48 . 2009-07-29 04:37 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2009-12-23 19:48 . 2009-07-29 04:37 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2009-12-23 19:48 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-12-23 19:46 . 2009-10-12 13:38 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2009-12-23 19:46 . 2009-10-12 13:38 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2009-12-22 01:42 . 2009-06-22 06:44 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2009-12-22 01:42 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-12-22 01:41 . 2009-09-11 14:18 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-12-22 01:41 . 2009-06-25 08:25 54272 ------w- c:\windows\system32\dllcache\wdigest.dll
2009-12-22 01:41 . 2009-06-25 08:25 301568 ------w- c:\windows\system32\dllcache\kerberos.dll
2009-12-22 01:41 . 2009-06-24 11:18 92928 ------w- c:\windows\system32\dllcache\ksecdd.sys
2009-12-21 13:18 . 2009-12-21 13:35 -------- d-----w- c:\documents and settings\Owner\Application Data\ImgBurn
2009-12-21 13:15 . 2009-12-21 13:15 -------- d-----w- c:\program files\ImgBurn
2009-12-21 04:37 . 2009-12-21 04:37 -------- d-----w- c:\windows\system32\scripting
2009-12-21 04:37 . 2009-12-21 04:37 -------- d-----w- c:\windows\l2schemas
2009-12-21 04:37 . 2009-12-21 04:37 -------- d-----w- c:\windows\system32\en
2009-12-21 03:37 . 2000-07-21 15:40 2048 ------w- C:\w2ksect.bin
2009-12-21 03:07 . 2009-12-21 12:58 -------- d-----w- C:\XPSETUP
2009-12-20 13:27 . 2009-12-20 16:27 -------- d-----w- c:\windows\BDOSCAN8
2009-12-19 19:23 . 2001-08-18 03:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-12-19 19:23 . 2001-08-18 03:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-12-19 19:23 . 2001-08-18 03:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-12-19 19:23 . 2001-08-18 03:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2009-12-19 19:23 . 2001-08-17 17:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-12-19 19:22 . 2002-08-29 06:59 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2009-12-19 19:22 . 2001-08-17 17:12 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2009-12-19 19:22 . 2001-08-17 18:28 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2009-12-19 19:22 . 2001-08-18 03:36 53760 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll
2009-12-19 19:22 . 2001-08-18 03:36 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2009-12-19 19:22 . 2001-08-17 18:28 701386 ----a-w- c:\windows\system32\dllcache\wdhaalba.sys
2009-12-19 19:22 . 2001-08-17 17:10 35871 ----a-w- c:\windows\system32\dllcache\wbfirdma.sys
2009-12-19 19:20 . 2001-08-17 19:02 230912 ----a-w- c:\windows\system32\dllcache\tosdvd03.sys
2009-12-19 19:19 . 2001-08-17 17:51 37040 ----a-w- c:\windows\system32\dllcache\sonypi.sys
2009-12-19 19:18 . 2001-08-18 03:36 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll
2009-12-19 19:16 . 2001-08-17 18:51 19584 ----a-w- c:\windows\system32\dllcache\rasirda.sys
2009-12-19 19:15 . 2001-08-17 18:53 7168 ----a-w- c:\windows\system32\dllcache\pnrmc.sys
2009-12-19 19:14 . 2001-08-17 17:49 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
2009-12-19 19:14 . 2001-08-17 18:53 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2009-12-19 19:14 . 2001-08-17 18:47 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2009-12-19 19:14 . 2001-08-17 17:20 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
2009-12-19 19:14 . 2001-08-17 17:20 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2009-12-19 19:14 . 2001-08-17 17:12 32840 ----a-w- c:\windows\system32\dllcache\ngrpci.sys
2009-12-19 19:14 . 2002-08-29 06:59 132695 ----a-w- c:\windows\system32\dllcache\netwlan5.sys
2009-12-19 19:12 . 2001-08-17 18:52 17280 ----a-w- c:\windows\system32\dllcache\mraid35x.sys
2009-12-19 19:11 . 2001-08-17 18:28 797500 ----a-w- c:\windows\system32\dllcache\ltsmt.sys
2009-12-19 19:10 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-12-19 19:09 . 2008-04-14 00:09 13463552 ----a-w- c:\windows\system32\dllcache\hwxjpn.dll
2009-12-19 19:08 . 2001-08-17 17:49 322432 ----a-w- c:\windows\system32\dllcache\g400m.sys
2009-12-19 19:07 . 2001-08-17 17:19 63360 ----a-w- c:\windows\system32\dllcache\ess.sys
2009-12-19 19:06 . 2001-08-18 03:36 41046 ----a-w- c:\windows\system32\dllcache\digiisdn.dll
2009-12-19 19:05 . 2001-08-17 18:57 45696 ----a-w- c:\windows\system32\dllcache\cirrus.sys
2009-12-19 19:04 . 2001-08-17 18:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2009-12-19 19:03 . 2001-08-17 17:12 97354 ----a-w- c:\windows\system32\dllcache\aspndis3.sys
2009-12-19 18:59 . 2001-08-17 19:07 101888 ----a-w- c:\windows\system32\dllcache\adpu160m.sys
2009-12-19 18:58 . 2001-08-17 19:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-12-19 15:36 . 2009-12-19 15:36 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\VS Revo Group
2009-12-19 15:35 . 2009-12-30 15:03 -------- d-----w- c:\program files\VS Revo Group
2009-12-19 05:28 . 2009-12-20 13:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-19 05:21 . 2009-12-19 05:21 -------- d-----w- c:\documents and settings\Owner\DoctorWeb
2009-12-19 02:09 . 2009-12-19 02:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-12-19 00:59 . 2009-12-19 00:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-18 18:54 . 2010-01-04 06:02 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-12-18 18:54 . 2010-01-04 06:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-18 17:24 . 2009-12-18 17:24 -------- d-----w- c:\documents and settings\Administrator.YOUR-W92P4BHLZG\Local Settings\Application Data\Mozilla
2009-12-18 11:50 . 2010-01-04 06:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-18 11:50 . 2009-12-18 11:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-18 01:58 . 2010-01-04 05:52 -------- d-----w- c:\program files\a-squared Free

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 14:55 . 2002-03-18 18:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-04 06:05 . 2003-12-19 22:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-04 05:55 . 2003-12-19 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-26 13:14 . 2002-11-03 14:21 41168 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-25 13:18 . 2003-12-19 22:44 -------- d-----w- c:\program files\Lavasoft
2009-12-20 13:20 . 2008-04-29 18:45 -------- d-----w- c:\program files\HP
2009-12-19 18:47 . 2002-03-18 18:50 -------- d-----w- c:\program files\ArcSoft
2009-12-19 17:10 . 2003-02-07 22:25 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-12-19 16:31 . 2002-03-18 18:53 -------- d-----w- c:\program files\Hewlett-Packard
2009-12-18 11:44 . 2002-03-18 18:53 -------- d-----w- c:\program files\HPSelect
2009-12-18 11:44 . 2003-05-20 19:58 -------- d-----w- c:\program files\Kazaa
2009-10-29 07:45 . 2004-01-08 19:23 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2001-08-18 05:36 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2001-08-18 05:36 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2001-08-18 05:36 79872 ----a-w- c:\windows\system32\raschap.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"S3TRAY2"="S3tray2.exe" [2001-10-04 69632]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2001-06-15 212992]
"PS2"="c:\windows\system32\ps2.exe" [2001-07-03 81920]
"KBD"="c:\hp\KBD\KBD.EXE" [2001-07-06 61440]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2001-08-08 143360]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2001-08-08 90112]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-02 2033432]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-25 149280]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-24 04:23 12464 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AntiVirus Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk
backup=c:\windows\pss\AntiVirus Plus.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk
backup=c:\windows\pss\Verizon Online Support Center.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^AntiVirus Plus.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\AntiVirus Plus.lnk
backup=c:\windows\pss\AntiVirus Plus.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^EZNet Startup.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\EZNet Startup.lnk
backup=c:\windows\pss\EZNet Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-08-06 20:03 155648 ----a-w- c:\windows\SYSTEM32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-08-02 14:09 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"a2free"=2 (0x2)
"McTskshd.exe"=2 (0x2)
"McDetect.exe"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\drivers\avgldx86.sys [12/23/2009 11:23 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\SYSTEM32\drivers\avgtdix.sys [12/23/2009 11:23 PM 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [12/23/2009 11:22 PM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/23/2009 11:22 PM 285392]
S2 usscavqmgexrgp;usscavqmgexrgp;\??\c:\windows\system32\drivers\aiasjkmatnl.sys --> c:\windows\system32\drivers\aiasjkmatnl.sys [?]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2005-08-31 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2001-08-18 00:12]

2005-08-31 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2001-08-18 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://srch-us4.hpwis.com/
mSearch Bar = hxxp://srch-us4.hpwis.com/
uInternet Settings,ProxyOverride = 127.0.0.1;localhost
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\v3lhl8dy.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-msci - c:\program files\mcafee.com\shared\mcinfo.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-05 10:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3436)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\System32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-05 10:42:19 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-05 15:42

Pre-Run: 19,557,617,664 bytes free
Post-Run: 19,752,161,280 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows Whistler Personal" /fastdetect /NoExecute=OptIn

- - End Of File - - 9A286C28116FA941D449CAA0849465DA
ejames82
Regular Member
 
Posts: 54
Joined: December 2nd, 2007, 4:34 pm
Location: syracuse, new york

Re: kids were allowed to have "fun" with this computer

Unread postby xixo_12 » January 6th, 2010, 8:46 pm

Hi,
Let's proceed

First,
CFScript
  • Close any open browsers.
  • Open notepad and copy/paste the text in the code box below into it:
    Code: Select all
    Driver::
    usscavqmgexrgp
    File::
    c:\documents and settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk
    c:\windows\pss\AntiVirus Plus.lnkCommon Startup
    c:\documents and settings\Owner\Start Menu\Programs\Startup\AntiVirus Plus.lnk
    c:\windows\pss\AntiVirus Plus.lnkStartup
    c:\documents and settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    c:\windows\pss\LimeWire On Startup.lnkStartup
    c:\windows\system32\drivers\aiasjkmatnl.sys
    Folder::
    c:\program files\Kazaa
    C:\Documents and Settings\Owner\Application Data\AntiVirus Plus
    C:\DOCUME~1\Owner\MYDOCU~1\MYMUSI~1\LimeWire
    C:\Program Files\LimeWire
    Registry::
    [-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AntiVirus Plus.lnk]
    [-HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^AntiVirus Plus.lnk]
    [-HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"=dword:00000001
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\LimeWire\LimeWire.exe"=-
  • Save this as CFScript.txt, in the same location as ComboFix.exe
  • Disable your AntiVirus/AntiSpyware/Firewall applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. A guide to do this can be found here
    Image
  • Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Next,
Reboot into usual account.

Next,
Analyze file(s).
Please visit Jotti.
Click on browse > copy below link (one by one) and paste on the File name box > Click Open:
C:\WINDOWS\tasks\ (YOUR-W92P4BHLZG-Owner).job
c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

  • Press Submit file - this will submit the file for testing.
  • Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
Example of web address :
Image

Next,
RSIT.
  • Copy the code as below by highlight > right click > copy:
    Code: Select all
    "%userprofile%\desktop\rsit.exe" /info
  • Click on start > Run....
  • Paste the code into the box and click OK.
  • Click on Continue at the disclaimer screen.
  • Once it finishes, two logs will open.
    • log.txt will be opened maximized
    • info.txt will be opened minimized
  • Please post the contents of both logs in your next post.
***You can find manually the log at C:\rsit

Next,
Checklist.
Please post.
  • Content of ComboFix.txt
  • Links to the Web address (upload files).
  • Content of log.txt and info.txt (Find both in c:\rsit)
  • How is your system behave now? Good?
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: kids were allowed to have "fun" with this computer

Unread postby ejames82 » January 7th, 2010, 2:25 am

xixo_12,

i had a mishap while running combofix. while it was running avg started a scheduled scan. i am almost certain i had scheduled scanning disabled. i hate scheduled scanning. i feel awful.
i used the ERDNT.exe restore point that was just created before combofix started. it appears that no harm was done. i continued with your instructions right from the beginning (january 6 post).

i have for you:

1. combofix log
2. status of jotti scans
3. rsit logs

the computer is slow for typing at times.

thank you.


ComboFix 10-01-04.01 - Owner 01/07/2010 0:06.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.227 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\documents and settings\All Users\Start Menu\Programs\Startup\AntiVirus Plus.lnk"
"c:\documents and settings\Owner\Start Menu\Programs\Startup\AntiVirus Plus.lnk"
"c:\documents and settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk"
"c:\windows\pss\AntiVirus Plus.lnkCommon Startup"
"c:\windows\pss\AntiVirus Plus.lnkStartup"
"c:\windows\pss\LimeWire On Startup.lnkStartup"
"c:\windows\system32\drivers\aiasjkmatnl.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Kazaa
c:\program files\Kazaa\bdcore.dll
c:\program files\Kazaa\bdupd.dll
c:\program files\Kazaa\broadband.gif
c:\program files\Kazaa\Db\bb.db
c:\program files\Kazaa\Db\data256.dbb
c:\program files\Kazaa\Db\np.tmp
c:\program files\Kazaa\Help\arrow.gif
c:\program files\Kazaa\Help\arrow_sml.gif
c:\program files\Kazaa\Help\background.gif
c:\program files\Kazaa\Help\h_mykazaa.gif
c:\program files\Kazaa\Help\h_myMedia.gif
c:\program files\Kazaa\Help\h_myplaylists.gif
c:\program files\Kazaa\Help\mykazaa.css
c:\program files\Kazaa\Help\mykazaa.htm
c:\program files\Kazaa\Help\mymedia.htm
c:\program files\Kazaa\Help\myplaylists.htm
c:\program files\Kazaa\Help\spacer.gif
c:\program files\Kazaa\kazaa.exe
c:\program files\Kazaa\Kazaa.url
c:\program files\Kazaa\libfn.dll
c:\program files\Kazaa\linksfolder.ico
c:\program files\Kazaa\My Shared Folder\Alternative Rock.kpl
c:\program files\Kazaa\My Shared Folder\Electronica.kpl
c:\program files\Kazaa\My Shared Folder\Folk.kpl
c:\program files\Kazaa\My Shared Folder\Funk.kpl
c:\program files\Kazaa\My Shared Folder\Hip-Hop.kpl
c:\program files\Kazaa\My Shared Folder\Jazz.kpl
c:\program files\Kazaa\My Shared Folder\Pop Rock.kpl
c:\program files\Kazaa\My Shared Folder\R&B.kpl
c:\program files\Kazaa\My Shared Folder\Reggae.kpl
c:\program files\Kazaa\My Shared Folder\World Beat.kpl
c:\program files\Kazaa\Promotions\Earn Money.url
c:\program files\Kazaa\Promotions\Get Access with Tiscali.url
c:\program files\Kazaa\Promotions\Love and Dating.url
c:\program files\Kazaa\Promotions\Netflix.url
c:\program files\Kazaa\Promotions\readme.lnk
c:\program files\Kazaa\Search\kazaa.css
c:\program files\Kazaa\Search\KazaaAd.htm
c:\program files\Kazaa\Search\spacer.gif
c:\program files\Kazaa\Search\WebSearch.htm
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_mykazaa.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_mykazaa_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_mykazaa_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_mykazaa_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_search.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_search_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_search_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_search_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_shop.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_shop_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_shop_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_shop_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_start.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_start_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_start_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_start_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_tell.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_tell_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_tell_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_tell_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_theatre.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_theatre_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_theatre_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_theatre_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_traffic.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_traffic_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_traffic_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mainbar_traffic_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_addtoplay.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_addtoplay_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_addtoplay_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_addtoplay_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_next.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_next_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_next_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_next_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_pause.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_pause_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_pause_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_pause_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_play.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_play_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_play_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_play_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_prev.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_prev_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_prev_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_prev_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_slider.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_sliderThumb.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_sliderThumb_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_stop.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_stop_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_stop_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_stop_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_volume.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_volume_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_volume_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mediabar_volume_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_delete.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_delete_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_delete_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_delete_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_folders.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_folders_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_folders_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_folders_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_importfold.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_importfold_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_importfold_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_importfold_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_moreinfo.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_moreinfo_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_moreinfo_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_moreinfo_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_share.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_share_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_share_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\mykazaabar_share_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_download.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_download_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_download_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_download_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_messageuser.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_messageuser_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_messageuser_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_messageuser_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_newsearch.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_newsearch_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_newsearch_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_newsearch_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_searchuser.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_searchuser_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_searchuser_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_searchuser_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_showsearch.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_showsearch_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_showsearch_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\searchbar_showsearch_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\skin.xml
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_back.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_back_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_back_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_back_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_fwd.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_fwd_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_fwd_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_fwd_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_home.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_home_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_home_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_home_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_refresh.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_refresh_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_refresh_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_refresh_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_stop.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_stop_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_stop_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\startbar_stop_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\theatrebar_fullscreen.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\theatrebar_fullscreen_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\theatrebar_fullscreen_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\theatrebar_fullscreen_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\trafficbar_cancel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\trafficbar_cancel_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\trafficbar_cancel_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\trafficbar_cancel_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\trafficbar_pause.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\trafficbar_pause_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\trafficbar_pause_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\trafficbar_pause_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\trafficbar_resume.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\trafficbar_resume_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\trafficbar_resume_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\trafficbar_resume_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\window_btm.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\window_btmLeft.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\window_btmright.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\window_left.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\window_right.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\window_top.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\window_topleft.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\window_topright.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_close.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_close_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_close_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_close_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_maximise.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_maximise_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_maximise_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_maximise_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_minimise.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_minimise_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_minimise_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_minimise_sel.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_restore.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_restore_dis.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_restore_over.bmp
c:\program files\Kazaa\Skins\Love & Romance - by AmericanSingles.com\windowbar_restore_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_mykazaa.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_mykazaa_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_mykazaa_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_mykazaa_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_search.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_search_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_search_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_search_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_shop.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_shop_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_shop_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_shop_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_start.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_start_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_start_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_start_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_theatre.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_theatre_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_theatre_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_theatre_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_traffic.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_traffic_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_traffic_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mainbar_traffic_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_addtoplay.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_addtoplay_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_addtoplay_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_addtoplay_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_next.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_next_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_next_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_next_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_pause.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_pause_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_pause_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_pause_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_play.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_play_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_play_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_play_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_prev.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_prev_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_prev_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_prev_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_slider.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_sliderThumb.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_sliderThumb_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_stop.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_stop_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_stop_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_stop_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_tell.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_tell_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_tell_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_tell_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_volume.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_volume_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_volume_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mediabar_volume_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_delete.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_delete_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_delete_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_delete_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_folders.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_folders_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_folders_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_folders_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_importfold.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_importfold_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_importfold_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_importfold_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_moreinfo.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_moreinfo_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_moreinfo_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_moreinfo_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_share.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_share_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_share_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\mykazaabar_share_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_closetabs.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_closetabs_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_closetabs_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_closetabs_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_download.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_download_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_download_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_download_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_messageuser.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_messageuser_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_messageuser_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_messageuser_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_newsearch.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_newsearch_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_newsearch_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_newsearch_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_searchuser.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_searchuser_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_searchuser_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_searchuser_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_showsearch.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_showsearch_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_showsearch_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\searchbar_showsearch_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\skin.xml
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_back.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_back_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_back_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_back_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_fwd.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_fwd_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_fwd_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_fwd_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_home.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_home_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_home_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_home_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_refresh.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_refresh_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_refresh_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_refresh_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_stop.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_stop_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_stop_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\startbar_stop_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\theatrebar_fullscreen.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\theatrebar_fullscreen_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\theatrebar_fullscreen_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\theatrebar_fullscreen_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\trafficbar_cancel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\trafficbar_cancel_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\trafficbar_cancel_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\trafficbar_cancel_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\trafficbar_pause.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\trafficbar_pause_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\trafficbar_pause_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\trafficbar_pause_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\trafficbar_resume.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\trafficbar_resume_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\trafficbar_resume_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\trafficbar_resume_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\vssver.scc
c:\program files\Kazaa\Skins\Toasted Sherbert\window_btm.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\window_btmLeft.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\window_btmright.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\window_left.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\window_right.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\window_top.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\window_topleft.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\window_topright.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_close.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_close_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_close_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_close_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_maximise.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_maximise_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_maximise_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_maximise_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_minimise.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_minimise_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_minimise_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_minimise_sel.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_restore.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_restore_dis.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_restore_over.bmp
c:\program files\Kazaa\Skins\Toasted Sherbert\windowbar_restore_sel.bmp
c:\windows\pss\AntiVirus Plus.lnkCommon Startup
c:\windows\pss\AntiVirus Plus.lnkStartup
c:\windows\pss\LimeWire On Startup.lnkStartup

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_USSCAVQMGEXRGP
-------\Service_usscavqmgexrgp


((((((((((((((((((((((((( Files Created from 2009-12-07 to 2010-01-07 )))))))))))))))))))))))))))))))
.

2010-01-04 06:13 . 2010-01-04 06:14 -------- d-----w- C:\rsit
2009-12-30 14:59 . 2009-12-30 14:59 -------- d-----w- c:\program files\CCleaner
2009-12-25 21:13 . 2009-12-28 13:04 -------- d-----w- c:\program files\Panda Security
2009-12-25 16:36 . 2009-12-25 16:36 -------- d-----w- c:\windows\McAfee.com
2009-12-25 13:30 . 2009-12-25 13:28 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-25 13:27 . 2009-12-25 13:27 -------- d-----w- c:\program files\Java
2009-12-25 04:24 . 2009-12-25 04:24 -------- d-----w- c:\program files\ERUNT
2009-12-25 04:18 . 2009-12-25 04:18 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2009-12-25 04:05 . 2009-12-25 04:05 -------- d-----w- c:\program files\Trend Micro
2009-12-24 05:06 . 2009-12-24 05:06 -------- d-sh--w- c:\documents and settings\Administrator.YOUR-W92P4BHLZG\IETldCache
2009-12-24 04:24 . 2009-12-24 04:24 -------- d-----w- C:\$AVG
2009-12-24 04:23 . 2009-12-24 04:23 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-24 04:23 . 2009-12-24 04:23 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-24 04:23 . 2009-12-24 04:23 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-24 04:23 . 2009-12-24 04:23 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-24 04:23 . 2010-01-07 04:28 -------- d-----w- c:\windows\system32\drivers\Avg
2009-12-24 04:22 . 2009-12-24 04:22 -------- d-----w- c:\program files\AVG
2009-12-24 04:22 . 2009-12-24 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-24 04:10 . 2009-12-24 04:10 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-12-24 04:05 . 2009-12-24 04:05 -------- d-----w- c:\program files\Kerio
2009-12-23 23:42 . 2009-12-23 23:42 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-12-23 22:46 . 2009-10-29 07:45 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-12-23 22:46 . 2009-10-29 07:45 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-23 22:46 . 2009-10-29 07:45 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-23 22:46 . 2009-10-29 07:45 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-23 22:46 . 2009-10-29 07:45 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-12-23 22:46 . 2009-10-29 07:45 11069952 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-12-23 22:45 . 2009-12-23 22:46 -------- d-----w- c:\windows\ie8updates
2009-12-23 22:45 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-12-23 22:43 . 2009-12-23 22:45 -------- dc-h--w- c:\windows\ie8
2009-12-23 20:17 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2009-12-23 19:53 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-12-23 19:52 . 2009-09-25 05:37 81920 ------w- c:\windows\system32\ieencode.dll
2009-12-23 19:52 . 2009-09-25 05:37 81920 ------w- c:\windows\system32\dllcache\ieencode.dll
2009-12-23 19:51 . 2009-06-10 14:13 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2009-12-23 19:51 . 2009-06-12 12:31 76288 ------w- c:\windows\system32\dllcache\telnet.exe
2009-12-23 19:50 . 2009-10-13 10:30 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2009-12-23 19:50 . 2009-06-10 06:14 132096 ------w- c:\windows\system32\dllcache\wkssvc.dll
2009-12-23 19:50 . 2009-09-04 21:03 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-12-23 19:49 . 2009-07-17 19:01 58880 ------w- c:\windows\system32\dllcache\atl.dll
2009-12-23 19:49 . 2009-07-17 16:22 1435648 ------w- c:\windows\system32\dllcache\query.dll
2009-12-23 19:48 . 2009-07-29 04:37 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
2009-12-23 19:48 . 2009-07-29 04:37 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2009-12-23 19:48 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-12-23 19:46 . 2009-10-12 13:38 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2009-12-23 19:46 . 2009-10-12 13:38 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2009-12-22 01:42 . 2009-06-22 06:44 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2009-12-22 01:42 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-12-22 01:41 . 2009-09-11 14:18 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-12-22 01:41 . 2009-06-25 08:25 54272 ------w- c:\windows\system32\dllcache\wdigest.dll
2009-12-22 01:41 . 2009-06-25 08:25 301568 ------w- c:\windows\system32\dllcache\kerberos.dll
2009-12-22 01:41 . 2009-06-24 11:18 92928 ------w- c:\windows\system32\dllcache\ksecdd.sys
2009-12-21 13:18 . 2009-12-21 13:35 -------- d-----w- c:\documents and settings\Owner\Application Data\ImgBurn
2009-12-21 13:15 . 2009-12-21 13:15 -------- d-----w- c:\program files\ImgBurn
2009-12-21 04:37 . 2009-12-21 04:37 -------- d-----w- c:\windows\system32\scripting
2009-12-21 04:37 . 2009-12-21 04:37 -------- d-----w- c:\windows\l2schemas
2009-12-21 04:37 . 2009-12-21 04:37 -------- d-----w- c:\windows\system32\en
2009-12-21 03:37 . 2000-07-21 15:40 2048 ------w- C:\w2ksect.bin
2009-12-21 03:07 . 2009-12-21 12:58 -------- d-----w- C:\XPSETUP
2009-12-20 13:27 . 2009-12-20 16:27 -------- d-----w- c:\windows\BDOSCAN8
2009-12-19 19:23 . 2001-08-18 03:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-12-19 19:23 . 2001-08-18 03:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-12-19 19:23 . 2001-08-18 03:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-12-19 19:23 . 2001-08-18 03:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2009-12-19 19:23 . 2001-08-17 17:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-12-19 19:22 . 2002-08-29 06:59 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2009-12-19 19:22 . 2001-08-17 17:12 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2009-12-19 19:22 . 2001-08-17 18:28 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2009-12-19 19:22 . 2001-08-18 03:36 53760 ----a-w- c:\windows\system32\dllcache\wiamsmud.dll
2009-12-19 19:22 . 2001-08-18 03:36 87040 ----a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2009-12-19 19:22 . 2001-08-17 18:28 701386 ----a-w- c:\windows\system32\dllcache\wdhaalba.sys
2009-12-19 19:22 . 2001-08-17 17:10 35871 ----a-w- c:\windows\system32\dllcache\wbfirdma.sys
2009-12-19 19:20 . 2001-08-17 19:02 230912 ----a-w- c:\windows\system32\dllcache\tosdvd03.sys
2009-12-19 19:19 . 2001-08-17 17:51 37040 ----a-w- c:\windows\system32\dllcache\sonypi.sys
2009-12-19 19:18 . 2001-08-18 03:36 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll
2009-12-19 19:16 . 2001-08-17 18:51 19584 ----a-w- c:\windows\system32\dllcache\rasirda.sys
2009-12-19 19:15 . 2001-08-17 18:53 7168 ----a-w- c:\windows\system32\dllcache\pnrmc.sys
2009-12-19 19:14 . 2001-08-17 17:49 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
2009-12-19 19:14 . 2001-08-17 18:53 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2009-12-19 19:14 . 2001-08-17 18:47 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2009-12-19 19:14 . 2001-08-17 17:20 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
2009-12-19 19:14 . 2001-08-17 17:20 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2009-12-19 19:14 . 2001-08-17 17:12 32840 ----a-w- c:\windows\system32\dllcache\ngrpci.sys
2009-12-19 19:14 . 2002-08-29 06:59 132695 ----a-w- c:\windows\system32\dllcache\netwlan5.sys
2009-12-19 19:12 . 2001-08-17 18:52 17280 ----a-w- c:\windows\system32\dllcache\mraid35x.sys
2009-12-19 19:11 . 2001-08-17 18:28 797500 ----a-w- c:\windows\system32\dllcache\ltsmt.sys
2009-12-19 19:10 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll
2009-12-19 19:09 . 2008-04-14 00:09 13463552 ----a-w- c:\windows\system32\dllcache\hwxjpn.dll
2009-12-19 19:08 . 2001-08-17 17:49 322432 ----a-w- c:\windows\system32\dllcache\g400m.sys
2009-12-19 19:07 . 2001-08-17 17:19 63360 ----a-w- c:\windows\system32\dllcache\ess.sys
2009-12-19 19:06 . 2001-08-18 03:36 41046 ----a-w- c:\windows\system32\dllcache\digiisdn.dll
2009-12-19 19:05 . 2001-08-17 18:57 45696 ----a-w- c:\windows\system32\dllcache\cirrus.sys
2009-12-19 19:04 . 2001-08-17 18:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys
2009-12-19 19:03 . 2001-08-17 17:12 97354 ----a-w- c:\windows\system32\dllcache\aspndis3.sys
2009-12-19 18:59 . 2001-08-17 19:07 101888 ----a-w- c:\windows\system32\dllcache\adpu160m.sys
2009-12-19 18:58 . 2001-08-17 19:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-12-19 15:36 . 2009-12-19 15:36 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\VS Revo Group
2009-12-19 15:35 . 2009-12-30 15:03 -------- d-----w- c:\program files\VS Revo Group
2009-12-19 05:28 . 2009-12-20 13:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-19 05:21 . 2009-12-19 05:21 -------- d-----w- c:\documents and settings\Owner\DoctorWeb
2009-12-19 02:09 . 2009-12-19 02:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-12-19 00:59 . 2009-12-19 00:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-18 18:54 . 2010-01-04 06:02 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-12-18 18:54 . 2010-01-04 06:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-18 17:24 . 2009-12-18 17:24 -------- d-----w- c:\documents and settings\Administrator.YOUR-W92P4BHLZG\Local Settings\Application Data\Mozilla
2009-12-18 11:50 . 2010-01-04 06:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-18 11:50 . 2009-12-18 11:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-18 01:58 . 2010-01-04 05:52 -------- d-----w- c:\program files\a-squared Free

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 14:55 . 2002-03-18 18:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-04 06:05 . 2003-12-19 22:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-04 05:55 . 2003-12-19 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-26 13:14 . 2002-11-03 14:21 41168 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-25 13:18 . 2003-12-19 22:44 -------- d-----w- c:\program files\Lavasoft
2009-12-20 13:20 . 2008-04-29 18:45 -------- d-----w- c:\program files\HP
2009-12-19 18:47 . 2002-03-18 18:50 -------- d-----w- c:\program files\ArcSoft
2009-12-19 17:10 . 2003-02-07 22:25 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-12-19 16:31 . 2002-03-18 18:53 -------- d-----w- c:\program files\Hewlett-Packard
2009-12-18 11:44 . 2002-03-18 18:53 -------- d-----w- c:\program files\HPSelect
2009-10-29 07:45 . 2004-01-08 19:23 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2001-08-18 05:36 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2001-08-18 05:36 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2001-08-18 05:36 79872 ----a-w- c:\windows\system32\raschap.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"S3TRAY2"="S3tray2.exe" [2001-10-04 69632]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2001-06-15 212992]
"PS2"="c:\windows\system32\ps2.exe" [2001-07-03 81920]
"KBD"="c:\hp\KBD\KBD.EXE" [2001-07-06 61440]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2001-08-08 143360]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2001-08-08 90112]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-02 2033432]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-25 149280]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-24 04:23 12464 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk
backup=c:\windows\pss\Verizon Online Support Center.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^EZNet Startup.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\EZNet Startup.lnk
backup=c:\windows\pss\EZNet Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-08-06 20:03 155648 ----a-w- c:\windows\SYSTEM32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-08-02 14:09 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"a2free"=2 (0x2)
"McTskshd.exe"=2 (0x2)
"McDetect.exe"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\drivers\avgldx86.sys [12/23/2009 11:23 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\SYSTEM32\drivers\avgtdix.sys [12/23/2009 11:23 PM 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [12/23/2009 11:22 PM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/23/2009 11:22 PM 285392]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2005-08-31 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2001-08-18 00:12]

2005-08-31 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2001-08-18 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://srch-us4.hpwis.com/
mSearch Bar = hxxp://srch-us4.hpwis.com/
uInternet Settings,ProxyOverride = 127.0.0.1;localhost
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\v3lhl8dy.default\
FF - prefs.js: browser.startup.homepage - http://www.google.com
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-07 00:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3276)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\System32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-07 00:28:51 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-07 05:28
ComboFix2.txt 2010-01-05 15:42

Pre-Run: 19,699,359,744 bytes free
Post-Run: 19,617,165,312 bytes free

- - End Of File - - 0675EEDCB8FDD2C0F540F735FE256601


first file was not found C:\WINDOWS\tasks\ (YOUR-W92P4BHLZG-Owner).job

scans for this file found nothing (no detection) c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
http://virusscan.jotti.org/en/scanresul ... 9b6dae7449


Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2010-01-07 00:57:52
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 19 GB (56%) free of 33 GB
Total RAM: 510 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:21 AM, on 1/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\desktop\rsit.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 1366806265
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1366794203
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6133 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Registration reminder 2.job
C:\WINDOWS\tasks\Registration reminder 3.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2009-12-23 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-25 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"S3TRAY2"=C:\WINDOWS\system32\S3tray2.exe [2001-10-04 69632]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2001-06-15 212992]
"PS2"=C:\WINDOWS\system32\ps2.exe [2001-07-03 81920]
"NvCplDaemon"=NvQTwk,NvCplDaemon initialize []
"KBD"=C:\HP\KBD\KBD.EXE [2001-07-06 61440]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2001-08-07 143360]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2001-08-07 90112]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-01-02 2033432]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-25 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-08-06 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-08-02 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
C:\PROGRA~1\VERIZO~1\SUPPOR~1\bin\matcli.exe [2002-08-06 204800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^EZNet Startup.lnk]
C:\WINDOWS\eznrbt.exe [2000-05-09 61952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"a2free"=2
"McTskshd.exe"=2
"McDetect.exe"=2
"Lavasoft Ad-Aware Service"=2
"wuauserv"=2
"wscsvc"=2
"JavaQuickStarterService"=2

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-12-23 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-01-07 00:28:56 ----D---- C:\WINDOWS\temp
2010-01-07 00:28:52 ----A---- C:\ComboFix.txt
2010-01-05 10:19:18 ----A---- C:\Boot.bak
2010-01-05 10:19:08 ----RASHD---- C:\cmdcons
2010-01-05 10:17:03 ----A---- C:\WINDOWS\zip.exe
2010-01-05 10:17:03 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-05 10:17:03 ----A---- C:\WINDOWS\SWSC.exe
2010-01-05 10:17:03 ----A---- C:\WINDOWS\SWREG.exe
2010-01-05 10:17:03 ----A---- C:\WINDOWS\sed.exe
2010-01-05 10:17:03 ----A---- C:\WINDOWS\PEV.exe
2010-01-05 10:17:03 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-05 10:17:03 ----A---- C:\WINDOWS\MBR.exe
2010-01-05 10:17:03 ----A---- C:\WINDOWS\grep.exe
2010-01-05 10:15:01 ----D---- C:\Qoobox
2010-01-04 01:13:47 ----D---- C:\rsit
2009-12-30 09:59:18 ----D---- C:\Program Files\CCleaner
2009-12-25 16:13:47 ----D---- C:\Program Files\Panda Security
2009-12-25 11:36:25 ----D---- C:\WINDOWS\McAfee.com
2009-12-25 08:30:32 ----A---- C:\WINDOWS\system32\javaws.exe
2009-12-25 08:30:32 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-12-25 08:30:31 ----A---- C:\WINDOWS\system32\javaw.exe
2009-12-25 08:30:31 ----A---- C:\WINDOWS\system32\java.exe
2009-12-25 08:27:20 ----D---- C:\Program Files\Java
2009-12-24 23:24:26 ----D---- C:\WINDOWS\ERDNT
2009-12-24 23:24:03 ----D---- C:\Program Files\ERUNT
2009-12-24 23:05:34 ----D---- C:\Program Files\Trend Micro
2009-12-23 23:24:19 ----D---- C:\$AVG
2009-12-23 23:23:52 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-12-23 23:22:12 ----D---- C:\Program Files\AVG
2009-12-23 23:22:07 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2009-12-23 23:05:16 ----D---- C:\Program Files\Kerio
2009-12-23 17:52:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-23 17:51:48 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2009-12-23 17:51:28 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-23 17:51:09 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-23 17:50:55 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2009-12-23 17:50:36 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-23 17:50:17 ----HDC---- C:\WINDOWS\$NtUninstallKB976325$
2009-12-23 17:50:00 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-12-23 17:49:34 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-12-23 17:49:18 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-12-23 17:49:02 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-12-23 17:48:48 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-12-23 17:48:33 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-12-23 17:48:18 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-12-23 17:48:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-12-23 17:48:02 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-12-23 17:47:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-12-23 17:45:58 ----D---- C:\WINDOWS\ie8updates
2009-12-23 17:44:33 ----D---- C:\WINDOWS\WBEM
2009-12-23 17:43:09 ----HDC---- C:\WINDOWS\ie8
2009-12-23 17:39:58 ----A---- C:\WINDOWS\system32\MRT.exe
2009-12-23 15:24:57 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-12-23 15:24:43 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-12-23 15:24:25 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-12-23 15:24:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-12-23 15:23:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-12-23 15:23:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-12-23 15:23:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-12-23 15:22:51 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-12-23 15:22:35 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-12-23 15:22:24 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-12-23 15:21:59 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-12-23 15:21:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-12-23 15:08:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-12-23 15:06:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-12-23 15:05:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-12-23 15:02:43 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-12-23 15:01:24 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-12-23 14:57:59 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-12-23 14:53:48 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-12-23 14:52:11 ----N---- C:\WINDOWS\system32\ieencode.dll
2009-12-21 08:18:19 ----D---- C:\Documents and Settings\Owner\Application Data\ImgBurn
2009-12-21 08:15:47 ----D---- C:\Program Files\ImgBurn
2009-12-21 00:23:13 ----D---- C:\WINDOWS\Prefetch
2009-12-21 00:03:34 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-12-21 00:03:07 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-12-21 00:02:44 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-12-21 00:02:11 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-12-21 00:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$
2009-12-21 00:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-12-21 00:01:03 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-12-21 00:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-12-21 00:00:30 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-12-21 00:00:08 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-12-20 23:59:51 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-12-20 23:59:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-12-20 23:59:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-12-20 23:59:05 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-12-20 23:58:40 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-12-20 23:58:22 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-12-20 23:58:07 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-12-20 23:57:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-12-20 23:57:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-12-20 23:57:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-12-20 23:56:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-12-20 23:56:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2009-12-20 23:55:42 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-12-20 23:55:26 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-12-20 23:55:12 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-12-20 23:54:29 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2009-12-20 23:54:05 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-12-20 23:53:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-12-20 23:53:34 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-12-20 23:53:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-12-20 23:52:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-12-20 23:52:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-12-20 23:52:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-12-20 23:52:08 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-12-20 23:51:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-12-20 23:51:41 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-12-20 23:51:32 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-12-20 23:50:58 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-12-20 23:37:57 ----D---- C:\WINDOWS\system32\en-us
2009-12-20 23:37:54 ----D---- C:\WINDOWS\system32\scripting
2009-12-20 23:37:51 ----D---- C:\WINDOWS\l2schemas
2009-12-20 23:37:49 ----D---- C:\WINDOWS\system32\en
2009-12-20 23:28:16 ----D---- C:\WINDOWS\network diagnostic
2009-12-20 22:40:46 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-12-20 22:07:59 ----D---- C:\XPSETUP
2009-12-20 08:27:11 ----D---- C:\WINDOWS\BDOSCAN8
2009-12-19 10:35:04 ----D---- C:\Program Files\VS Revo Group
2009-12-19 00:28:43 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-12-18 21:09:33 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2009-12-18 19:59:08 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-18 13:54:35 ----D---- C:\Program Files\SUPERAntiSpyware
2009-12-18 13:54:35 ----D---- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2009-12-18 06:50:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-18 06:50:58 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-12-17 20:58:55 ----D---- C:\Program Files\a-squared Free

======List of files/folders modified in the last 1 months======

2010-01-07 00:28:57 ----D---- C:\WINDOWS\system32\drivers
2010-01-07 00:28:56 ----AD---- C:\WINDOWS
2010-01-07 00:26:24 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-07 00:20:05 ----A---- C:\WINDOWS\system.ini
2010-01-07 00:19:31 ----A---- C:\WINDOWS\ModemLog_Lucent Win Modem.txt
2010-01-07 00:17:26 ----D---- C:\WINDOWS\system32\config
2010-01-07 00:16:04 ----RD---- C:\Program Files
2010-01-07 00:16:03 ----D---- C:\WINDOWS\pss
2010-01-07 00:11:31 ----D---- C:\WINDOWS\AppPatch
2010-01-07 00:11:31 ----AD---- C:\WINDOWS\SYSTEM32
2010-01-07 00:11:26 ----D---- C:\Program Files\Common Files
2010-01-07 00:05:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-05 10:40:57 ----SD---- C:\WINDOWS\Tasks
2010-01-05 10:28:53 ----D---- C:\WINDOWS\SYSTEM
2010-01-05 10:19:18 ----RASH---- C:\BOOT.INI
2010-01-05 09:55:25 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-04 01:05:11 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-01-04 01:05:11 ----D---- C:\Config.Msi
2010-01-04 01:02:08 ----SHD---- C:\WINDOWS\Installer
2010-01-04 00:55:47 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-30 09:59:43 ----D---- C:\WINDOWS\Debug
2009-12-30 09:59:39 ----D---- C:\WINDOWS\Minidump
2009-12-28 08:04:34 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-12-26 14:17:06 ----D---- C:\WINDOWS\INF
2009-12-26 13:58:12 ----A---- C:\WINDOWS\win.ini
2009-12-25 08:18:39 ----D---- C:\Program Files\Lavasoft
2009-12-24 23:14:14 ----D---- C:\Program Files\Mozilla Firefox
2009-12-23 23:46:36 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-12-23 23:45:08 ----D---- C:\WINDOWS\$hf_mig$
2009-12-23 23:21:39 ----D---- C:\WINDOWS\WinSxS
2009-12-23 18:44:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-23 18:40:34 ----D---- C:\WINDOWS\HELP
2009-12-23 18:40:34 ----D---- C:\Program Files\Internet Explorer
2009-12-23 17:50:59 ----D---- C:\WINDOWS\system32\CatRoot
2009-12-23 17:44:23 ----D---- C:\WINDOWS\MEDIA
2009-12-23 15:24:00 ----D---- C:\Program Files\Outlook Express
2009-12-21 00:22:06 ----D---- C:\WINDOWS\system32\Setup
2009-12-21 00:22:05 ----D---- C:\WINDOWS\system32\wbem
2009-12-21 00:22:02 ----D---- C:\WINDOWS\FONTS
2009-12-21 00:20:48 ----D---- C:\WINDOWS\security
2009-12-20 23:51:45 ----D---- C:\Program Files\Messenger
2009-12-20 23:38:54 ----D---- C:\WINDOWS\ServicePackFiles
2009-12-20 23:38:52 ----D---- C:\Program Files\Windows Media Player
2009-12-20 23:38:28 ----D---- C:\WINDOWS\ime
2009-12-20 23:37:57 ----D---- C:\WINDOWS\system32\usmt
2009-12-20 23:37:49 ----D---- C:\Program Files\MSN
2009-12-20 23:37:48 ----D---- C:\WINDOWS\system32\bits
2009-12-20 23:37:48 ----D---- C:\WINDOWS\peernet
2009-12-20 23:37:47 ----D---- C:\Program Files\Movie Maker
2009-12-20 23:32:25 ----D---- C:\WINDOWS\system32\Restore
2009-12-20 23:32:25 ----D---- C:\WINDOWS\system32\npp
2009-12-20 23:32:22 ----D---- C:\WINDOWS\msagent
2009-12-20 23:32:19 ----D---- C:\WINDOWS\srchasst
2009-12-20 23:32:18 ----D---- C:\Program Files\NetMeeting
2009-12-20 23:32:15 ----D---- C:\WINDOWS\system32\Com
2009-12-20 23:32:11 ----D---- C:\Program Files\Windows NT
2009-12-20 23:32:06 ----D---- C:\Program Files\Common Files\System
2009-12-20 23:31:25 ----D---- C:\WINDOWS\system32\oobe
2009-12-20 23:24:02 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-20 23:23:36 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-12-20 23:15:49 ----D---- C:\WINDOWS\ehome
2009-12-20 22:41:41 ----D---- C:\WINDOWS\SoftwareDistribution
2009-12-20 08:20:10 ----D---- C:\Program Files\HP
2009-12-20 08:17:56 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-19 13:47:38 ----D---- C:\Program Files\ArcSoft
2009-12-19 13:46:00 ----A---- C:\WINDOWS\fantasy2.ini
2009-12-19 13:45:59 ----A---- C:\WINDOWS\pstudio.ini
2009-12-19 13:45:59 ----A---- C:\WINDOWS\album.ini
2009-12-19 13:10:23 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-12-19 13:05:26 ----D---- C:\Program Files\Microsoft Office
2009-12-19 12:10:41 ----D---- C:\Program Files\Microsoft ActiveSync
2009-12-19 11:54:48 ----D---- C:\hp
2009-12-19 11:31:09 ----D---- C:\Program Files\Hewlett-Packard
2009-12-19 11:23:57 ----D---- C:\WINDOWS\twain_32
2009-12-19 00:17:30 ----D---- C:\WINDOWS\Cursors
2009-12-18 22:33:13 ----D---- C:\WINDOWS\provisioning
2009-12-18 06:44:54 ----D---- C:\Program Files\HPSelect

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-12-23 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-12-23 28424]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-12-23 360584]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2005-05-10 32256]
R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-17 12032]
R3 catchme;catchme; \??\C:\Combo-Fix\catchme.sys []
R3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2001-08-08 158140]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-03-31 625537]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2001-09-16 13716]
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2001-06-04 14112]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2001-09-24 463848]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 Dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\System32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 Freedom;FREEDOM Miniport; C:\WINDOWS\System32\DRIVERS\FREEDOM.SYS []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-27 21568]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2001-08-08 12479]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2001-08-08 12031]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2001-08-08 11679]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2001-08-08 11999]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2001-08-08 19359]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2001-08-08 29215]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2001-08-08 19199]
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2001-08-08 33503]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2001-08-08 23519]
S3 mbr;mbr; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys []
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2001-09-27 702777]
S3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648]
S3 S3SavageNB;S3SavageNB; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2001-10-12 114816]
S3 sermouse;Serial Mouse Driver; C:\WINDOWS\System32\DRIVERS\sermouse.sys [2001-08-17 17664]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2009-12-23 906520]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-12-23 285392]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2001-09-27 57344]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-03-14 69632]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-25 153376]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe []
S4 McDetect.exe;McAfee WSC Integration; c:\program files\mcafee.com\agent\mcdetect.exe []
S4 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe []

-----------------EOF-----------------



info.txt logfile of random's system information tool 1.06 2010-01-07 00:58:24

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Easy Internet Sign-up-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B5DDB2C-0807-47FD-9C11-80EA761902C0}\Setup.exe" -l0x9
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
KBD-->C:\HP\KBD\KBD.EXE uninstalled
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 1.5 combined Win32 extensions-->C:\PROGRA~1\Python\UNWISE~1.EXE C:\PROGRA~1\Python\W32INST.LOG
Python 1.5.2 (final)-->C:\PROGRA~1\Python\UNWISE.EXE C:\PROGRA~1\Python\INSTALL.LOG
Revo Uninstaller 1.83-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
S3 Gamma-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3 Gamma'
S3 Savage4 Family Display Switch2 Utility-->S3Uninst.exe -reg 5 HKLM\SOFTWARE\S3\S3Uninst\S3Switch2
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
Tcl 8.0.5 for Windows-->C:\PROGRA~1\Tcl\UNWISE.EXE C:\PROGRA~1\Tcl\INSTALL.LOG
Update for Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip Self-Extractor-->"C:\Program Files\WinZip Self-Extractor\setup.exe" /uninstall

=====HijackThis Backups=====

O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart [2009-12-24]
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background [2009-12-24]
O4 - HKUS\.DEFAULT\..\Run: [AntiVirus Plus] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Owner\Application Data\AntiVirus Plus\AntiVirus Plus.70367223.dll", start 70367223 (User 'Default user') [2009-12-24]
O4 - HKUS\S-1-5-18\..\Run: [AntiVirus Plus] "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\Owner\Application Data\AntiVirus Plus\AntiVirus Plus.70367223.dll", start 70367223 (User 'SYSTEM') [2009-12-24]
O21 - SSODL: kawokozub - {f6e35b9e-702d-433a-bd54-cc2120e2a118} - c:\windows\system32\yuzepijo.dll (file missing) [2009-12-24]
O21 - SSODL: pivatezeh - {a2731c41-3ba2-4821-8d9f-fc8351fb8ef9} - c:\windows\system32\yuzepijo.dll (file missing) [2009-12-24]
O22 - SharedTaskScheduler: tokatiluy - {f6e35b9e-702d-433a-bd54-cc2120e2a118} - c:\windows\system32\yuzepijo.dll (file missing) [2009-12-24]
O21 - SSODL: kisugevek - {7efb1e66-a1a2-4a30-bc02-0127ee6295e9} - c:\windows\system32\yuzepijo.dll (file missing) [2009-12-24]
O22 - SharedTaskScheduler: gahurihor - {7efb1e66-a1a2-4a30-bc02-0127ee6295e9} - c:\windows\system32\yuzepijo.dll (file missing) [2009-12-24]
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing) [2009-12-24]
O22 - SharedTaskScheduler: gahurihor - {a2731c41-3ba2-4821-8d9f-fc8351fb8ef9} - c:\windows\system32\yuzepijo.dll (file missing) [2009-12-24]

======Security center information======

AV: AVG Anti-Virus Free (disabled)

======System event log======

Computer Name: YOUR-W92P4BHLZG
Event Code: 7000
Message: The Lavasoft Ad-Aware Service service failed to start due to the following error:
The system cannot find the path specified.


Record Number: 70308
Source Name: Service Control Manager
Time Written: 20091221193126.000000-300
Event Type: error
User:

Computer Name: YOUR-W92P4BHLZG
Event Code: 7000
Message: The Lavasoft Ad-Aware Service service failed to start due to the following error:
The system cannot find the path specified.


Record Number: 70285
Source Name: Service Control Manager
Time Written: 20091221175005.000000-300
Event Type: error
User:

Computer Name: YOUR-W92P4BHLZG
Event Code: 7000
Message: The Lavasoft Ad-Aware Service service failed to start due to the following error:
The system cannot find the path specified.


Record Number: 70243
Source Name: Service Control Manager
Time Written: 20091221071042.000000-300
Event Type: error
User:

Computer Name: YOUR-W92P4BHLZG
Event Code: 7000
Message: The Lavasoft Ad-Aware Service service failed to start due to the following error:
The system cannot find the path specified.


Record Number: 70228
Source Name: Service Control Manager
Time Written: 20091221002350.000000-300
Event Type: error
User:

Computer Name: YOUR-W92P4BHLZG
Event Code: 20
Message: Printer Driver HP OfficeJet K60xi for Windows NT x86 Version-3 was added or updated. Files:- (null).

Record Number: 70227
Source Name: Print
Time Written: 20091221002337.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: YOUR-W92P4BHLZG
Event Code: 1000
Message: Faulting application svchost.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Record Number: 6305
Source Name: Application Error
Time Written: 20091119104403.000000-300
Event Type: error
User:

Computer Name: YOUR-W92P4BHLZG
Event Code: 1004
Message: Faulting application svchost.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Record Number: 6303
Source Name: Application Error
Time Written: 20091119104321.000000-300
Event Type: error
User:

Computer Name: YOUR-W92P4BHLZG
Event Code: 1000
Message: Faulting application svchost.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Record Number: 6302
Source Name: Application Error
Time Written: 20091119104005.000000-300
Event Type: error
User:

Computer Name: YOUR-W92P4BHLZG
Event Code: 1004
Message: Faulting application svchost.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Record Number: 6301
Source Name: Application Error
Time Written: 20091119103955.000000-300
Event Type: error
User:

Computer Name: YOUR-W92P4BHLZG
Event Code: 1000
Message: Faulting application svchost.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Record Number: 6299
Source Name: Application Error
Time Written: 20091119103609.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program files\PC-Doctor for Windows XP\WINDSAPI
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 11 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0b01
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------
ejames82
Regular Member
 
Posts: 54
Joined: December 2nd, 2007, 4:34 pm
Location: syracuse, new york

Re: kids were allowed to have "fun" with this computer

Unread postby xixo_12 » January 7th, 2010, 12:00 pm

Hi,

First,
Information - Adobe Acrobat (old version) as the Default PDF Reader.
  • You can keep your Adobe Acrobat (Old version), but using it to open PDF files from the net is risky.
  • I would like to remove all related registry that call the program to keep you in the secure environment.
  • You can still use the Acrobat from Start > All Programs.
  • Please use ONLY the latest Adobe Reader program as the default application on Internet PDF files.

Next,
Fix entries.
  • Run the HiJack This.
  • Click on Do a system scan only button.
  • Search the entries as below and tick at the small box.
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
  • Close any other program and leave HiJackThis program alone.
  • Click Fix checked.

Next,
Adobe Reader.
You should use only this reader to open the online PDF.
  • Go HERE and click on AdbeRdr920_en_US.exe to download the latest version of Adobe Acrobat Reader.
  • Save this file to your desktop and run it to install the latest version.

Next,
Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here and save to the desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
    Image
  • Refer to above image and then click Remove Selected to proceed.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.


Next,
Checklist.
Please post.
  • Content of MBAM log
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: kids were allowed to have "fun" with this computer

Unread postby ejames82 » January 8th, 2010, 12:40 am

xixo_12,

i removed the old adobe and installed the new, exactly the way you instructed.

here is the log from malwarebytes. all the infections were, indeed, within system restore.

there still seems to be a delay when i type, but it's not consistent. it's sporatic.

thank you.


Malwarebytes' Anti-Malware 1.43
Database version: 3509
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/7/2010 11:28:06 PM
mbam-log-2010-01-07 (23-28-06).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|)
Objects scanned: 194489
Time elapsed: 1 hour(s), 37 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP347\A0067395.sys (Malware.Trace) -> Not selected for removal.
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP347\A0067502.sys (Malware.Trace) -> Not selected for removal.
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP347\A0067678.sys (Malware.Trace) -> Not selected for removal.
ejames82
Regular Member
 
Posts: 54
Joined: December 2nd, 2007, 4:34 pm
Location: syracuse, new york

Re: kids were allowed to have "fun" with this computer

Unread postby xixo_12 » January 8th, 2010, 8:37 am

Hi,

Good ;) ,
Let's proceed.

there still seems to be a delay when i type, but it's not consistent. it's sporatic.

I still try to figure out about this issue. Meanwhile please have this instruction to be run.

Next,
Kaspersky Online AV Scan
Note: Internet Explorer should be used.
Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan and then put the kettle on!
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place like your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Copy and paste the report into your next.

Next,
Checklist.
Please post.
  • Content of Kaspersky scan log
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: kids were allowed to have "fun" with this computer

Unread postby ejames82 » January 9th, 2010, 12:06 pm

xixo_12,

kaspersky scan results below:

thank you.


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, January 9, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, January 08, 2010 14:39:47
Records in database: 3318541
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Objects scanned: 80185
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 24:20:04

No threats found. Scanned area is clean.

Selected area has been scanned.
ejames82
Regular Member
 
Posts: 54
Joined: December 2nd, 2007, 4:34 pm
Location: syracuse, new york
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 477 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware