windows disovers spyware [RESOLVED]

Welcome Guest ( Log In | Register )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.

> Geeks to Go! » Security » Malware Removal - HijackThis™ Logs Go Here

windows disovers spyware [RESOLVED], red cross

Options

bigyin43 View Member Profile	Oct 11 2008, 01:55 PM Post #1
Member Posts: 39 OS: xp	hi windows has started a pop up balloon telling me it has discovered malicious spyware, and to allow it to download sophisticated spyware removal tools to remove it. i have run spybot, and ad aware, both are now telling me i am clear of spyware. and avast discovered a trojan which has been moved to the chest. however on start up the red circle and warning comes up again . any ideas. thanks in advance. bigyin

kahdah View Member Profile	Oct 11 2008, 02:46 PM Post #2
GeekU Teacher Posts: 9,418 From: Somewhere OS: Windows xp home	Hello bigyin43 Welcome to G2Go. ===================== Download random's system information tool (RSIT) by random/random from here and save it to your desktop. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

bigyin43 View Member Profile	Oct 12 2008, 02:11 AM Post #3
Member Posts: 39 OS: xp	Logfile of random's system information tool 1.04 (written by random/random) Run by al at 2008-10-12 09:03:13 Microsoft Windows XP Professional Service Pack 3 System drive C: has 54 GB (71%) free of 76 GB Total RAM: 511 MB (25% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:03:32 AM, on 10/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Lexmark 6200 Series\lxbumon.exe C:\Program Files\Lexmark 6200 Series\ezprint.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\brastk.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Kontiki\KHost.exe C:\Program Files\AntispywareBot\AntispywareBot.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\Kontiki\KService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\lxbucoms.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\al\Desktop\RSIT.exe C:\Program Files\trend micro\al.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [kdx] "C:\Program Files\Kontiki\KHost.exe" -all O4 - HKLM\..\Run: [brastk] brastk.exe O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all O4 - HKCU\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe O4 - HKCU\..\Run: [AntispywareBot] C:\Program Files\AntispywareBot\AntispywareBot.exe -boot O4 - HKLM\..\Policies\Explorer\Run: [HJTUOG7eI4] C:\Documents and Settings\al\Desktop\keygen.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe O4 - Global Startup: Exif Launcher.lnk = ? O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205006871494 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205007287369 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin9.valueactive.com/Register/Br...018/flashax.cab O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://bellerock.microgaming.com/freeplay/FlashAX2.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe -- End of file - 7453 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AntispywareBot Scheduled Scan.job ======Registry dump====== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SpeedTouch USB Diagnostics"=C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [2004-01-26 866816] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2003-12-17 3059712] "nwiz"=nwiz.exe /install [] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "lxbumon.exe"=C:\Program Files\Lexmark 6200 Series\lxbumon.exe [2005-01-18 196608] "FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2004-11-22 299008] ""= [] "EzPrint"=C:\Program Files\Lexmark 6200 Series\ezprint.exe [2004-09-17 61440] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-04-04 185896] "REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248] "kdx"=C:\Program Files\Kontiki\KHost.exe [2008-02-27 1032376] "brastk"=C:\WINDOWS\system32\brastk.exe [2008-10-10 10240] "LXBUCATS"=rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXBUtime.dll [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "HJTUOG7eI4"=C:\Documents and Settings\al\Desktop\keygen.exe [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "kdx"=C:\Program Files\Kontiki\KHost.exe [2008-02-27 1032376] "brastk"=C:\WINDOWS\system32\brastk.exe [2008-10-10 10240] "AntispywareBot"=C:\Program Files\AntispywareBot\AntispywareBot.exe [2008-10-09 14508032] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Belkin Wireless USB Utility.lnk - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE C:\Documents and Settings\al\Start Menu\Programs\Startup OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 183808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "DisableTaskMgr"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoWindowsUpdate"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Documents and Settings\al\Local Settings\Temp\usmt\migwiz.exe"="C:\Documents and Settings\al\Local Settings\Temp\usmt\migwiz.exe::Disabled:Files and Settings Transfer Wizard" "C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe::Enabled:Delivery Manager Service" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe::Enabled:LimeWire" "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe::Enabled:Internet Explorer" "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe::Enabled:RealPlayer" "C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe::Enabled:Sunbelt Firewall GUI" "C:\Program Files\IEPro\MiniDM.exe"="C:\Program Files\IEPro\MiniDM.exe::Enabled:MiniDM" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe::Enabled:Windows Messenger" "C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe::Enabled:BlueSoleil" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======List of files/folders created in the last 1 months====== 2008-10-12 09:03:15 ----D---- C:\Program Files\trend micro 2008-10-12 09:03:13 ----D---- C:\rsit 2008-10-11 21:42:06 ----D---- C:\Program Files\Musaic Box 2008-10-11 08:40:39 ----D---- C:\Documents and Settings\al\Application Data\AntispywareBot 2008-10-11 08:40:30 ----D---- C:\Program Files\AntispywareBot 2008-10-10 20:32:59 ----D---- C:\WINDOWS\system32\smp 2008-10-10 20:32:59 ----A---- C:\WINDOWS\system32\WINWGPX.EXE 2008-10-10 20:32:59 ----A---- C:\WINDOWS\system32\winsystem.exe 2008-10-10 20:32:59 ----A---- C:\WINDOWS\system32\winlogonpc.exe 2008-10-10 20:32:59 ----A---- C:\WINDOWS\system32\vcatchpi.dll 2008-10-10 20:32:59 ----A---- C:\WINDOWS\system32\vbsys2.dll 2008-10-10 20:32:59 ----A---- C:\WINDOWS\system32\thun32.dll 2008-10-10 20:32:59 ----A---- C:\WINDOWS\system32\thun.dll 2008-10-10 20:32:59 ----A---- C:\WINDOWS\system32\taack.exe 2008-10-10 20:32:59 ----A---- C:\WINDOWS\system32\sysreq.exe 2008-10-10 20:32:59 ----A---- C:\WINDOWS\system32\Rundl1.exe 2008-10-10 20:32:59 ----A---- C:\WINDOWS\system32\psoft1.exe 2008-10-10 20:32:59 ----A---- C:\WINDOWS\system32\psof1.exe 2008-10-10 20:32:59 ----A---- C:\WINDOWS\system32\ps1.exe 2008-10-10 20:32:59 ----A---- C:\WINDOWS\system32\newsd32.exe 2008-10-10 20:32:59 ----A---- C:\WINDOWS\system32\netode.exe 2008-10-10 20:32:59 ----A---- C:\WINDOWS\system32\mwin32.exe 2008-10-10 20:32:59 ----A---- C:\WINDOWS\system32\mtr2.exe 2008-10-10 20:32:59 ----A---- C:\WINDOWS\system32\mssecu.exe 2008-10-10 20:32:59 ----A---- C:\WINDOWS\system32\msgp.exe 2008-10-10 20:32:59 ----A---- C:\WINDOWS\system32\hxiwlgpm.exe 2008-10-10 20:32:59 ----A---- C:\WINDOWS\system32\bsva-egihsg52.exe 2008-10-10 20:32:59 ----A---- C:\WINDOWS\system32\bdn.com 2008-10-10 20:32:59 ----A---- C:\WINDOWS\system32\awtoolb.dll 2008-10-10 20:32:59 ----A---- C:\WINDOWS\system32\akttzn.exe 2008-10-10 20:32:59 ----A---- C:\WINDOWS\bdn.com 2008-10-10 20:32:59 ----A---- C:\WINDOWS\a.bat 2008-10-10 20:30:32 ----A---- C:\WINDOWS\brastk.exe 2008-10-10 20:23:55 ----D---- C:\Program Files\itqguef 2008-10-10 20:23:47 ----D---- C:\Documents and Settings\All Users\Application Data\ofazqfsn 2008-10-10 20:23:42 ----D---- C:\Documents and Settings\All Users\Application Data\ynixulil 2008-10-10 20:23:42 ----A---- C:\WINDOWS\system32\brastk.exe 2008-10-09 19:01:25 ----D---- C:\Program Files\Instant CD & DVD Burner 2008-10-01 16:41:02 ----D---- C:\DVDClone 2008-10-01 16:40:41 ----D---- C:\Documents and Settings\al\Application Data\dvdcss 2008-10-01 16:37:21 ----A---- C:\WINDOWS\AoADVDRipper.INI 2008-10-01 15:29:55 ----A---- C:\WINDOWS\DVDShrink.txt 2008-10-01 15:29:39 ----D---- C:\Documents and Settings\al\Application Data\AVS4YOU 2008-10-01 15:29:38 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU 2008-10-01 15:28:02 ----D---- C:\Program Files\Common Files\AVSMedia 2008-10-01 15:28:02 ----A---- C:\WINDOWS\system32\msxml3a.dll 2008-10-01 15:28:01 ----A---- C:\WINDOWS\system32\msvcr70.dll 2008-10-01 15:28:01 ----A---- C:\WINDOWS\system32\msvcp70.dll 2008-10-01 15:28:01 ----A---- C:\WINDOWS\system32\mfc70.dll 2008-10-01 15:28:00 ----D---- C:\Program Files\AVS4YOU 2008-09-27 20:36:08 ----D---- C:\Program Files\Sky 2008-09-27 20:36:08 ----D---- C:\Documents and Settings\All Users\Application Data\Sky 2008-09-27 16:47:11 ----D---- C:\WINDOWS\system32\Adobe 2008-09-27 12:45:42 ----D---- C:\Program Files\Maxis 2008-09-21 17:45:35 ----D---- C:\Documents and Settings\al\Application Data\FUJIFILM 2008-09-21 16:47:05 ----D---- C:\MWASPINT 2008-09-21 16:47:05 ----A---- C:\WINDOWS\system32\WNASPI32.DLL 2008-09-21 16:47:04 ----A---- C:\WINDOWS\msfsetup.ini 2008-09-21 16:45:22 ----D---- C:\Program Files\PIXELA 2008-09-21 16:44:53 ----A---- C:\WINDOWS\unvise32qt.exe 2008-09-21 16:44:02 ----D---- C:\Documents and Settings\All Users\Application Data\QuickTime 2008-09-21 16:43:56 ----A---- C:\WINDOWS\system32\qttask.exe 2008-09-21 16:43:41 ----D---- C:\WINDOWS\system32\QuickTime 2008-09-21 16:43:39 ----D---- C:\Program Files\QuickTime 2008-09-21 16:43:17 ----A---- C:\WINDOWS\system32\FPXS2Pro.dll 2008-09-21 16:43:17 ----A---- C:\WINDOWS\system32\FE05F3D5.dll 2008-09-21 16:43:17 ----A---- C:\WINDOWS\system32\FE05F051.dll 2008-09-21 16:43:17 ----A---- C:\WINDOWS\system32\FE05DA0D.dll 2008-09-21 16:42:31 ----A---- C:\WINDOWS\system32\FFRAFLIB.DLL 2008-09-21 16:42:29 ----A---- C:\WINDOWS\system32\FFTIFF16.dll 2008-09-21 16:41:55 ----D---- C:\Program Files\FinePixViewer 2008-09-21 16:41:16 ----N---- C:\WINDOWS\system32\FINFCOPY.dll 2008-09-21 16:41:16 ----N---- C:\WINDOWS\system32\FINFCHECK.dll 2008-09-21 16:41:16 ----D---- C:\Program Files\REGSHAVE 2008-09-21 16:41:14 ----N---- C:\WINDOWS\system32\FREGSHEX.DLL 2008-09-21 16:41:14 ----N---- C:\WINDOWS\system32\FCLKBTN.DLL 2008-09-21 16:37:47 ----D---- C:\Program Files\Jasc Software Inc 2008-09-20 18:04:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$ 2008-09-19 13:35:12 ----A---- C:\WINDOWS\OEWABLog.txt 2008-09-19 13:35:00 ----A---- C:\WINDOWS\system32\wmpns.dll 2008-09-19 13:33:37 ----D---- C:\WINDOWS\Prefetch 2008-09-19 13:09:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2008-09-19 13:08:50 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2008-09-19 13:08:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2008-09-19 13:07:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2008-09-19 13:07:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2008-09-19 13:06:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$ 2008-09-19 13:06:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2008-09-19 13:05:52 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2008-09-19 13:05:24 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2008-09-19 13:04:48 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2008-09-19 13:04:20 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$ 2008-09-19 12:54:24 ----A---- C:\WINDOWS\setuplog.txt 2008-09-19 12:50:50 ----D---- C:\WINDOWS\system32\scripting 2008-09-19 12:50:46 ----D---- C:\WINDOWS\l2schemas 2008-09-19 12:50:45 ----D---- C:\WINDOWS\system32\en 2008-09-19 12:50:44 ----D---- C:\WINDOWS\system32\bits 2008-09-19 11:53:24 ----N---- C:\WINDOWS\system32\wmphoto.dll 2008-09-19 11:53:21 ----N---- C:\WINDOWS\system32\wlanapi.dll 2008-09-19 11:53:19 ----N---- C:\WINDOWS\system32\windowscodecsext.dll 2008-09-19 11:53:18 ----N---- C:\WINDOWS\system32\windowscodecs.dll 2008-09-19 11:53:02 ----N---- C:\WINDOWS\system32\tspkg.dll 2008-09-19 11:53:01 ----N---- C:\WINDOWS\system32\tsgqec.dll 2008-09-19 11:52:39 ----N---- C:\WINDOWS\system32\setupn.exe 2008-09-19 11:52:30 ----N---- C:\WINDOWS\system32\rhttpaa.dll 2008-09-19 11:52:27 ----N---- C:\WINDOWS\system32\rasqec.dll 2008-09-19 11:52:26 ----N---- C:\WINDOWS\system32\qutil.dll 2008-09-19 11:52:24 ----N---- C:\WINDOWS\system32\qcliprov.dll 2008-09-19 11:52:23 ----N---- C:\WINDOWS\system32\qagentrt.dll 2008-09-19 11:52:23 ----N---- C:\WINDOWS\system32\qagent.dll 2008-09-19 11:52:19 ----N---- C:\WINDOWS\system32\photometadatahandler.dll 2008-09-19 11:52:15 ----N---- C:\WINDOWS\system32\onex.dll 2008-09-19 11:51:55 ----N---- C:\WINDOWS\system32\napstat.exe 2008-09-19 11:51:55 ----N---- C:\WINDOWS\system32\napmontr.dll 2008-09-19 11:51:55 ----N---- C:\WINDOWS\system32\napipsec.dll 2008-09-19 11:51:52 ----N---- C:\WINDOWS\system32\msxml6r.dll 2008-09-19 11:51:52 ----N---- C:\WINDOWS\system32\msxml6.dll 2008-09-19 11:51:48 ----N---- C:\WINDOWS\system32\msshavmsg.dll 2008-09-19 11:51:48 ----N---- C:\WINDOWS\system32\mssha.dll 2008-09-19 11:51:23 ----N---- C:\WINDOWS\system32\mmcperf.exe 2008-09-19 11:51:22 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll 2008-09-19 11:51:22 ----N---- C:\WINDOWS\system32\mmcex.dll 2008-09-19 11:51:22 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll 2008-09-19 11:51:10 ----N---- C:\WINDOWS\system32\l2gpstore.dll 2008-09-19 11:51:09 ----N---- C:\WINDOWS\system32\kmsvc.dll 2008-09-19 11:51:08 ----N---- C:\WINDOWS\system32\kbdpash.dll 2008-09-19 11:51:08 ----N---- C:\WINDOWS\system32\kbdnepr.dll 2008-09-19 11:51:08 ----N---- C:\WINDOWS\system32\kbdiultn.dll 2008-09-19 11:51:07 ----N---- C:\WINDOWS\system32\kbdbhc.dll 2008-09-19 11:50:49 ----N---- C:\WINDOWS\system32\smtpapi.dll 2008-09-19 11:50:48 ----N---- C:\WINDOWS\system32\rwnh.dll 2008-09-19 11:50:06 ----A---- C:\WINDOWS\005704_.tmp 2008-09-19 11:50:03 ----N---- C:\WINDOWS\system32\eapsvc.dll 2008-09-19 11:50:03 ----N---- C:\WINDOWS\system32\eapqec.dll 2008-09-19 11:50:03 ----N---- C:\WINDOWS\system32\eappprxy.dll 2008-09-19 11:50:03 ----N---- C:\WINDOWS\system32\eapphost.dll 2008-09-19 11:50:03 ----N---- C:\WINDOWS\system32\eappgnui.dll 2008-09-19 11:50:03 ----N---- C:\WINDOWS\system32\eappcfg.dll 2008-09-19 11:50:03 ----N---- C:\WINDOWS\system32\eapp3hst.dll 2008-09-19 11:50:03 ----N---- C:\WINDOWS\system32\eapolqec.dll 2008-09-19 11:49:58 ----N---- C:\WINDOWS\system32\dot3ui.dll 2008-09-19 11:49:58 ----N---- C:\WINDOWS\system32\dot3svc.dll 2008-09-19 11:49:58 ----N---- C:\WINDOWS\system32\dot3msm.dll 2008-09-19 11:49:58 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll 2008-09-19 11:49:58 ----N---- C:\WINDOWS\system32\dot3dlg.dll 2008-09-19 11:49:58 ----N---- C:\WINDOWS\system32\dot3cfg.dll 2008-09-19 11:49:57 ----N---- C:\WINDOWS\system32\dot3api.dll 2008-09-19 11:49:55 ----N---- C:\WINDOWS\system32\dimsroam.dll 2008-09-19 11:49:55 ----N---- C:\WINDOWS\system32\dimsntfy.dll 2008-09-19 11:49:53 ----N---- C:\WINDOWS\system32\dhcpqec.dll 2008-09-19 11:49:47 ----N---- C:\WINDOWS\system32\credssp.dll 2008-09-19 11:49:36 ----N---- C:\WINDOWS\system32\bitsprx4.dll 2008-09-19 11:49:35 ----N---- C:\WINDOWS\system32\azroles.dll 2008-09-19 11:49:18 ----N---- C:\WINDOWS\system32\aaclient.dll 2008-09-17 15:21:59 ----D---- C:\WINDOWS\system32\SoftwareDistribution 2008-09-13 21:03:28 ----D---- C:\Documents and Settings\All Users\Application Data\Bluetooth 2008-09-13 21:01:01 ----D---- C:\Program Files\IVT Corporation ======List of files/folders modified in the last 1 months====== 2008-10-12 09:03:15 ----RD---- C:\Program Files 2008-10-12 09:03:12 ----D---- C:\Documents and Settings\All Users\Application Data\Kontiki 2008-10-12 08:57:26 ----D---- C:\Program Files\Mozilla Firefox 2008-10-12 08:54:55 ----D---- C:\WINDOWS 2008-10-12 08:54:08 ----D---- C:\WINDOWS\Temp 2008-10-12 08:54:08 ----D---- C:\WINDOWS\system32 2008-10-12 08:51:34 ----D---- C:\Documents and Settings\al\Application Data\OpenOffice.org2 2008-10-11 23:15:22 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-10-11 23:14:45 ----D---- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache 2008-10-11 23:14:41 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-11 21:33:55 ----D---- C:\Program Files\bfgclient 2008-10-11 21:12:57 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-10-11 08:40:40 ----SD---- C:\WINDOWS\Tasks 2008-10-11 08:40:36 ----SHD---- C:\WINDOWS\Installer 2008-10-10 21:43:58 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-10-10 20:34:26 ----D---- C:\WINDOWS\system32\CatRoot2 2008-10-10 20:32:33 ----D---- C:\WINDOWS\system32\drivers 2008-10-10 20:23:42 ----D---- C:\Documents and Settings\al\Application Data\LimeWire 2008-10-10 09:44:52 ----D---- C:\Program Files\Lx_cats 2008-10-09 17:21:52 ----D---- C:\WINDOWS\WinSxS 2008-10-01 21:50:20 ----D---- C:\Program Files\Google 2008-10-01 21:50:20 ----D---- C:\Documents and Settings\All Users\Application Data\Google 2008-10-01 19:26:51 ----D---- C:\Program Files\Kontiki 2008-10-01 16:37:10 ----D---- C:\WINDOWS\system 2008-10-01 15:28:47 ----D---- C:\Program Files\Common Files\Microsoft Shared 2008-10-01 15:28:02 ----D---- C:\Program Files\Common Files 2008-09-27 16:51:21 ----D---- C:\Documents and Settings\al\Application Data\Adobe 2008-09-27 16:51:19 ----D---- C:\Documents and Settings\al\Application Data\Macromedia 2008-09-27 16:51:14 ----D---- C:\WINDOWS\system32\Macromed 2008-09-27 14:41:42 ----HD---- C:\Program Files\InstallShield Installation Information 2008-09-26 18:16:58 ----HD---- C:\WINDOWS\inf 2008-09-25 17:47:34 ----D---- C:\WINDOWS\network diagnostic 2008-09-23 11:24:03 ----D---- C:\Documents and Settings\al\Application Data\MSN6 2008-09-20 19:06:57 ----D---- C:\Program Files\LimeWire 2008-09-20 17:57:09 ----HD---- C:\WINDOWS\$hf_mig$ 2008-09-19 13:36:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-09-19 13:35:12 ----D---- C:\WINDOWS\Debug 2008-09-19 13:32:39 ----D---- C:\WINDOWS\system32\Setup 2008-09-19 13:32:39 ----D---- C:\WINDOWS\AppPatch 2008-09-19 13:32:38 ----D---- C:\WINDOWS\system32\wbem 2008-09-19 13:32:36 ----RSD---- C:\WINDOWS\Fonts 2008-09-19 13:13:25 ----D---- C:\WINDOWS\system32\CatRoot 2008-09-19 13:12:16 ----A---- C:\WINDOWS\imsins.BAK 2008-09-19 13:12:14 ----D---- C:\WINDOWS\security 2008-09-19 13:04:50 ----D---- C:\Program Files\Messenger 2008-09-19 12:51:49 ----D---- C:\WINDOWS\ServicePackFiles 2008-09-19 12:51:23 ----D---- C:\WINDOWS\system32\inetsrv 2008-09-19 12:51:22 ----D---- C:\WINDOWS\ime 2008-09-19 12:51:21 ----D---- C:\WINDOWS\Help 2008-09-19 12:50:53 ----D---- C:\WINDOWS\system32\usmt 2008-09-19 12:50:53 ----D---- C:\WINDOWS\system32\en-US 2008-09-19 12:50:44 ----D---- C:\WINDOWS\peernet 2008-09-19 12:50:43 ----D---- C:\Program Files\Movie Maker 2008-09-19 12:43:46 ----D---- C:\WINDOWS\system32\Restore 2008-09-19 12:43:45 ----D---- C:\WINDOWS\system32\npp 2008-09-19 12:43:42 ----D---- C:\WINDOWS\msagent 2008-09-19 12:43:40 ----D---- C:\WINDOWS\srchasst 2008-09-19 12:43:38 ----D---- C:\Program Files\NetMeeting 2008-09-19 12:43:36 ----D---- C:\WINDOWS\system32\Com 2008-09-19 12:43:30 ----D---- C:\Program Files\Windows Media Player 2008-09-19 12:43:29 ----D---- C:\Program Files\Windows NT 2008-09-19 12:43:29 ----D---- C:\Program Files\Outlook Express 2008-09-19 12:43:22 ----D---- C:\Program Files\Common Files\System 2008-09-19 12:42:45 ----D---- C:\WINDOWS\system32\oobe 2008-09-19 12:36:06 ----D---- C:\WINDOWS\system32\ReinstallBackups 2008-09-19 12:34:59 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2008-09-19 12:24:42 ----D---- C:\WINDOWS\EHome ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944] R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2002-07-17 16877] R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912] R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 302000] R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 72624] R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-04-30 5632] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416] R2 MASPINT;MASPINT; C:\WINDOWS\system32\drivers\MASPINT.sys [2002-06-21 8224] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152] R3 BLKWGU(Belkin);Belkin Wireless G USB Network Adapter(Belkin); C:\WINDOWS\system32\DRIVERS\BLKWGU.sys [2005-11-10 402944] R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2007-05-11 34704] R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2007-03-05 27792] R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2007-03-05 18320] R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2003-12-17 1627130] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888] R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2004-08-03 32768] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2007-03-05 34448] R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2007-03-05 44304] R3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664] S3 A_USBETHMP;USB PowerPacket Network Adapter; C:\WINDOWS\System32\Drivers\usbethmp.sys [2003-07-14 14342] S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [2003-12-08 53600] S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [2003-12-08 70688] S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2007-05-09 36496] S3 BTNetFilter;Bluetooth Network Filter; \??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys [] S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320] S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304] S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664] R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640] R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-09 138680] R2 KService;KService; C:\Program Files\Kontiki\KService.exe [2008-02-27 3072184] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2003-12-17 77824] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344] R3 lxbu_device;lxbu_device; C:\WINDOWS\system32\lxbucoms.exe [2005-01-06 462848] S2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 1234480] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] -----------------EOF----------------- this was the file returned. hope this is what you meant/need.

kahdah View Member Profile	Oct 12 2008, 07:08 AM Post #4
GeekU Teacher Posts: 9,418 From: Somewhere OS: Windows xp home	Hi I do not recommend running cracks or keygens they are for illegal puposes and almost always are bundled with malware. Continuing to use software like that will surely keep you infected. ========================================== Please download the OTMoveIt3 by OldTimer. Save it to your desktop. Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): CODE :processes explorer.exe :files C:\WINDOWS\system32\brastk.exe C:\Program Files\AntispywareBot C:\Documents and Settings\al\Application Data\AntispywareBot C:\WINDOWS\system32\smp C:\WINDOWS\system32\WINWGPX.EXE C:\WINDOWS\system32\winsystem.exe C:\WINDOWS\system32\winlogonpc.exe C:\WINDOWS\system32\vcatchpi.dll C:\WINDOWS\system32\vbsys2.dll C:\WINDOWS\system32\thun32.dll C:\WINDOWS\system32\thun.dll C:\WINDOWS\system32\taack.exe C:\WINDOWS\system32\sysreq.exe C:\WINDOWS\system32\Rundl1.exe C:\WINDOWS\system32\psoft1.exe C:\WINDOWS\system32\psof1.exe C:\WINDOWS\system32\ps1.exe C:\WINDOWS\system32\newsd32.exe C:\WINDOWS\system32\netode.exe C:\WINDOWS\system32\mwin32.exe C:\WINDOWS\system32\mtr2.exe C:\WINDOWS\system32\mssecu.exe C:\WINDOWS\system32\msgp.exe C:\WINDOWS\system32\hxiwlgpm.exe C:\WINDOWS\system32\bsva-egihsg52.exe C:\WINDOWS\system32\bdn.com C:\WINDOWS\system32\awtoolb.dll C:\WINDOWS\system32\akttzn.exe C:\WINDOWS\bdn.com C:\WINDOWS\a.bat C:\WINDOWS\brastk.exe C:\Program Files\itqguef C:\Documents and Settings\All Users\Application Data\ofazqfsn C:\Documents and Settings\All Users\Application Data\ynixulil :reg [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "brastk"=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "HJTUOG7eI4"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "brastk"=- "AntispywareBot"=- :commands [emptytemp] [start explorer] Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. Click the red Moveit! button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTMoveIt3 Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter .log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles* folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. =================================== Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley. =========================Please post these logs in your next reply: Please post these logs in your next reply: Ot Move it log Malware Bytes log New Rsit log

bigyin43 View Member Profile	Oct 12 2008, 01:56 PM Post #5
Member Posts: 39 OS: xp	========== PROCESSES ========== Process explorer.exe killed successfully. ========== FILES ========== C:\WINDOWS\system32\brastk.exe moved successfully. C:\Program Files\AntispywareBot moved successfully. C:\Documents and Settings\al\Application Data\AntispywareBot\Settings moved successfully. C:\Documents and Settings\al\Application Data\AntispywareBot\Registry Backups moved successfully. C:\Documents and Settings\al\Application Data\AntispywareBot\Quarantine\11-10-2008-08-56-01\84.qit moved successfully. C:\Documents and Settings\al\Application Data\AntispywareBot\Quarantine\11-10-2008-08-56-01\57.qit moved successfully. C:\Documents and Settings\al\Application Data\AntispywareBot\Quarantine\11-10-2008-08-56-01 moved successfully. C:\Documents and Settings\al\Application Data\AntispywareBot\Quarantine moved successfully. Folder move failed. C:\Documents and Settings\al\Application Data\AntispywareBot\Log scheduled to be moved on reboot. C:\Documents and Settings\al\Application Data\AntispywareBot\Full Backups\FULL-2008-10-11-09-00-54.rbu moved successfully. C:\Documents and Settings\al\Application Data\AntispywareBot\Full Backups moved successfully. Folder move failed. C:\Documents and Settings\al\Application Data\AntispywareBot scheduled to be moved on reboot. C:\WINDOWS\system32\smp moved successfully. C:\WINDOWS\system32\WINWGPX.EXE moved successfully. C:\WINDOWS\system32\winsystem.exe moved successfully. C:\WINDOWS\system32\winlogonpc.exe moved successfully. LoadLibrary failed for C:\WINDOWS\system32\vcatchpi.dll C:\WINDOWS\system32\vcatchpi.dll NOT unregistered. C:\WINDOWS\system32\vcatchpi.dll moved successfully. LoadLibrary failed for C:\WINDOWS\system32\vbsys2.dll C:\WINDOWS\system32\vbsys2.dll NOT unregistered. C:\WINDOWS\system32\vbsys2.dll moved successfully. LoadLibrary failed for C:\WINDOWS\system32\thun32.dll C:\WINDOWS\system32\thun32.dll NOT unregistered. C:\WINDOWS\system32\thun32.dll moved successfully. LoadLibrary failed for C:\WINDOWS\system32\thun.dll C:\WINDOWS\system32\thun.dll NOT unregistered. C:\WINDOWS\system32\thun.dll moved successfully. C:\WINDOWS\system32\taack.exe moved successfully. C:\WINDOWS\system32\sysreq.exe moved successfully. C:\WINDOWS\system32\Rundl1.exe moved successfully. C:\WINDOWS\system32\psoft1.exe moved successfully. C:\WINDOWS\system32\psof1.exe moved successfully. C:\WINDOWS\system32\ps1.exe moved successfully. C:\WINDOWS\system32\newsd32.exe moved successfully. C:\WINDOWS\system32\netode.exe moved successfully. C:\WINDOWS\system32\mwin32.exe moved successfully. C:\WINDOWS\system32\mtr2.exe moved successfully. C:\WINDOWS\system32\mssecu.exe moved successfully. C:\WINDOWS\system32\msgp.exe moved successfully. C:\WINDOWS\system32\hxiwlgpm.exe moved successfully. C:\WINDOWS\system32\bsva-egihsg52.exe moved successfully. C:\WINDOWS\system32\bdn.com moved successfully. LoadLibrary failed for C:\WINDOWS\system32\awtoolb.dll C:\WINDOWS\system32\awtoolb.dll NOT unregistered. C:\WINDOWS\system32\awtoolb.dll moved successfully. C:\WINDOWS\system32\akttzn.exe moved successfully. C:\WINDOWS\bdn.com moved successfully. C:\WINDOWS\a.bat moved successfully. C:\WINDOWS\brastk.exe moved successfully. C:\Program Files\itqguef moved successfully. C:\Documents and Settings\All Users\Application Data\ofazqfsn moved successfully. C:\Documents and Settings\All Users\Application Data\ynixulil moved successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\brastk deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\HJTUOG7eI4 deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\brastk deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AntispywareBot deleted successfully. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\al\LOCALS~1\Temp\etilqs_vAhz6dvRctzHpz46a2lc scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\al\LOCALS~1\Temp\~DF250B.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\al\LOCALS~1\Temp\~DFA1DE.tmp scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\al\LOCALS~1\Temp\~DFC2A2.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6e4.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7d0.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. File delete failed. C:\Documents and Settings\al\Local Settings\Application Data\Mozilla\Firefox\Profiles\0dxjs5ve.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\al\Local Settings\Application Data\Mozilla\Firefox\Profiles\0dxjs5ve.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\al\Local Settings\Application Data\Mozilla\Firefox\Profiles\0dxjs5ve.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\al\Local Settings\Application Data\Mozilla\Firefox\Profiles\0dxjs5ve.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\al\Local Settings\Application Data\Mozilla\Firefox\Profiles\0dxjs5ve.default\urlclassifier3.sqlite scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\al\Local Settings\Application Data\Mozilla\Firefox\Profiles\0dxjs5ve.default\XUL.mfl scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10122008_204537 Files moved on Reboot... C:\Documents and Settings\al\Application Data\AntispywareBot\Log moved successfully. C:\Documents and Settings\al\Application Data\AntispywareBot moved successfully. File C:\DOCUME~1\al\LOCALS~1\Temp\etilqs_vAhz6dvRctzHpz46a2lc not found! C:\DOCUME~1\al\LOCALS~1\Temp\~DF250B.tmp moved successfully. C:\DOCUME~1\al\LOCALS~1\Temp\~DFA1DE.tmp moved successfully. C:\DOCUME~1\al\LOCALS~1\Temp\~DFC2A2.tmp moved successfully. File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot. File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot. File move failed. C:\WINDOWS\temp\Perflib_Perfdata_6e4.dat scheduled to be moved on reboot. File C:\WINDOWS\temp\Perflib_Perfdata_7d0.dat not found! C:\Documents and Settings\al\Local Settings\Application Data\Mozilla\Firefox\Profiles\0dxjs5ve.default\Cache\_CACHE_001_ moved successfully. C:\Documents and Settings\al\Local Settings\Application Data\Mozilla\Firefox\Profiles\0dxjs5ve.default\Cache\_CACHE_002_ moved successfully. C:\Documents and Settings\al\Local Settings\Application Data\Mozilla\Firefox\Profiles\0dxjs5ve.default\Cache\_CACHE_003_ moved successfully. C:\Documents and Settings\al\Local Settings\Application Data\Mozilla\Firefox\Profiles\0dxjs5ve.default\Cache\_CACHE_MAP_ moved successfully. C:\Documents and Settings\al\Local Settings\Application Data\Mozilla\Firefox\Profiles\0dxjs5ve.default\urlclassifier3.sqlite moved successfully. C:\Documents and Settings\al\Local Settings\Application Data\Mozilla\Firefox\Profiles\0dxjs5ve.default\XUL.mfl moved successfully.

bigyin43 View Member Profile	Oct 12 2008, 02:10 PM Post #6
Member Posts: 39 OS: xp	Malwarebytes' Anti-Malware 1.28 Database version: 1261 Windows 5.1.2600 Service Pack 3 10/12/2008 9:04:53 PM mbam-log-2008-10-12 (21-04-53).txt Scan type: Quick Scan Objects scanned: 43873 Time elapsed: 5 minute(s), 15 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 7 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Installer\UpgradeCodes\2dda3201767c34b46a72671d26d39178 (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\2dda3201767c34b46a72671d26d39178 (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\AntispywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\antispywarebot\ (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\documents and settings\all users\start menu\programs\antispywarebot\ (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareBot (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareBot\AntispywareBot on the Web.lnk (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareBot\AntispywareBot.lnk (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\AntispywareBot Scheduled Scan.job (Rogue.AntiSpywareBot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Desktop\AntispywareBot.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.

bigyin43

Oct 12 2008, 02:13 PM

Post #7

Member

Posts: 39
OS: xp

Logfile of random's system information tool 1.04 (written by random/random)
Run by al at 2008-10-12 21:06:13
Microsoft Windows XP Professional Service Pack 3
System drive C: has 55 GB (72%) free of 76 GB
Total RAM: 511 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:06:28 PM, on 10/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark 6200 Series\lxbumon.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\lxbucoms.exe
C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Documents and Settings\al\Desktop\RSIT.exe
C:\Program Files\trend micro\al.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [kdx] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Belkin Wireless USB Utility.lnk = C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1205006871494
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1205007287369
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin9.valueactive.com/Register/Br...018/flashax.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://bellerock.microgaming.com/freeplay/FlashAX2.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 7345 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"=C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe [2004-01-26 866816]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2003-12-17 3059712]
"nwiz"=nwiz.exe /install []
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"lxbumon.exe"=C:\Program Files\Lexmark 6200 Series\lxbumon.exe [2005-01-18 196608]
"FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2004-11-22 299008]
""= []
"EzPrint"=C:\Program Files\Lexmark 6200 Series\ezprint.exe [2004-09-17 61440]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-04-04 185896]
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]
"kdx"=C:\Program Files\Kontiki\KHost.exe [2008-02-27 1032376]
"LXBUCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"kdx"=C:\Program Files\Kontiki\KHost.exe [2008-02-27 1032376]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Belkin Wireless USB Utility.lnk - C:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

C:\Documents and Settings\al\Start Menu\Programs\Startup
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 183808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoWindowsUpdate"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\al\Local Settings\Temp\usmt\migwiz.exe"="C:\Documents and Settings\al\Local Settings\Temp\usmt\migwiz.exe:*:Disabled:Files and Settings Transfer Wizard"
"C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Sunbelt Software\Personal Firewall